Summary: Hackers exploited a zero-day vulnerability, CVE-2025-29824, affecting the Windows Common Log File System Driver, to target real estate companies and various organizations worldwide. The attack involved the use of the malware PipeMagic, leading to the deployment of ransomware. Microsoft has released a security update, though concerns remain about unpatched systems, particularly Windows 10, leaving critical vulnerabilities open.
Affected: Real estate companies in the U.S., financial firms in Venezuela, a software company in Spain, retail organizations in Saudi Arabia
Keypoints :
- CISA added CVE-2025-29824 to its catalog of exploited vulnerabilities.
- The vulnerability allows attackers to escalate privileges and maintain persistence within compromised systems.
- Threat actors were able to deploy ransomware using PipeMagic after gaining initial access.
- A lack of a patch for some Windows systems creates a significant security gap.
- Organizations are advised to monitor the CLFS driver closely to mitigate risks.
Source: https://therecord.media/microsoft-zero-day-used-ransomware-attack-real-estate