Microsoft Patches CVE-2024-49138 Windows Zero Day

As part of its December security updates, Microsoft has patched a vulnerability in Windows that has been actively exploited. The bug is in one of the drivers in Windows and Microsoft rated it as important. 

CVE: CVE-2024-49138

Why It Matters: It’s Windows. For whatever reason, a lot of people still use Windows, so any actively exploited vulnerability in the OS is always something to pay attention to. This one in particular deserves some particular attention because it was discovered by CrowdStrike, a company that has one of the more advanced research and incident response organizations in the industry. So when that team discovers and reports a vulnerability that’s under attack, it’s typically something to take notice of. 

Key Details

• The vulnerability is in the Common Log File System (CLFS) driver and it affects many versions of Windows Server, Windows 10, and Windows 11

• The bug is a privilege escalation weakness 

• Neither Microsoft nor CrowdStrike has released any details on the exploitation of this vulnerability

• An attacker who exploits this vulnerability could gain system privileges

CISA has added CVE-2024-49138 to its Known Exploited Vulnerabilities catalog.

“These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,” CISA said in its advisory. 

What to Do Now: Apply the Microsoft patch as soon as possible. Given that there is confirmed exploitation of the flaw, this bug should be a priority for defenders.