CVE-2024-49138 is a zero-day exploited in the wild targeting the Windows CLFS driver to gain SYSTEM privileges. Apply the December 2024 Patch Tuesday update immediately. This vulnerability follows a long pattern of CLFS driver exploitation by ransomware operators.
Windows Common Log File System Driver Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Supernova subscribers receive AI-triaged CVE alerts the moment they're published — before the PoC drops.
Start Supernova — $99/mo →