On April 8, 2025, Microsoft patched 121 vulnerabilities across its products, including CVE-2025-29824—the only one known to be exploited in the wild. This particular flaw enabled adversaries to escalate Windows privileges by leveraging a bug in the clfs.sys driver.
Microsoft Threat Intelligence discovered the issue during the Storm-2460 attacks targeting organizations in Saudi Arabia, Spain, Venezuela, and the United States. By exploiting CVE‑2025‑29824, the threat actor was able to escalate its privileges to NT AUTHORITY\SYSTEM to perform lateral movement and encrypt victims’ files.
Read more…
Source: BI.ZONE
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Microsoft fixes under-attack Windows zero-day Follina
June 15, 2022
Microsoft claims to have finally fixed the Follina zero-day flaw in Windows as part of its June Patch Tuesday batch, which included security updates to address 55 vulnerabilities. Follina, eventually acknowledged by Redmond in a security advisory last month, is the most significant of the bunch as it has already been exploited in the wild. Criminals and ...
- CISA Adds One Known Exploited Vulnerability to Catalog
June 14, 2022
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow in the “Date ...
- A new vulnerability in Intel and AMD CPUs lets hackers steal encryption keys
June 14, 2022
Microprocessors from Intel, AMD, and other companies contain a newly discovered weakness that remote attackers can exploit to obtain cryptographic keys and other secret data traveling through the hardware, researchers said on Tuesday. Hardware manufacturers have long known that hackers can extract secret cryptographic data from a chip by measuring the power it consumes while processing ...
- An Autopsy on a Zombie In-the-Wild 0-day
June 14, 2022
Whenever there’s a new in-the-wild 0-day disclosed, I’m very interested in understanding the root cause of the bug. This allows us to then understand if it was fully fixed, look for variants, and brainstorm new mitigations. This blog is the story of a “zombie” Safari 0-day and how it came back from the dead to ...
- Hackers Can Steal Your Tesla by Creating Their Own Personal Keys
June 9, 2022
Last year, Tesla issued an update that made its vehicles easier to start after being unlocked with their NFC key cards. Now, a researcher has shown how the feature can be exploited to steal cars. For years, drivers who used their Tesla NFC key card to unlock their cars had to place the card on the ...
- CISA Adds Three Known Exploited Vulnerabilities to Catalog
June 9, 2022
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow in the ...