U.S. CISA provides Microsoft Home windows CLFS driver flaw to its Recognized Exploited Vulnerabilities catalog
December 11, 2024 
U.S. Cybersecurity and Infrastructure Safety Company (CISA) provides Microsoft Home windows Frequent Log File System (CLFS) driver flaw to its Recognized Exploited Vulnerabilities catalog.
The U.S. Cybersecurity and Infrastructure Safety Company (CISA) added the Microsoft Home windows Frequent Log File System (CLFS) driver flaw CVE-2024-49138 (CVSS rating: 7.8) to its Known Exploited Vulnerabilities (KEV) catalog.
Microsoft December 2024 Patch Tuesday safety updates addressed 71 vulnerabilities together with an actively exploited zero-day, tracked as CVE-2024-49138. Microsoft didn’t disclose details about the assault exploiting this vulnerability.
An attacker can exploit this vulnerability to realize SYSTEM privileges.
“Microsoft Home windows Frequent Log File System (CLFS) driver comprises a heap-based buffer overflow vulnerability that enables an area attacker to escalate privileges.” reads the advisory.
In keeping with Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB companies have to handle the recognized vulnerabilities by the due date to guard their networks towards assaults exploiting the failings within the catalog.
Specialists additionally suggest personal organizations evaluate the Catalog and handle the vulnerabilities of their infrastructure.
CISA orders federal companies to repair this vulnerability by December 31, 2024.
Observe me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, CISA Known Exploited Vulnerabilities catalog)
