Microsoft warns that Windows is affected by a zero-day flaw that hackers are exploiting to deploy ransomware. The patch arrives with the latest monthly security update.
“Microsoft urges customers to apply these updates as soon as possible,” the Redmond giant said in a report.
The actively exploited zero-day flaw lies in the Windows Common Log File System (CLFS), an OS component that manages logging and event data for applications and Windows itself.
Attackers are abusing this vulnerability on already compromised systems to elevate privileges.
According to Microsoft, the exploits were used “against a small number of targets,” including IT and real estate organizations in the US and financial, software, and retail companies in other countries.
Tracked as CVE-2025-29824, the vulnerability has been assigned a severity score of 7.8 out of 10.
The exploit has been deployed by PipeMagic malware and a threat actor that Microsoft tracks as Storm-2460.
To deploy the exploit, the hackers first need to gain initial access via other means. In Multiple cases, Storm-2460 used compromised legitimate third-party websites to host and deliver malware.
In a later stage, the CLFS exploit can be used to corrupt memory and overwrite process tokens, granting full privileges.
“Ransomware threat actors value post-compromise elevation of privilege exploits because these could enable them to escalate initial access, including handoffs from commodity malware distributors, into privileged access,” Microsoft said.
“They then use privileged access for widespread deployment and detonation of ransomware within an environment.”
The patch for the flaw was released on Tuesday as part of the monthly security updates. The April 2025 Patch Tuesday fixes 126 vulnerabilities in total.
“Microsoft highly recommends that organizations prioritize applying security updates for elevation of privilege vulnerabilities to add a layer of defense against ransomware attacks if threat actors are able to gain an initial foothold,” the tech giant said in a report.
Your email address will not be published. Required fields are markedmarked