{"id":1605,"date":"2025-04-09T15:17:01","date_gmt":"2025-04-09T15:17:01","guid":{"rendered":"https:\/\/www.tsfactory.com\/forums\/?p=1605"},"modified":"2025-04-09T15:17:01","modified_gmt":"2025-04-09T15:17:01","slug":"microsoft-patches-126-flaws-including-actively-exploited-windows-clfs-vulnerability","status":"publish","type":"post","link":"https:\/\/www.tsfactory.com\/forums\/blog\/microsoft-patches-126-flaws-including-actively-exploited-windows-clfs-vulnerability\/","title":{"rendered":"Microsoft Patches 126 Flaws Including Actively Exploited Windows CLFS Vulnerability"},"content":{"rendered":"<p>Microsoft has released security fixes to address a massive set of\u00a0<a href=\"https:\/\/msrc.microsoft.com\/update-guide\/releaseNote\/2025-apr\" target=\"_blank\" rel=\"noopener\">126 flaws<\/a>\u00a0affecting its software products, including one vulnerability that it said has been actively exploited in the wild.<\/p>\n<p>Of the 126 vulnerabilities, 11 are rated Critical, 112 are rated Important, and two are rated Low in severity. Forty-nine of these vulnerabilities are classified as privilege escalation, 34 as remote code execution, 16 as information disclosure, and 14 as denial-of-service (DoS) bugs.<\/p>\n<p>The updates are aside from the\u00a0<a href=\"https:\/\/learn.microsoft.com\/en-us\/deployedge\/microsoft-edge-relnotes-security\" target=\"_blank\" rel=\"noopener\">22 flaws<\/a>\u00a0the company patched in its Chromium-based Edge browser since the release of last month&#8217;s\u00a0<a href=\"https:\/\/thehackernews.com\/2025\/03\/urgent-microsoft-patches-57-security.html\" target=\"_blank\" rel=\"noopener\">Patch Tuesday update<\/a>.<\/p>\n<p>The vulnerability that has been flagged as under active attack is an elevation of privilege (EoP) flaw impacting the Windows Common Log File System (CLFS) Driver (<a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2025-29824\" target=\"_blank\" rel=\"noopener\">CVE-2025-29824<\/a>, CVSS score: 7.8) that stems from a use-after-free scenario, allowing an authorized attacker to elevate privileges locally.<\/p>\n<p>CVE-2025-29824 is the\u00a0<a href=\"https:\/\/thehackernews.com\/2024\/12\/microsoft-fixes-72-flaws-including.html\" target=\"_blank\" rel=\"noopener\">sixth EoP vulnerability<\/a>\u00a0to be discovered in the same component that has been exploited in the wild since 2022, the others being CVE-2022-24521, CVE-2022-37969, CVE-2023-23376, CVE-2023-28252, and CVE-2024-49138 (CVSS scores: 7.8).<\/p>\n<p>&#8220;From an attacker&#8217;s perspective, post-compromise activity requires obtaining requisite privileges to conduct follow-on activity on a compromised system, such as lateral movement,&#8221; Satnam Narang, senior staff research engineer at Tenable, said.<\/p>\n<p>&#8220;Therefore, elevation of privilege bugs are typically popular<\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2025\/04\/microsoft-patches-126-flaws-including.html\">Read the Full Story Here<\/a><\/p>\n<p>Source: The Hacker News<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft has released security fixes to address a massive set of\u00a0126 flaws\u00a0affecting its software products, including one vulnerability that it said has been actively exploited in the wild. Of the 126 vulnerabilities, 11 are rated Critical, 112 are rated Important, and two are rated Low in severity. Forty-nine of these vulnerabilities are classified as privilege [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":1227,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-1605","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Microsoft Patches 126 Flaws Including Actively Exploited Windows CLFS Vulnerability - Community<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.tsfactory.com\/forums\/blog\/microsoft-patches-126-flaws-including-actively-exploited-windows-clfs-vulnerability\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Microsoft Patches 126 Flaws Including Actively Exploited Windows CLFS Vulnerability - Community\" \/>\n<meta property=\"og:description\" content=\"Microsoft has released security fixes to address a massive set of\u00a0126 flaws\u00a0affecting its software products, including one vulnerability that it said has been actively exploited in the wild. Of the 126 vulnerabilities, 11 are rated Critical, 112 are rated Important, and two are rated Low in severity. Forty-nine of these vulnerabilities are classified as privilege [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.tsfactory.com\/forums\/blog\/microsoft-patches-126-flaws-including-actively-exploited-windows-clfs-vulnerability\/\" \/>\n<meta property=\"og:site_name\" content=\"Community\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/TSFactoryLLC\/\" \/>\n<meta property=\"article:published_time\" content=\"2025-04-09T15:17:01+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2024\/03\/pexels-tima-miroshnichenko-5380594-scaled.