CVE-2024-49138

Published Dec 12, 2024

Last updated 3 hours ago

CVSS high 7.8

Overview

Description
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Source
secure@microsoft.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Primary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

secure@microsoft.com
CWE-122

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

7

  1. 🚨 Microsoft’s December Patch Tuesday fixes 72 vulnerabilities, including a critical one actively exploited in the wild: CVE-2024-49138. Stay secure and up-to-date! 🔒 Ensure your systems are updated now. 🔗 Read more: https://t.co/Cn7w6rmNtP #PatchTuesday #Azefox

    @We_Azefox

    11 Dec 2024

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Patch now: CVE-2024-49138 (CVSS 7.8), a moderate-severity flaw in the Windows Common Log File System (CLFS) Driver, is being exploited in cyberattacks. https://t.co/06VP0orEQG

    @DarkReading

    11 Dec 2024

    54 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Microsoft’s December 2024 Security Updates are here. This month, CVE-2024-49138—a privilege escalation vulnerability in the Windows Common Log File System Driver—stands out, with exploitation already detected. https://t.co/J4NpMPaTaH @treguly #PatchTuesday #CyberSecurity

    @TripwireInc

    11 Dec 2024

    160 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Microsoft’s December 2024 Patch Tuesday Addresses 70 CVEs (CVE-2024-49138) https://t.co/HasSVOOnEW https://t.co/h9wMqXXWsJ

    @secured_cyber

    11 Dec 2024

    44 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Microsoft’s December 2024 Patch Tuesday Addresses 70 CVEs (CVE-2024-49138) https://t.co/A6wOofxmkZ https://t.co/U02KLzreRh

    @NickBla41002745

    11 Dec 2024

    46 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. 💻 Microsoft’s final Patch Tuesday of 2024 fixed 72 vulnerabilities, including one actively exploited in the wild: CVE-2024-49138. Ensure your systems are updated now. @_DeejustDee @Da_codemaniac @RedHatPentester https://t.co/GnCFr2XOJo

    @SamTechwest

    11 Dec 2024

    106 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  7. 💻 Microsoft’s final Patch Tuesday of 2024 fixed 72 vulnerabilities, including one actively exploited in the wild: CVE-2024-49138. Ensure your systems are updated now. 🔗 Read more: https://t.co/K4xpkjDftN #infosec #cybersecuritytips

    @TheHackersNews

    11 Dec 2024

    11305 Impressions

    45 Retweets

    78 Likes

    9 Bookmarks

    0 Replies

    1 Quote

  8. 🚨 CVE Alert: Microsoft Windows Heap-Based Buffer Overflow Zero-day Vulnerability Exploited In The Wild🚨 Vulnerability Details: CVE-2024-49138 (CVSS v3 7.8/10) Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability Impact A Successful…

    @CyberxtronTech

    11 Dec 2024

    101 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. Microsoft Addresses Critical Zero-Day CVE-2024-49138 & 72 Additional Flaws in December Patch Tuesday https://t.co/MlA4Rv8lsu

    @Dinosn

    11 Dec 2024

    1706 Impressions

    7 Retweets

    13 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

  10. CVE-2024-49138 - Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability https://t.co/D9LCLBSX0M

    @turne85540

    11 Dec 2024

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. Microsoft December 2024 Patch Tuesday addressed actively exploited zero-day: CVE-2024-49138 CVE-2024-49138 CVE-2024-49112 CVE-2024-49117 https://t.co/S0v1lkqBc2

    @vault33org

    11 Dec 2024

    140 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  12. 🔨マイクロソフト月例パッチ:悪用されているゼロデイ含む脆弱性71件に対処(CVE-2024-49138ほか) 〜サイバーアラート 12月11日〜 https://t.co/HryaM234NL #セキュリティ #インテリジェンス #OSINT

    @MachinaRecord

    11 Dec 2024

    78 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. Microsoft Patch Tuesday December 2024 #Microsoft #PatchTuesday #December2024 #CVE-2024-49138 https://t.co/lZWLPsr7mD

    @pravin_karthik

    11 Dec 2024

    72 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  14. Microsoft's Patch Tuesday fixes 16 critical RCE vulnerabilities, including a new CLFS zero-day (CVE-2024-49138) granting SYSTEM privileges. LDAP, LSASS, Hyper-V, and Remote Desktop Services also affected. Update your Windows systems immediately! https://t.co/X2IINM60CP

    @Jfreeg_

    11 Dec 2024

    122 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws: https://t.co/NedSuZnTiY Microsoft's December 2024 Patch Tuesday addresses 71 vulnerabilities, including one actively exploited zero-day: CVE-2024-49138, a Windows Common Log File System Driver Elevation…

    @securityRSS

    10 Dec 2024

    55 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. マイクロソフトの12月定例更新。悪用済みゼロデイ1件を含む71件の脆弱性を修正。緊急(Critical)は16件。ゼロデイはCLFSの権限昇格CVE-2024-49138で、CrowdStrike社報告。 https://t.co/xcuKsnj7Py

    @__kokumoto

    10 Dec 2024

    446 Impressions

    2 Retweets

    4 Likes

    1 Bookmark

    1 Reply

    0 Quotes

  17. Microsoft Ships Urgent Patch for Exploited Windows CLFS Zero-Day - (CVE-2024-49138) https://t.co/22U5eFkqm0

    @SecurityWeek

    10 Dec 2024

    3524 Impressions

    12 Retweets

    24 Likes

    4 Bookmarks

    1 Reply

    1 Quote

  18. Microsoft December 2024 Patch Tuesday Microsoft released its December 2024 Patch Tuesday updates, addressing 71 vulnerabilities across its products. A critical zero-day vulnerability, CVE-2024-49138, was highlighted, which allows attackers to gain SYSTEM privileges on Windows…

    @skocherhan

    10 Dec 2024

    195 Impressions

    2 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. #Microsoft fixes #exploited zero-day (#CVE-2024-49138) https://t.co/Ak0jj31tDW

    @ScyScan

    10 Dec 2024

    63 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2024-49138 #Microsoft #Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability https://t.co/x4ZC6MwSbw

    @ScyScan

    10 Dec 2024

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. CISA Adds One Known Exploited Vulnerability to Catalog: CVE-2024-49138 - Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow https://t.co/HIOIKK4EVX https://t.co/dm2f3uEZqX

    @TMJIntel

    10 Dec 2024

    98 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References