Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

The Elevation of Privilege – Windows Common Log File System Driver (CVE-2024-49138) has become more critical

The Elevation of Privilege – Windows Common Log File System Driver (CVE-2024-49138) has become more critical. Just as I wrote that nothing had been heard about this vulnerability for a month since it was first published in Microsoft’s December Patch Tuesday, a public exploit for it appeared on January 15th. 🙂 It was developed by […]

Alexander V. Leonov
Open in Source
#vulnerability#windows#microsoft#git#auth#blog
Trusted Apps Sneak a Bug Into the UEFI Boot Process

Seven system recovery programs contained what amounted to a backdoor for injecting any untrusted file into the system startup process.

PlugX malware deleted from thousands of systems by FBI

The FBI has announced it's deleted PlugX malware from approximately 4,258 US-based computers and networks.

North Korea's Lazarus APT Evolves Developer-Recruitment Attacks

"Operation 99" uses job postings to lure freelance software developers into downloading malicious Git repositories. From there, malware infiltrates developer projects to steal source code, secrets, and cryptocurrency.

OWASP's New LLM Top 10 Shows Emerging AI Threats

Ultimately, there is no replacement for an intuitive, security-focused developer working with the critical thinking required to drive down the risk of both AI and human error.

What has become known about the Elevation of Privilege – Windows Common Log File System Driver (CVE-2024-49138) vulnerability from the December Microsoft Patch Tuesday a month later?

What has become known about the Elevation of Privilege – Windows Common Log File System Driver (CVE-2024-49138) vulnerability from the December Microsoft Patch Tuesday a month later? Almost nothing. 🙄 This is a vulnerability in a standard Windows component, available in all versions starting with Windows Server 2003 R2. Its description is typical for EoP […]

Congratulations to the Top MSRC 2024 Q4 Security Researchers!

Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2024 Q4 Security Researcher Leaderboard are Suresh, VictorV, wkai! Check out the full list of researchers recognized this quarter here.

3 Actively Exploited Zero-Day Flaws Patched in Microsoft's Latest Security Update

Microsoft kicked off 2025 with a new set of patches for a total of 161 security vulnerabilities across its software portfolio, including three zero-days that have been actively exploited in attacks. Of the 161 flaws, 11 are rated Critical, and 149 are rated Important in severity. One other flaw, a non-Microsoft CVE related to a Windows Secure Boot bypass (CVE-2024-7344), has not been assigned

January Microsoft Patch Tuesday

January Microsoft Patch Tuesday. 170 CVEs, 10 of them were added since December MSPT. 3 exploited in the wild: 🔻 EoP – Windows Hyper-V NT Kernel Integration VSP (CVE-2025-21333, CVE-2025-21334, CVE-2025-21335). No details yet. No vulnerabilities have public exploits. 5 have private ones: 🔸 Security Feature Bypass – Microsoft Update Catalog (CVE-2024-49147), MapUrlToZone (CVE-2025-21268, CVE-2025-21189)🔸 […]