Windows Vulnerability CVE-2024-49138 Exploited Before Patch Release
/ 1 min read
🛠️ New Windows vulnerability CVE-2024-49138 exploited in the wild. CrowdStrike has identified CVE-2024-49138 as a critical Windows vulnerability that was actively exploited before Microsoft released a patch on December 10, 2024. The vulnerability affects the Common Log File System (CLFS) and involves two functions in the clfs.sys driver, specifically CClfsBaseFilePersisted::LoadContainerQ() and CClfsBaseFilePersisted::WriteMetadataBlock(). A proof-of-concept exploit demonstrates how attackers can leverage this vulnerability to gain arbitrary read/write access in kernel mode, potentially escalating privileges. The article provides a detailed analysis of the vulnerability, its exploitation process, and the patch’s effectiveness in mitigating the risk. Future discussions will address a second vulnerability related to WriteMetadataBlock().
