Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
Published: 2025-04-08
Microsoft addresses 121 CVEs including one zero-day which was exploited in the wild.
https://www.securityweek.com/cisa-urges-urgent-patching-for-exploited-centrestack-windows-zero-days/
https://www.databreachtoday.com/microsoft-warns-ransomware-actors-exploiting-windows-flaw-a-27960
https://thehackernews.com/2025/04/pipemagic-trojan-exploits-windows-clfs.html
https://www.theregister.com/2025/04/08/patch_tuesday_microsoft/
https://www.securityweek.com/microsoft-patches-125-windows-vulns-including-exploited-clfs-zero-day/
https://www.helpnetsecurity.com/2025/04/08/patch-tuesday-microsoft-zero-day-cve-2025-29824/
https://therecord.media/microsoft-zero-day-used-ransomware-attack-real-estate