CVE-2024-49138

Published Dec 12, 2024

Last updated 2 months ago

Overview

AI description

Verified by Intruder
Generated using AI and reviewed by an Intruder security expert.

CVE-2024-49138 is an elevation of privilege vulnerability found in the Windows Common Log File System (CLFS) driver. Attackers can exploit this vulnerability by creating malicious CLFS log files. Successful exploitation allows them to execute commands with elevated system privileges, potentially granting control over the affected system. This vulnerability affects various Windows systems, including both workstation and server environments running supported Windows versions. Exploitation can occur locally, meaning an attacker needs some level of access to the system, either physically or remotely, or they might deceive a user into triggering the exploit. The vulnerability stems from a heap-based buffer overflow within the CLFS driver, leading to improper permission handling and ultimately allowing unauthorized privilege escalation.

Description
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Source
secure@microsoft.com
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Primary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Known exploits

Data from CISA

Vulnerability name
Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability
Exploit added on
Dec 10, 2024
Exploit action due
Dec 31, 2024
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Weaknesses

secure@microsoft.com
CWE-122
nvd@nist.gov
NVD-CWE-noinfo

Social media

Hype score
Not currently trending
  1. CVE-2024-49138 Windows CLFS heap-based buffer overflow analysis – Part 1 by @hnsec https://t.co/mdBIfGHDsz https://t.co/OAgfjGlLlC https://t.co/EGCA72tjYV

    @alexjplaskett

    4 Feb 2025

    3076 Impressions

    15 Retweets

    61 Likes

    28 Bookmarks

    1 Reply

    0 Quotes

  2. CVE-2024-49138: Windows LPE in CLFS.sys PATCHED: Dec 10, 2024 https://t.co/gNgAol7Tsg Tested on Windows 11 23h2 #git #exploit #lpe #pentest #redteam https://t.co/vIFVEkTEvz

    @HackingTeam777

    30 Jan 2025

    390 Impressions

    2 Retweets

    8 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. #CVE-2024-49138: 🇷🇺 #Exploit: Privilege Elevation e9db0f7d691a65389c1164cd61aef1d7 0eacfecd84a50fde9c567ecec0dd6982 5f46db361727b678746dac71a5ffb1b0 9b7b9c9193964fcc52a1a83d8476d2a7 e0e17eea7e37082edd64f44f00ed998c https://t.co/3jcSc3b1TA #infosec #security #threatintel #TO

    @RakeshKrish12

    30 Jan 2025

    1144 Impressions

    7 Retweets

    32 Likes

    6 Bookmarks

    0 Replies

    0 Quotes

  4. 2025-01-29 の人気記事はコチラでした。(自動ツイート) #Hacker_Trends ――― cve-2024-49138 Archives - hn security https://t.co/qs7ngSRha4 https://t.co/SvgEsu8i8y

    @motikan2010

    30 Jan 2025

    112 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Windows CLFS heap-based buffer overflow analysis (CVE-2024-49138) – Part 1 : https://t.co/ilXqU01GRt credits @MrAle_98 https://t.co/6mgqU0tioS

    @binitamshah

    29 Jan 2025

    4508 Impressions

    19 Retweets

    89 Likes

    30 Bookmarks

    0 Replies

    0 Quotes

  6. Hey there, Blog posts on CVE-2024-49138 are finally out. https://t.co/7SD0Dj8PRP

    @MrAle_98

    29 Jan 2025

    7077 Impressions

    38 Retweets

    85 Likes

    34 Bookmarks

    1 Reply

    0 Quotes

  7. CVE-2024-49138 Windows CLFS heap-based buffer overflow analysis https://t.co/c59jxdktGd https://t.co/N8vCNOsBrw

    @secharvesterx

    29 Jan 2025

    69 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. After releasing his PoC for CVE-2024-49138, @MrAle_98 is back with 2 new articles that provide background on Windows CLFS, analyze 2 distinct vulnerabilities patched by Microsoft’s KB5048685, and describe how to exploit them.   https://t.co/69FQvsv5n0   https://t.co/LTkOGvCXVT

    @hnsec

    29 Jan 2025

    2629 Impressions

    21 Retweets

    47 Likes

    11 Bookmarks

    0 Replies

    0 Quotes

  9. Windows Common Log File System Zero-day Vulnerability (CVE-2024-49138) Exploited https://t.co/l9SqQa5N36

    @GrandCunck

    27 Jan 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. For who is waiting for a blog post on CVE-2024-49138 here some info: The vulnerabilities are in LoadContainerQ() and WriteMetadataBlock(). Can be exploited tampering pContainer. Here a screenshot with a tampered pContainer in RCX. https://t.co/nsUVHMVY4q

