PSA: Update Windows Immediately

Microsoft has released updates to fix a zero-day vulnerability impacting all versions of Windows, from Windows 7 to Windows 11....
PSA: Update Windows Immediately
Written by Matt Milano
  • Microsoft has released updates to fix a zero-day vulnerability impacting all versions of Windows, from Windows 7 to Windows 11.

    According to Microsoft, the bug allows a bad actor to escalate privileges related to the Windows Common Log File System Driver. This could give the hacker full system privileges — the highest level available — giving them full access and control of the computer.

    Fortunately, the vulnerability is not a fully remote attack and still requires social engineering or some other method to gain initial access, which can then be used to elevate privileges.

    “This bug in the Common Log File System (CLFS) allows an authenticated attacker to execute code with elevated privileges. Bugs of this nature are often wrapped into some form of social engineering attack, such as convincing someone to open a file or click a link,” writes Zero Day Initiative’s Dustin Childs. “Once they do, additional code executes with elevated privileges to take over a system. Usually, we get little information on how widespread an exploit may be used. However, Microsoft credits four different agencies reporting this bug, so it’s likely beyond just targeted attacks.”

    Given this attack is already being used in the wild, all users should update their Windows installation immediately.

    Get the WebProNews newsletter delivered to your inbox

    Get the free daily newsletter read by decision makers

    Subscribe
    Advertise with Us

    Ready to get started?

    Get our media kit