Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
Published: 2025-04-08
Microsoft addresses 121 CVEs including one zero-day which was exploited in the wild.
https://www.securityweek.com/microsoft-dissects-pipemagic-modular-backdoor/
https://securityaffairs.com/181286/breaking-news/analyzing-evolution-of-the-pipemagic-malware.html
https://therecord.media/ransomware-gang-masking-pipemagic-backdoor
https://thehackernews.com/2025/08/microsoft-windows-vulnerability.html
https://securelist.com/pipemagic/117270/
https://www.bleepingcomputer.com/news/security/ransomware-gangs-join-ongoing-sap-netweaver-attacks/
https://thehackernews.com/2025/05/bianlian-and-ransomexx-exploit-sap.html
https://www.securityweek.com/second-ransomware-group-caught-exploiting-windows-flaw-as-zero-day/
https://thehackernews.com/2025/05/play-ransomware-exploited-windows-cve.html
https://www.securityweek.com/cisa-urges-urgent-patching-for-exploited-centrestack-windows-zero-days/
https://www.databreachtoday.com/microsoft-warns-ransomware-actors-exploiting-windows-flaw-a-27960
https://thehackernews.com/2025/04/pipemagic-trojan-exploits-windows-clfs.html
https://www.theregister.com/2025/04/08/patch_tuesday_microsoft/
https://www.securityweek.com/microsoft-patches-125-windows-vulns-including-exploited-clfs-zero-day/
https://www.helpnetsecurity.com/2025/04/08/patch-tuesday-microsoft-zero-day-cve-2025-29824/
https://therecord.media/microsoft-zero-day-used-ransomware-attack-real-estate