Microsoft has discovered a zero-day vulnerability in the Windows Common Log File System (CLFS), tracked as CVE-2025-29824, that poses a significant risk of ransomware attacks across several industries including IT, finance, and real estate. The vulnerability allows attackers with standard user access to escalate privileges and deploy ransomware such as PipeMagic. Linked to a group called Storm-2460, these attacks have previously targeted organizations like the Texas Department of Transportation and Brazilian government. The Cybersecurity and Infrastructure Security Agency has rated the vulnerability as critical.
"This vulnerability allows an attacker with standard user access to escalate their privileges, leading to widespread deployment of ransomware across various industries."
"Microsoft has identified the threat actor exploiting this vulnerability as Storm-2460, linked to the RansomEXX group, which has targeted high-profile organizations."
Collection
[
|
...
]