CVE-2024-49138

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Dec 12, 2024
Updated: Dec 13, 2024
CWE ID 122

Summary

CVE-2024-49138 is a newly disclosed vulnerability affecting Windows Common Log File System (CLFS) drivers. This issue grants attackers local privilege escalation capabilities, allowing them to elevate their system privileges and potentially gain unauthorized access to sensitive data or run malicious code with administrative privileges. The vulnerability can be exploited by malicious actors who have gained initial access to a vulnerable system, such as through phishing emails or software vulnerabilities. Microsoft has recommended users apply available patches to mitigate the risk of exploitation. Unpatched systems with this flaw are at increased risk of data breaches or system compromise.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Microsoft Windows 11
  • Microsoft Windows
  • Microsoft Windows Server 2008
  • Microsoft Windows Server

Affected Vendors

  • Microsoft