This month’s Patch Tuesday includes 126 fixes from Microsoft, and a zero-day in the Windows Common Log File System (CLFS) already being exploited in the wild. Fortra’s Tyler Reguly urges security teams to treat the CLFS patch as a top priority—and warns it may not be the last we see of this component.
Tyler also advises CISOs to look beyond CVSS scores and use the Microsoft Exploitability Index when deciding what to patch first.
Originally published in CSO.
Excerpt: “When a vulnerability in CLFS is patched, people tend to dig around and look at what’s going on, and come across other vulnerabilities in the process. If I was a gambler, I would bet on CLFS appearing again next month.”