    @MrAle_98

    27 Jan 2025

    8254 Impressions

    17 Retweets

    94 Likes

    38 Bookmarks

    1 Reply

    0 Quotes

  11. El Gobierno de México alertó: Alerta de Seguridad: Vulnerabilidad CVE-2024-49138 en Windows. Se ha identificado la vulnerabilidad CVE-2024-49138, clasificada como un _zero day_, que permite a atacantes obtener acceso no autorizado a dispositivos con Windows. Esto puede resultar

    @Ulul4r

    26 Jan 2025

    7064 Impressions

    8 Retweets

    13 Likes

    2 Bookmarks

    1 Reply

    2 Quotes

  12. Top 5 Trending CVEs: 1 - CVE-2024-49138 2 - CVE-2024-43468 3 - CVE-2024-50050 4 - CVE-2025-20156 5 - CVE-2020-11023 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    26 Jan 2025

    167 Impressions

    1 Retweet

    3 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  13. ⚠️ FREE SOC Alert: CVE-2024-49138 Exploitation Detected Attackers exploit CVE-2024-49138 by gaining low-privilege access, triggering a buffer overflow to escalate privileges. 🛡️ CVE: CVE-2024-49138 🙍 Role: Security Analyst 🌀 Type: Privilege Escalation 🔢 Event ID: 313 https

    @LetsDefendIO

    25 Jan 2025

    4567 Impressions

    25 Retweets

    114 Likes

    38 Bookmarks

    0 Replies

    0 Quotes

  14. CVE-2024-49138 is a zero-day vulnerability in the Windows CLFS driver. This flaw allows SYSTEM-level privilege escalation. Microsoft has released a patch in December 2024 updates. https://t.co/4JrKmsVhky

    @Teemu_Tiainen

    21 Jan 2025

    86 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  15. Top 5 Trending CVEs: 1 - CVE-2024-50603 2 - CVE-2023-34960 3 - CVE-2024-49138 4 - CVE-2024-12084 5 - CVE-2025-21210 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    21 Jan 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. Windowsのゼロデイ脆弱性(CVE-2024-49138)のPoCエクスプロイトが公開されました。ゼロデイ攻撃に悪用される可能性があるので、未対応者は今すぐ対応する事をお勧めします。 https://t.co/pBXdNNDIAZ

    @01Programing

    21 Jan 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. PoC para vulnerabilidad Zero-Day en Windows (CVE-2024-49138). Esta falla, tiene una puntuación CVSS de 7,8 y permite a los atacantes obtener privilegios de SYSTEM en los dispositivos afectados. #ciberseguridad #cybersecurity https://t.co/K8Wb9V6nRf

    @EHCGroup

    20 Jan 2025

    29 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. PoC para vulnerabilidad Zero-Day en Windows (CVE-2024-49138) https://t.co/1PVeegDAkT

    @SeguInfo

    20 Jan 2025

    798 Impressions

    2 Retweets

    5 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  19. New PoC exploit for zero-day CVE-2024-49138 in Windows CLFS Driver reveals a critical elevation of privilege flaw (CVSS 7.8). Microsoft confirms active exploitation. Update systems! ⚠️ #Windows #ZeroDay #USA link: https://t.co/h0UXAQVhVz https://t.co/506AwKfb1h

    @TweetThreatNews

    20 Jan 2025

    99 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  20. Windows Common Log File System Zero-day Vulnerability (CVE-2024-49138) Exploited https://t.co/yn5pPw9YvF

    @SecurityAid

    20 Jan 2025

    42 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. Zero-Day Vulnerability in Windows Exploited, Windows Common Log File System (CLFS) Driver: CVE-2024-49138 PoC Code Released https://t.co/tDMf4WvOSE

    @Dinosn

    20 Jan 2025

    12184 Impressions

    105 Retweets

    267 Likes

    104 Bookmarks

    1 Reply

    1 Quote

  22. Zero-Day Vulnerability in Windows Exploited: CVE-2024-49138 PoC Code Released Adding to the urgency, security researcher MrAle_98 released a proof-of-concept (PoC) exploit for CVE-2024-49138 on GitHub https://t.co/ISQVUEFMyg

    @the_yellow_fall

    20 Jan 2025

    1882 Impressions

    10 Retweets

    49 Likes

    14 Bookmarks

    0 Replies

    1 Quote

  23. CVE-2024-49138 poc windows CLFS.sys提权漏洞 https://t.co/XAvMnvaQJO https://t.co/S2bIYztVvh

    @gov_hack

    17 Jan 2025

    309 Impressions

    0 Retweets

    0 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  24. #exploit 1. CVE-2024-49138: LPE in CLFS.sys (Win11 23H2) - https://t.co/n13JTSDT4v 2. CVE-2024-44243: macOS SIP bypass through kernel extensions - https://t.co/H68UgoO62L 3. CVE-2025-21385: SSRF in MS Purview - https://t.co/WcS5T5Hr3w

