A zero-day vulnerability in the Windows Common Log File System (CLFS) driver, designated as CVE-2024-49138.
This critical flaw, identified by CrowdStrike’s Advanced Research Team, allows attackers to escalate privileges to SYSTEM level without requiring user interaction, posing significant risks to Windows systems, particularly those running the latest Windows 11 (23H2) version.
The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-49138 to its Known Exploited Vulnerabilities Catalog, emphasizing the critical nature of this flaw.
As threat actors actively exploit this vulnerability, organizations must prioritize patching and maintaining robust security postures to safeguard against potential exploits.
Source link