CVE-2024-49138 - Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability
Project:Microsoft
Product:Windows
Date Added:2024-12-10Due Date:2024-12-31
Vulnerability Name
Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability
Description
Microsoft Windows Common Log File System (CLFS) driver contains a heap-based buffer overflow vulnerability that allows a local attacker to escalate privileges.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49138
https://nvd.nist.gov/vuln/detail/CVE-2024-49138
Related News Articles
Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS VulnerabilityDecember 11, 2024
Microsoft fixes exploited zero-day (CVE-2024-49138)December 11, 2024
Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flawsDecember 11, 2024
