PT-2024-9321 · Microsoft · Windows Common Log File System Driver+1
Published
2024-12-10
·
Updated
2026-01-19
·
CVE-2024-49138
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Windows Common Log File System Driver (affected versions not specified)
Description
The vulnerability is an elevation-of-privilege issue in the Windows Common Log File System Driver. It allows attackers to gain SYSTEM privileges on Windows devices. The vulnerability has been actively exploited in the wild. Microsoft has released a patch to fix the issue. The vulnerability is a heap-based buffer overflow in the Windows Common Log File System driver.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability. However, it is recommended to apply the patch released by Microsoft as part of their December 2024 Patch Tuesday update. Ensure your systems are updated now to protect against potential exploitation.
Exploit
LPE
Heap Based Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Windows
Windows Common Log File System Driver