Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HMicrosoft Windows 10 1507
OSMicrosoft< 10.0.10240.19265Microsoft Windows 10 1607
OSMicrosoft< 10.0.14393.5066Microsoft Windows 10 1809
OSMicrosoft≤ 10.0.17763.2803Microsoft Windows 10 1909
OSMicrosoft< 10.0.18363.2212Microsoft Windows 10 20h2
OSMicrosoft< 10.0.19042.1645Microsoft Windows 10 21h1
OSMicrosoft< 10.0.19043.1645Microsoft Windows 10 21h2
OSMicrosoft< 10.0.19044.1645Microsoft Windows 11 21h2
OSMicrosoft< 10.0.22000.613Microsoft Windows 7
OSMicrosoftwszystkie wersjeMicrosoft Windows 8.1
OSMicrosoftwszystkie wersjeMicrosoft Windows Rt 8.1
OSMicrosoftwszystkie wersjeMicrosoft Windows Server 2008
OSMicrosoftr2Microsoft Windows Server 2012
OSMicrosoftr2Microsoft Windows Server 2016
OSMicrosoft< 10.0.14393.5066Microsoft Windows Server 2019
OSMicrosoft< 10.0.17763.2803Microsoft Windows Server 2022
OSMicrosoft< 10.0.20348.643Microsoft Windows Server 20h2
OSMicrosoft< 10.0.19042.1645
CISA KEV — detailsi
- Vendori
- Microsoft ↗
- Producti
- Windows
- Added to KEVi
- April 13, 2022
- Remediation deadline (US Federal)i
- May 4, 2022(overdue)
- Ransomwarei
- Active ransomware campaigns exploit this vulnerability
Required action (CISA)i
Apply updates per vendor instructions.
CISA descriptioni
Microsoft Windows Common Log File System (CLFS) Driver contains an unspecified vulnerability that allows for privilege escalation.
🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
☠️WYKORZYSTYWANE W RANSOMWARE⏰CISA DEADLINE: 4 maja 2022
Related vulnerabilities
CVE-2025-59287CRITICAL9.8⚠ KEVPL ✓ten sam produkt
RCE w Windows Server Update Service (WSUS) — deserializacja danych
CVE-2021-31166CRITICAL9.8⚠ KEVten sam produkt
HTTP Protocol Stack Remote Code Execution Vulnerability
CVE-2020-1350CRITICAL10.0⚠ KEVten sam produkt
A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly ...
CVE-2020-1040CRITICAL9.0⚠ KEVten sam produkt
A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly val...
CVE-2020-0796CRITICAL10.0⚠ KEVten sam produkt
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) ...