The Elevation of Privilege – Windows Common Log File System Driver (CVE-2024-49138) has become more critical. Just as I wrote that nothing had been heard about this vulnerability for a month since it was first published in Microsoft’s December Patch Tuesday, a public exploit for it appeared on January 15th. 🙂 It was developed by Alessandro Iandoli from HN Security. The source code and video demonstrating the exploit are available on GitHub: a local attacker runs an exe file in PowerShell and, after a second, becomes “nt authority/system”. The researcher tested the exploit on Windows 11 23h2. He also promises to publish a blog post with a detailed analysis of the vulnerability.
Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it more often than this site. If you haven’t used Telegram yet, give it a try. It’s great. You can discuss my posts or ask questions at @avleonovchat.
А всех русскоязычных я приглашаю в ещё один телеграмм канал @avleonovrus, первым делом теперь пишу туда.
Pingback: December Microsoft Patch Tuesday | Alexander V. Leonov
Pingback: What has become known about the Elevation of Privilege – Windows Common Log File System Driver (CVE-2024-49138) vulnerability from the December Microsoft Patch Tuesday a month later? | Alexander V. Leonov
Pingback: New episode “In The Trend of VM” (#11): vulnerabilities that became trending in December and the final report on trending vulnerabilities for 2024 | Alexander V. Leonov