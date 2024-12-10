Microsoft has issued fixes for 71 new Common Vulnerabilities and Exposures (CVEs) to mark the final Patch Tuesday of 2025, with a solitary zero-day that enables privilege elevation through the Windows Common Log File System Driver stealing the limelight.

Assigned designation CVE-2024-49138 and credited to CrowdStrike’s Advanced Research Team, the flaw stems from a heap-based buffer overflow in which improper bounds checking lets an attacker overwrite memory in the heap.

It is considered relatively trivial to exploit by an attacker who to execute arbitrary code and gain system-level privileges that could be used to execute deeper and more impactful attacks, such as ransomware. Microsoft said it had observed CVE-2024-49138 being exploited in the wild.

“The CLFS driver is a core Windows component used by applications to write transaction logs,” explained Mike Walters, president and co-founder of patch management specialist Action1.

“This vulnerability enables unauthorised privilege elevation by manipulating the driver's memory management, culminating in system-level access – the highest privilege in Windows. Attackers gaining system privileges can perform actions such as disabling security protections, exfiltrating sensitive data, or installing persistent backdoors,” he said.

Walters explained that any Windows system dating back to 2008 that uses the standard CLFS component is vulnerable to this flaw, making it a potential headache across enterprise environments if not addressed quickly.

“The vulnerability is confirmed to be exploited in the wild and some information about the vulnerability has been publicly disclosed, but that disclosure may not include code samples,” said Ivanti vice president of security products, Chris Goettl.

“The CVE is rated Important by Microsoft and has a CVSSv3.1 score of 7.8. Risk-based prioritisation would rate this vulnerability as Critical which makes the Windows OS update this month your top priority.”