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"2560\" \/>\n\t<meta property=\"og:image:height\" content=\"1707\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Chelsie Wyatt\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@TSFactoryLLC\" \/>\n<meta name=\"twitter:site\" content=\"@TSFactoryLLC\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Chelsie Wyatt\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/microsoft-patches-126-flaws-including-actively-exploited-windows-clfs-vulnerability\/\",\"url\":\"https:\/\/www.tsfactory.com\/forums\/blog\/microsoft-patches-126-flaws-including-actively-exploited-windows-clfs-vulnerability\/\",\"name\":\"Microsoft Patches 126 Flaws Including Actively Exploited Windows CLFS Vulnerability - Community\",\"isPartOf\":{\"@id\":\"https:\/\/www.tsfactory.com\/forums\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/microsoft-patches-126-flaws-including-actively-exploited-windows-clfs-vulnerability\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/microsoft-patches-126-flaws-including-actively-exploited-windows-clfs-vulnerability\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2024\/03\/pexels-tima-miroshnichenko-5380594-scaled.jpg\",\"datePublished\":\"2025-04-09T15:17:01+00:00\",\"author\":{\"@id\":\"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/9d9908f0e12559297335ebe9b601c82f\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/microsoft-patches-126-flaws-including-actively-exploited-windows-clfs-vulnerability\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.tsfactory.com\/forums\/blog\/microsoft-patches-126-flaws-including-actively-exploited-windows-clfs-vulnerability\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/microsoft-patches-126-flaws-including-actively-exploited-windows-clfs-vulnerability\/#primaryimage\",\"url\":\"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2024\/03\/pexels-tima-miroshnichenko-5380594-scaled.jpg\",\"contentUrl\":\"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2024\/03\/pexels-tima-miroshnichenko-5380594-scaled.jpg\",\"width\":2560,\"height\":1707},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/microsoft-patches-126-flaws-including-actively-exploited-windows-clfs-vulnerability\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.tsfactory.com\/forums\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Microsoft Patches 126 Flaws Including Actively Exploited Windows CLFS Vulnerability\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/#website\",\"url\":\"https:\/\/www.tsfactory.com\/forums\/\",\"name\":\"Community\",\"description\":\"TSFactory\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.tsfactory.com\/forums\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/9d9908f0e12559297335ebe9b601c82f\",\"name\":\"Chelsie Wyatt\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/09ff3801fb7566acf715fe4e81a9bd942b923c236138a3ed8a8375f099e5d6d6?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/09ff3801fb7566acf715fe4e81a9bd942b923c236138a3ed8a8375f099e5d6d6?s=96&d=mm&r=g\",\"caption\":\"Chelsie Wyatt\"},\"url\":\"https:\/\/www.tsfactory.com\/forums\/blog\/author\/chelsie\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Microsoft Patches 126 Flaws Including Actively Exploited Windows CLFS Vulnerability - Community","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.tsfactory.com\/forums\/blog\/microsoft-patches-126-flaws-including-actively-exploited-windows-clfs-vulnerability\/","og_locale":"en_US","og_type":"article","og_title":"Microsoft Patches 126 Flaws Including Actively Exploited Windows CLFS Vulnerability - Community","og_description":"Microsoft has released security fixes to address a massive set of\u00a0126 flaws\u00a0affecting its software products, including one vulnerability that it said has been actively exploited in the wild. Of the 126 vulnerabilities, 11 are rated Critical, 112 are rated