The US CISA adds Microsoft vulnerability to its Known Exploited Vulnerabilities Catalog based on the evidence of active exploitation.
The vulnerability tracked as CVE-2024-49138 with a CVSS score of 7.8 and CWE-122. Microsoft Windows Common Log File System (CLFS) driver contains a heap-based buffer overflow vulnerability that allows a local attacker to escalate privileges.
The CISA has set December 31, 2024, as a deadline for federal agencies to remediate
