Summary: Microsoft released urgent updates addressing over 120 vulnerabilities in Windows, including a zero-day in the Windows Common Log File System (CLFS) that is actively exploited. The CLFS vulnerability provides local attackers with SYSTEM privileges, and it has been linked to ransomware attacks by professional hacking teams. In addition to CLFS, critical flaws in Windows Hyper-V, Remote Desktop Services, Microsoft Excel, and Office have also been patched.
Affected: Microsoft Windows, Microsoft Excel, Microsoft Office, Adobe Software
Keypoints :
- Zero-day vulnerability CVE-2025-29824 in CLFS allows local attackers to gain SYSTEM privileges.
- Patches for critical remote code execution flaws were released for Windows Hyper-V and Remote Desktop Services.
- Adobe also rolled out updates addressing 54 vulnerabilities across its products, including critical issues in ColdFusion and Photoshop.
Source: https://www.securityweek.com/microsoft-patches-125-windows-vulns-including-exploited-clfs-zero-day/