logo

CVE-2024-49138 - Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability

CVE-2024-49138

Microsoft | Windows

  • Date Added:
  • 2024-12-10
  • Due Date:
  • 2024-12-31
Vulnerability Name

Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability

Description

Microsoft Windows Common Log File System (CLFS) driver contains a heap-based buffer overflow vulnerability that allows a local attacker to escalate privileges.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49138 ; https://nvd.nist.gov/vuln/detail/CVE-2024-49138
Related News Articles

Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS VulnerabilityDecember 11, 2024

Microsoft fixes exploited zero-day (CVE-2024-49138)December 11, 2024

Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flawsDecember 11, 2024

Free security scan for your website