By rssfeeds-admin The flaws were officially added to CISA’s Known Exploited Vulnerabilities (KEV) catalog on April 13, 2026.
CISA warned that both bugs are being leveraged in real-world attacks against government and enterprise networks.
Federal agencies and private organizations are strongly urged to patch affected systems immediately to prevent potential data breaches and network compromises.
Windows CLFS Privilege Escalation (CVE-2023-36424)
The first vulnerability, tracked as CVE-2023-36424, lies within the Microsoft Windows Common Log File System (CLFS) driver.
Classified under CWE-125 for out-of-bounds read issues, this flaw occurs when software reads beyond the allocated memory buffer, potentially exposing sensitive data or causing system instability.
According to CISA, the exploit allows a local attacker to escalate privileges on a compromised host.
Since CLFS is a vital component used by numerous Windows processes for system logging, attackers exploiting this bug could gain administrative control, disable security mechanisms, or move laterally across a network.
Although it’s not yet confirmed whether ransomware operators are actively exploiting this vulnerability, security analysts note that such privilege escalation flaws are frequently used as part of multi-stage attacks.
The second critical vulnerability, CVE-2023-21529, impacts Microsoft Exchange Server and involves the deserialization of untrusted data.
This issue, categorized under CWE-502, allows authenticated attackers to execute remote code (RCE) on vulnerable servers.
Exchange Server remains a prime target for cybercriminals due to its central role in corporate messaging and directory services.
Exploiting this flaw could let attackers deploy remote commands, install backdoors, or pivot deeper into organizational networks.
While CISA has not linked this bug to any specific ransomware group, experts emphasize the potential for widespread exploitation if left unpatched.
Remote code execution vulnerabilities in Exchange have historically served as entry points for nation-state and financially motivated intrusions.
Under CISA’s Known Exploited Vulnerabilities policy, all Federal Civilian Executive Branch (FCEB) agencies must patch affected Windows and Exchange systems by April 27, 2026.
Organizations unable to apply Microsoft’s patches are advised to discontinue the use of vulnerable products.
System administrators should:
- Install the latest Microsoft security updates for Windows CLFS and Exchange Server.
- Follow guidance from Binding Operational Directive (BOD) 22-01 for affected systems or cloud environments.
- Regularly verify mitigation compliance and monitor for suspicious activity indicating possible privilege escalation or remote code execution attempts.
Cybersecurity professionals caution that failure to act swiftly may leave networks exposed to advanced persistent threats already exploiting these weaknesses in the wild.
Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google
The post CISA Warns of Microsoft Exchange and Windows CLFS Flaws Exploited in Attacks appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.