The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the Microsoft Windows Common Log File System (CLFS) driver flaw to its Known Exploited Vulnerabilities catalog.
The flaw, CVE-2024-49138, has a CVSS score of 7.8 and allows a local attacker to escalate privileges.
Microsoft released security updates in December 2024 to address this vulnerability and 70 others.
CISA has ordered federal agencies to fix the vulnerability by December 31, 2024.