Important, and two are rated Low in severity. Forty-nine of these vulnerabilities are classified as privilege [&hellip;]","og_url":"https:\/\/www.tsfactory.com\/forums\/blog\/microsoft-patches-126-flaws-including-actively-exploited-windows-clfs-vulnerability\/","og_site_name":"Community","article_publisher":"https:\/\/www.facebook.com\/TSFactoryLLC\/","article_published_time":"2025-04-09T15:17:01+00:00","og_image":[{"width":2560,"height":1707,"url":"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2024\/03\/pexels-tima-miroshnichenko-5380594-scaled.jpg","type":"image\/jpeg"}],"author":"Chelsie Wyatt","twitter_card":"summary_large_image","twitter_creator":"@TSFactoryLLC","twitter_site":"@TSFactoryLLC","twitter_misc":{"Written by":"Chelsie Wyatt","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.tsfactory.com\/forums\/blog\/microsoft-patches-126-flaws-including-actively-exploited-windows-clfs-vulnerability\/","url":"https:\/\/www.tsfactory.com\/forums\/blog\/microsoft-patches-126-flaws-including-actively-exploited-windows-clfs-vulnerability\/","name":"Microsoft Patches 126 Flaws Including Actively Exploited Windows CLFS Vulnerability - Community","isPartOf":{"@id":"https:\/\/www.tsfactory.com\/forums\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.tsfactory.com\/forums\/blog\/microsoft-patches-126-flaws-including-actively-exploited-windows-clfs-vulnerability\/#primaryimage"},"image":{"@id":"https:\/\/www.tsfactory.com\/forums\/blog\/microsoft-patches-126-flaws-including-actively-exploited-windows-clfs-vulnerability\/#primaryimage"},"thumbnailUrl":"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2024\/03\/pexels-tima-miroshnichenko-5380594-scaled.jpg","datePublished":"2025-04-09T15:17:01+00:00","author":{"@id":"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/9d9908f0e12559297335ebe9b601c82f"},"breadcrumb":{"@id":"https:\/\/www.tsfactory.com\/forums\/blog\/microsoft-patches-126-flaws-including-actively-exploited-windows-clfs-vulnerability\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.tsfactory.com\/forums\/blog\/microsoft-patches-126-flaws-including-actively-exploited-windows-clfs-vulnerability\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.tsfactory.com\/forums\/blog\/microsoft-patches-126-flaws-including-actively-exploited-windows-clfs-vulnerability\/#primaryimage","url":"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2024\/03\/pexels-tima-miroshnichenko-5380594-scaled.jpg","contentUrl":"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2024\/03\/pexels-tima-miroshnichenko-5380594-scaled.jpg","width":2560,"height":1707},{"@type":"BreadcrumbList","@id":"https:\/\/www.tsfactory.com\/forums\/blog\/microsoft-patches-126-flaws-including-actively-exploited-windows-clfs-vulnerability\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.tsfactory.com\/forums\/"},{"@type":"ListItem","position":2,"name":"Microsoft Patches 126 Flaws Including Actively Exploited Windows CLFS Vulnerability"}]},{"@type":"WebSite","@id":"https:\/\/www.tsfactory.com\/forums\/#website","url":"https:\/\/www.tsfactory.com\/forums\/","name":"Community","description":"TSFactory","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.tsfactory.com\/forums\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/9d9908f0e12559297335ebe9b601c82f","name":"Chelsie Wyatt","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/09ff3801fb7566acf715fe4e81a9bd942b923c236138a3ed8a8375f099e5d6d6?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/09ff3801fb7566acf715fe4e81a9bd942b923c236138a3ed8a8375f099e5d6d6?s=96&d=mm&r=g","caption":"Chelsie Wyatt"},"url":"https:\/\/www.tsfactory.com\/forums\/blog\/author\/chelsie\/"}]}},"_links":{"self":[{"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/posts\/1605","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/comments?post=1605"}],"version-history":[{"count":1,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/posts\/1605\/revisions"}],"predecessor-version":[{"id":1606,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/posts\/1605\/revisions\/1606"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/media\/1227"}],"wp:attachment":[{"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/media?parent=1605"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/categories?post=1605"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/tags?post=1605"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}