Summary: Microsoft has reported that the RansomEXX ransomware gang is exploiting a high-severity zero-day vulnerability (CVE-2025-29824) in the Windows Common Log File System, enabling them to gain SYSTEM privileges on affected systems. The flaw was patched during the recent Patch Tuesday, but updates for Windows 10 x64 and 32-bit are still pending. Multiple sectors, including IT, real estate, finance, and retail, have been targeted in these attacks, and affected users are urged to apply the available updates promptly.
Affected: Microsoft Windows operating systems
Keypoints :
- Exploitation of CVE-2025-29824 allows low-privileged attackers to escalate privileges without user interaction.
- The RansomEXX gang uses the PipeMagic backdoor to deploy ransomware and related exploits.
- Updates for Windows 10 are delayed; Windows 11, version 24H2 is not affected by the exploitation.