    @ksg93rd

    17 Jan 2025

    180 Impressions

    0 Retweets

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

  25. The Elevation of Privilege - #Windows Common Log File System Driver (CVE-2024-49138) has become more critical. A public exploit for it appeared on January 15th. It was developed by Alessandro Iandoli from @hnsec. #CLFS #HNSecurity ➡️ https://t.co/LT5nz03eJX https://t.co/Y7h9zCok

    @leonov_av

    16 Jan 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  26. 2025-01-15 の人気記事はコチラでした。(自動ツイート) #Hacker_Trends ――― GitHub - MrAle98/CVE-2024-49138-POC: POC exploit for CVE-2024-49138 https://t.co/RVMNQhS2Xr https://t.co/8FjwweN1la

    @motikan2010

    16 Jan 2025

    155 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  27. What has become known about the Elevation of Privilege - #Windows Common Log File System Driver (CVE-2024-49138) vulnerability from the December Microsoft Patch Tuesday a month later? Almost nothing. 🙄 #CLFS #CrowdStrike ➡️ https://t.co/06vTziELK5 https://t.co/W8wCKrVVoD

    @leonov_av

    15 Jan 2025

    48 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  28. While waiting for a blog post about CVE-2024-49138 you can start reading this (It share similarities with poc for CVE-2024-49138)🙂: https://t.co/mhgjApr0eo

    @MrAle_98

    15 Jan 2025

    4506 Impressions

    17 Retweets

    67 Likes

    33 Bookmarks

    0 Replies

    0 Quotes

  29. I've been analyzing newly disclosed vulnerabilities in popular systems, including Mitel MiCollab (CVE-2024-41713, CVE-2024-35286), Zyxel Firewalls (CVE-2024-11667), and Microsoft Windows (CVE-2024-35250, CVE-2024-49138). Ivanti is also affected (CVE-2025-0282, CVE-2025-0283).

    @agentwhitehat

    15 Jan 2025

    232 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  30. Finally finished to develop an exploit for CVE-2024-49138: vulnerability in CLFS.sys. exploit code: https://t.co/ibsmECkYvp I'll provide a detailed analysis in a blog post. https://t.co/4mXU41OBaJ

    @MrAle_98

    15 Jan 2025

    27184 Impressions

    77 Retweets

    328 Likes

    163 Bookmarks

    2 Replies

    2 Quotes

  31. Threat Alert: Fake LDAPNightmare exploit on GitHub spreads infostealer malware CVE-2024-49112 CVE-2024-49113 CVE-2024-49138 Severity: ⚠️ Critical Maturity: 💥 Mainstream Learn more: https://t.co/ifVGosLGvd #CyberSecurity #ThreatIntel #InfoSec (1/3)

    @fletch_ai

    14 Jan 2025

    74 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  32. Threat Alert: Critical Windows LDAP flaw could lead to crashed servers, RCE attacks CVE-2024-49112 CVE-2024-49113 CVE-2024-49138 Severity: ⚠️ Critical Maturity: 💥 Mainstream Learn more: https://t.co/ifVGosLGvd #CyberSecurity #ThreatIntel #InfoSec

    @fletch_ai

    4 Jan 2025

    38 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  33. CVE-2024-49138に今更ながら興味出てきた

    @cloverfish300

    2 Jan 2025

    51 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  34. Microsoft’s December 2024 Patch Tuesday Addresses 70 CVEs (CVE-2024-49138) https://t.co/Pt7g27ikvh https://t.co/J6LwmjhrYw

    @NickBla41002745

    25 Dec 2024

    28 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  35. Microsoft’s December 2024 Security Updates are here. This month, CVE-2024-49138—a privilege escalation vulnerability in the Windows Common Log File System Driver—stands out, with exploitation already detected. @treguly #PatchTuesday #CyberSecurity

    @cybernated_DAM

    25 Dec 2024

    43 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  36. ⚠️ Detectada vulnerabilidad "Zero Day" CVE-2024-49138 que afecta @Windows 10, 11, Server 2019 y 2022. Actualiza tus sistemas, evita enlaces dudosos y monitorea actividad sospechosa. 🖥️🔒 #observadormx https://t.co/8ABe4ejaRA

    @_observadormx

    24 Dec 2024

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  37. Microsoft’s December 2024 Security Updates are here. This month, CVE-2024-49138—a privilege escalation vulnerability in the Windows Common Log File System Driver—stands out, with exploitation already detected. https://t.co/pFKNBrSuQl @treguly #PatchTuesday #CyberSecurity

