On April 8, 2025, Microsoft patched 121 vulnerabilities across its products, including CVE-2025-29824—the only one known to be exploited in the wild. This particular flaw enabled adversaries to escalate Windows privileges by leveraging a bug in the clfs.sys driver.
Microsoft Threat Intelligence discovered the issue during the Storm-2460 attacks targeting organizations in Saudi Arabia, Spain, Venezuela, and the United States. By exploiting CVE‑2025‑29824, the threat actor was able to escalate its privileges to NT AUTHORITY\SYSTEM to perform lateral movement and encrypt victims’ files.
Read more…
Source: BI.ZONE
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Threat Assessment: Active Exploitation of Four Zero-Day Vulnerabilities in Microsoft Exchange Server
March 4, 2021
On Mar. 2, 2021, Volexity reported in-the-wild-exploitation of four Microsoft Exchange Server vulnerabilities: CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065. As a result of these vulnerabilities being exploited, adversaries can access Microsoft Exchange Servers and allow installation of additional tools to facilitate long-term access into victims’ environments. There has also been a report of multiple threat actors leveraging ...
- Supermicro, Pulse Secure release fixes for ‘TrickBoot’ attacks
March 4, 2021
Supermicro and Pulse Secure have released advisories warning that some of their motherboards are vulnerable to the TrickBot malware’s UEFI firmware-infecting module, known as TrickBoot. Last year, cybersecurity firms Advanced Intelligence and Eclypsium released a joint report about a new malicious firmware-targeting ‘TrickBoot’ module delivered by the notorious TrickBot malware. When executed, the module will analyze a ...
- Google patches actively exploited Chrome browser zero-day vulnerability
March 3, 2021
Google has warned of reports that a zero-day vulnerability in the Chrome browser is being actively exploited in the wild. The vulnerability, tracked as CVE-2021-21166, was reported by Alison Huffman from the Microsoft Browser Vulnerability Research team on February 11 and is described as an “object lifecycle issue in audio.” Google has labeled the vulnerability as a ...
- Kerberos KDC Security Feature Bypass Vulnerability (CVE-2020-17049 AKA Bronze Bit)
March 3, 2021
A recent vulnerability in the Kerberos authentication protocol, CVE-2020-17049 (dubbed Bronze Bit), has been disclosed by Microsoft. The vulnerability is in the way that the Key Distribution Center (KDC) handles service tickets and validates whether delegation is allowed. In the attack, as detailed in the Palo Alto Networks Security Operations blog, “Protecting Against the Bronze Bit ...
- Fuzzing Image Parsing in Windows, Part Two: Uninitialized Memory
March 3, 2021
Continuing our discussion of image parsing vulnerabilities in Windows, we take a look at a comparatively less popular vulnerability class: uninitialized memory. In this post, we will look at Windows’ inbuilt image parsers—specifically for vulnerabilities involving the use of uninitialized memory. The Vulnerability: Uninitialized Memory In unmanaged languages, such as C or C++, variables are not initialized ...
- CISA Alert (AA21-062A): Mitigate Microsoft Exchange Server Vulnerabilities
March 3, 2021
Cybersecurity and Infrastructure Security (CISA) partners have observed active exploitation of vulnerabilities in Microsoft Exchange Server products. Successful exploitation of these vulnerabilities allows an unauthenticated attacker to execute arbitrary code on vulnerable Exchange Servers, enabling the attacker to gain persistent system access, as well as access to files and mailboxes on the server and to ...