Highlights: In April 2025, Microsoft patched a critical zero‑day vulnerability, CVE‑2025‑29824, in the Common Log File System (CLFS) driver (clfs.sys) used by Windows, which allowed local privilege escalation. CVSS v3.1 assigns it a high severity score of 7.8, enabling any authorized local user to elevate to SYSTEM privileges without requiring user interaction. Sophisticated adversaries exploited […]
English