Microsoft: Windows CLFS zero-day exploited by ransomware gang

Microsoft says the RansomEXX ransomware gang has been exploiting a high-severity zero-day flaw in the Windows Common Log File System to gain SYSTEM privileges on victims' systems. The vulnerability, tracked as CVE-2025-29824, was patched during this month's Patch Tuesday and was only exploited in a limited number of attacks. CVE-2025-29824 is due to a use-after-free weakness that lets local attackers with low privileges gain SYSTEM privileges in low-complexity attacks that don't require user interaction. While the company has issued security updates for impacted Windows versions, it delayed releasing patches for Windows 10 x64 and 32-bit systems and said they would be released as soon as possible. "The targets include organizations in the information technology (IT) and real estate sectors of the United States, the financial sector in Venezuela, a Spanish software company, and the retail sector in Saudi Arabia," Microsoft revealed today. "Customers running Windows 11, version 24H2 ... Read full article.