**Name of the Vulnerable Software and Affected Versions:**

Microsoft Windows versions prior to the April 2025 security updates.

**Description:**

A use-after-free vulnerability exists in the Windows Common Log File System (CLFS) driver. This vulnerability allows an authorized attacker to elevate privileges locally. Multiple threat actors, including Storm-2460 and Play ransomware group, have actively exploited this vulnerability in the wild. Attackers have used the PipeMagic trojan and Grixba infostealer in conjunction with this vulnerability to gain SYSTEM-level access and deploy malicious payloads. Exploitation has been observed in attacks targeting organizations in the US, Venezuela, Spain, and Saudi Arabia. The vulnerability (CVE-2025-29824) was patched in the April 2025 Patch Tuesday release, but Windows 10 may not have received the update immediately.

**Recommendations:**

Apply the April 2025 security updates to all affected Windows systems as soon as possible. Review system logs for suspicious activity. Harden public-facing infrastructure and deploy Endpoint Detection and Response (EDR) solutions. Monitor for rogue users and suspicious files.