441/67 Thursday, December 12, 2024
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a vulnerability in the Microsoft Windows Common Log File System (CLFS), identified as CVE-2024-49138, to its Known Exploited Vulnerabilities (KEV) catalog. This vulnerability, with a CVSS score of 7.8, was addressed in Microsoft’s December 2024 Patch Tuesday security update, which included fixes for a total of 71 vulnerabilities, including CVE-2024-49138.
Although Microsoft has not disclosed details of attacks exploiting this vulnerability, experts have warned that attackers could use it to escalate privileges to SYSTEM level.
To mitigate risks from this and other vulnerabilities, U.S. federal agencies under the Federal Civilian Executive Branch (FCEB) are required to address the issue within the specified timeframe. CISA has mandated that federal agencies remediate this vulnerability by December 31, 2024, to prevent potential exploitation.