Microsoft has recently addressed a significant number of security issues in its software products, with a total of 126 vulnerabilities being fixed. One of these vulnerabilities has been actively exploited in the wild.
Among the 126 vulnerabilities, 11 are classified as Critical, 112 as Important, and two as Low severity. These vulnerabilities include privilege escalation, remote code execution, information disclosure, and denial-of-service bugs.
In addition to these fixes, Microsoft has also patched 22 flaws in its Chromium-based Edge browser since the previous Patch Tuesday update.
The actively exploited vulnerability is an elevation of privilege (EoP) flaw in the Windows Common Log File System (CLFS) Driver (CVE-2025-29824, CVSS score: 7.8), which allows an attacker to elevate privileges locally through a use-after-free scenario.
This particular vulnerability is the sixth EoP flaw discovered in the same component since 2022, with previous instances being exploited in the wild. These vulnerabilities are popular among ransomware operators for post-compromise activities.
Experts have highlighted the critical nature of this vulnerability, emphasizing the urgent need for a patch to prevent further exploitation by malicious actors.
For more information on this security update and other recent vulnerabilities, follow our Twitter and LinkedIn pages for exclusive content.
