A threat actor is exploiting a zero-day elevation of privileges vulnerability in the Windows Common Log File System to deploy ransomware, one of a number of critical holes Microsoft plugged today as part of its April Patch Tuesday releases. “The targets include organizations in the information technology (IT) and real estate sectors of the United…
Category: Threat and Vulnerability Management, Vulnerabilities, Windows Security
Exploits, Global Security News, Threat and Vulnerability Management, Vulnerabilities, Windows Security
February Patch Tuesday: CISOs should act now on two actively exploited Windows Server vulnerabilities
CISOs should make sure that two actively exploited vulnerabilities in Windows are addressed as part of their staff’s February Patch Tuesday efforts. They are: CVE 2025-21391, a Windows Storage escalation of privilege vulnerability that, if exploited, could allow an attacker to delete – but not read — targeted files on a system. While this wouldn’t…