On April 8, 2025, Microsoft patched 121 vulnerabilities across its products, including CVE-2025-29824—the only one known to be exploited in the wild. This particular flaw enabled adversaries to escalate Windows privileges by leveraging a bug in the clfs.sys driver.
Microsoft Threat Intelligence discovered the issue during the Storm-2460 attacks targeting organizations in Saudi Arabia, Spain, Venezuela, and the United States. By exploiting CVE‑2025‑29824, the threat actor was able to escalate its privileges to NT AUTHORITY\SYSTEM to perform lateral movement and encrypt victims’ files.
Read more…
Source: BI.ZONE
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Operation Earth Kitsune, Tracking SLUB’s Current Operations
October 19, 2020
Trend Micro have already published findings on the SLUB malware’s past campaigns. In our latest research paper, we uncovered a recent watering hole campaign that involves a new variant of the malware. The threat, which we dubbed as such due to its abuse of Slack and GitHub in previous versions, has not abused either of ...
- Three npm packages found opening shells on Linux, Windows systems
October 19, 2020
Three JavaScript packages have been removed from the npm portal on Thursday for containing malicious code. According to advisories from the npm security team, the three JavaScript libraries opened shells on the computers of developers who imported the packages into their projects. The shells, a technical term used by cyber-security researchers, allowed threat actors to connect remotely ...
- Ryuk Ransomware Gang Uses Zerologon Bug for Lightning-Fast Attack
October 19, 2020
The Ryuk threat actors have struck again, moving from sending a phishing email to complete encryption across the victim’s network in just five hours. That breakneck speed is partially the result of the gang using the Zerologon privilege-escalation bug (CVE-2020-1472), less than two hours after the initial phish, researchers said. The Zerologon vulnerability allows an unauthenticated attacker ...
- Bug bounty reporter cashes out on someone else’s exploit
October 19, 2020
Bug bounty programs have gained increased momentum and interest from the security research community for their role in promoting security awareness and responsible vulnerability disclosure. But they are not without their fair share of problems. Bug bounty platforms fill a genuine need. They help companies solicit vulnerability reports in their products from pen-testers and researchers in ...
- 800,000 SonicWall VPNs vulnerable to new remote code execution bug
October 16, 2020
Almost 800,000 internet-accessible SonicWall VPN appliances will need to be updated and patched for a major new vulnerability that was disclosed on Wednesday. Discovered by the Tripwire VERT security team, CVE-2020-5135 impacts SonicOS, the operating system running on SonicWall Network Security Appliance (NSA) devices. SonicWall NSAs are used as firewalls and SSL VPN portals to filter, control, ...
- Microsoft Addresses Windows TCP/IP RCE/DoS Vulnerability
October 14, 2020
Microsoft has released a security update to address a protocol vulnerability—CVE-2020-16898—in Windows Transmission Control Protocol (TCP)/IP stack handling of Internet Control Message Protocol version 6 (ICMPv6) Router Advertisement packets. A remote attacker could exploit this vulnerability to take control of an affected system or cause a denial-of-service condition. The Cybersecurity and Infrastructure Security Agency (CISA) encourages ...