Tag Archives: CrowdStrike

What has become known about the Elevation of Privilege – Windows Common Log File System Driver (CVE-2024-49138) vulnerability from the December Microsoft Patch Tuesday a month later?

Leave a reply

What has become known about the Elevation of Privilege - Windows Common Log File System Driver (CVE-2024-49138) vulnerability from the December Microsoft Patch Tuesday a month later?

What has become known about the Elevation of Privilege – Windows Common Log File System Driver (CVE-2024-49138) vulnerability from the December Microsoft Patch Tuesday a month later? Almost nothing. 🙄 This is a vulnerability in a standard Windows component, available in all versions starting with Windows Server 2003 R2. Its description is typical for EoP in Windows: if successfully exploited, a local attacker can gain SYSTEM privileges. The cause of the vulnerability is Heap-based Buffer Overflow.

Microsoft has labeled the vulnerability as being exploited in the wild, but has not provided information on where the vulnerability was being exploited or how widespread the attacks were.

The vulnerability was reported by CrowdStrike’s Advanced Research Team. But neither they nor other researchers have provided technical details yet. 🤷‍♂️ And there are no exploits yet either.

So install the December Microsoft security updates and let’s wait for news! 😉

Update

На русском

No Boot – No Hacker!

Leave a reply

No Boot – No Hacker! Updated track. It seems that the case with the CrowdStrike BSODStrike incident is coming to a logical conclusion. Why this happened is already more or less clear. All that remains is long legal battles between clients and the vendor. Therefore, I am closing this topic for myself with an updated track made in Suno. It’s in Russian, but subtitles are available on YouTube.

My position is that BSODStrike was not the problems of a specific company, but rather the problems of cloud CyberSecurity services with agents, whose architecture is vulnerable. Such services literally force customers to overtrust them. 🤷‍♂️ I don’t think it’s right to keep silent about this. We need to call for improving the security, transparency and controllability of such services.

It should be understood that this was just a small and relatively harmless failure, but someday we will see a case with a full-scale attack through a hacked cloud vendor. And, as it seems to me, at the moment, on-premise solutions have their advantages.

На русском