    @TripwireInc

    23 Dec 2024

    130 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  38. Microsoft’s December 2024 Patch Tuesday Addresses 70 CVEs (CVE-2024-49138) https://t.co/aY5kIm7xny https://t.co/fFr5UoO4Dy

    @dansantanna

    20 Dec 2024

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  39. Microsoft’s December 2024 Security Updates are here. This month, CVE-2024-49138—a privilege escalation vulnerability in the Windows Common Log File System Driver—stands out, with exploitation already detected. https://t.co/IFX5kutv4P @treguly #PatchTuesday #CyberSecurity

    @TripwireInc

    19 Dec 2024

    187 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  40. Windows-Sicherheitslücken: Admins müssen dringend handeln Microsoft schließt mehrere kritische Sicherheitslücken in Windows-Desktop- und Server-Versionen, die aktuell aktiv von Angreifern ausgenutzt werden. Besonders betroffen ist die Schwachstelle CVE-2024-49138, die es… https:

    @tec4net

    18 Dec 2024

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  41. Microsoft’s December 2024 Patch Tuesday Addresses 70 CVEs (CVE-2024-49138) https://t.co/ax4daEk4H5 https://t.co/VQxjAWJb0V

    @Art_Capella

    17 Dec 2024

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  42. Microsoft Releases Urgent Patch for Exploited Zero-Day Microsoft has released patches for over 70 documented security defects and actively exploited zero-day vulnerability in the Windows Common Log File System (CLFS). The vulnerability tracked as CVE-2024-49138, has a CVSS score…

    @WarrenTevora

    17 Dec 2024

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  43. Cybersecurity WOTW: Spray Attacks Actively Exploited Vulnerabilities Include: • Cleo File Upload (CVE-2024-50623) • Microsoft CLFS Buffer Overflow (CVE-2024-49138) • Ivanti Connect Secure Command Injection (CVE-2024-21887) 👉Read the blog: https://t.co/mLYWd1ZfIJ https://t.co/

    @GradientCyber

    16 Dec 2024

    56 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  44. CVE-2024-49138 is getting exploited #inthewild. Find out more at https://t.co/4vzA9Bo0Tc CVE-2024-50623 is getting exploited #inthewild. Find out more at https://t.co/nxYHjmvoLI

    @inthewildio

    16 Dec 2024

    68 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  45. Microsoft’s December 2024 Patch Tuesday Addresses 70 CVEs (CVE-2024-49138) https://t.co/vxEGib1MvS https://t.co/qI89ipAagU

    @Trej0Jass

    16 Dec 2024

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  46. Microsoft’s December 2024 Security Updates are here. This month, CVE-2024-49138—a privilege escalation vulnerability in the Windows Common Log File System Driver—stands out, with exploitation already detected. https://t.co/0smP6X51vf @treguly #PatchTuesday #CyberSecurity

    @TripwireInc

    15 Dec 2024

    298 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  47. 𝐖𝐢𝐧𝐝𝐨𝐰𝐬 𝐙𝐞𝐫𝐨-𝐃𝐚𝐲 𝐄𝐱𝐩𝐥𝐨𝐢𝐭 𝐅𝐨𝐮𝐧𝐝 According to PCMag, Microsoft released security updates for Windows 10 and 11 PCs on Tuesday addressing a high-severity bug actively exploited by attackers. The vulnerability, known as CVE-2024-49138, grants attackers… htt

    @TechBuzzRecap

    14 Dec 2024

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  48. Microsoft has released critical updates for Windows 10 and 11 to address a high-severity vulnerability that's been actively exploited. The flaw, CVE-2024-49138, is a "Common Log File System Driver Elevation of Privilege Vulnerability" that can allow attackers system privileges. h

    @PCMag

    14 Dec 2024

    1801 Impressions

    2 Retweets

    6 Likes

    2 Bookmarks

    2 Replies

    0 Quotes

  49. 📣 Patch Tuesday content packMicrosoft resolved 70 vulnerabilities, incl. 16 critical flaws + an exploited zero-day (CVE-2024-49138). Third-party vendors like Google, Cisco, & Apple also released critical updates. 🔗 Key resources: Patch insights: https://t.co/Ii2IvrcdBj… ht

    @Action1corp

    13 Dec 2024

    38 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  50. #DOYOUKNOWCVE CISA Alert! CVE-2024-49138 - Heap-Based Buffer Overflow Vulnerability in Microsoft Windows Common Log File System (CLFS) Driver. The flaw allows attackers to execute malicious code with elevated privileges, potentially compromising the target system. It is part…

    @Loginsoft_Inc

    13 Dec 2024

    53 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations