Aggregator
CVE-2025-27469 | Microsoft Windows up to Server 2025 Lightweight Directory Access Protocol resource consumption
CVE-2025-27467 | Microsoft Windows up to Server 2025 Digital Media use after free
CVE-2025-26688 | Microsoft Windows up to Server 2025 Virtual Hard Disk stack-based overflow
Exploitation of CLFS zero-day leads to ransomware activity
Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC) have discovered post-compromise exploitation of a newly discovered zero-day vulnerability in the Windows Common Log File System (CLFS) against a small number of targets. Microsoft released security updates to address the vulnerability, tracked as CVE 2025-29824, on April 8, 2025.
The post Exploitation of CLFS zero-day leads to ransomware activity appeared first on Microsoft Security Blog.
CVE-2025-26686 | Microsoft Windows up to Server 2025 TCP IP sensitive data storage in improperly locked memory
Exploitation of CLFS zero-day leads to ransomware activity
Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC) have discovered post-compromise exploitation of a newly discovered zero-day vulnerability in the Windows Common Log File System (CLFS) against a small number of targets. Microsoft released security updates to address the vulnerability, tracked as CVE 2025-29824, on April 8, 2025.
The post Exploitation of CLFS zero-day leads to ransomware activity appeared first on Microsoft Security Blog.