Adam Podlosky

**Name of the Vulnerable Software and Affected Versions** Windows Common Log File System Driver (affected versions not specified) **Description** This issue is an elevation-of-privilege vulnerability affecting the Windows Common Log File System Driver. Successful exploitation could allow attackers to affect the system and potentially gain elevated privileges. The Vanilla Tempest cybercrime gang has been observed using this vulnerability in conjunction with INC ransomware. The vulnerability is related to errors in privilege management within the driver. It was reported by CrowdStrike and the NSA. Multiple sources indicate the vulnerability is being actively exploited by ransomware operators. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.