skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition

Windows Vulnerability CVE-2024-49138 Exploited Before Patch Release

/ 1 min read

🛠️ New Windows vulnerability CVE-2024-49138 exploited in the wild. CrowdStrike has identified CVE-2024-49138 as a critical Windows vulnerability that was actively exploited before Microsoft released a patch on December 10, 2024. The vulnerability affects the Common Log File System (CLFS) and involves two functions in the clfs.sys driver, specifically CClfsBaseFilePersisted::LoadContainerQ() and CClfsBaseFilePersisted::WriteMetadataBlock(). A proof-of-concept exploit demonstrates how attackers can leverage this vulnerability to gain arbitrary read/write access in kernel mode, potentially escalating privileges. The article provides a detailed analysis of the vulnerability, its exploitation process, and the patch’s effectiveness in mitigating the risk. Future discussions will address a second vulnerability related to WriteMetadataBlock().

Source
{entry.data.source.title}
Original