Malware Attackers Exploited Unpatched Windows Vulnerability

By Netvora Tech News

---

Microsoft's April security update addressed a critical vulnerability in Windows, but hackers had already exploited it to spread malware, according to Symantec. This vulnerability, identified as CVE-2025-29824, is located in the Windows Common Log Filesystem (CLFS), a Windows component used for logging.

The CLFS vulnerability has been discovered to be exploited in the past, with multiple instances of it being used to spread malware before Microsoft issued a patch. This vulnerability allows an attacker with access to a machine to gain SYSTEM-level privileges, effectively compromising the entire system.

In the analyzed attack, the attackers allegedly compromised a Cisco ASA firewall and then gained access to a Windows machine on the network. They then exploited the CVE-2025-29824 vulnerability to deploy malware known as Grixba. Grixba is an infostealer and network scanner designed to gather information about the system and network, which is then used for further attacks.

Ransomware Connection

The group behind the attack, identified by Symantec, is also responsible for ransomware attacks. This suggests that multiple groups may have been aware of the vulnerability, making it a significant concern for Windows users.

Microsoft had previously revealed that the same vulnerability had been used in ransomware attacks, but this latest incident highlights the importance of timely patching and cybersecurity measures to prevent exploitation.

Conclusion

The exploitation of the unpatched Windows vulnerability serves as a stark reminder of the importance of staying up-to-date with security patches and implementing robust cybersecurity measures. As attacks continue to evolve, it is crucial for users to remain vigilant and take proactive steps to protect their systems and data.