Alexander V. Leonov

About Remote Code Execution – Erlang/OTP (CVE-2025-32433) vulnerability. Erlang is a programming language used to build massively scalable soft real-time systems with requirements for high availability. Used in telecom, banking, e-commerce, telephony, and messaging. OTP is a set of Erlang libraries and design principles providing middle-ware to develop these systems. A message handling vulnerability in […]

About Elevation of Privilege – Windows Common Log File System Driver (CVE-2025-29824) vulnerability. The vulnerability from the April Microsoft Patch Tuesday allows an attacker operating under a regular user account to escalate their privileges to SYSTEM level.🔻 According to Microsoft, the vulnerability was exploited in attacks against organizations in the U.S., Venezuela, Spain, and Saudi […]

About Spoofing – Windows NTLM (CVE-2025-24054) vulnerability. It was patched in the March Microsoft Patch Tuesday. VM vendors didn’t mention this vulnerability in their reviews; it was only known to be exploited via user interaction with a malicious file. A month later, on April 16, Check Point published a blog post with technical details, revealing […]

About Remote Code Execution & Arbitrary File Reading – Apache HTTP Server (CVE-2024-38475) vulnerability. Improper escaping of output in mod_rewrite module leads to remote code execution or arbitrary file reading. Successful exploitation does not require authentication. 🔻 Apache HTTP Server 2.4.60, which includes a fix for this vulnerability, was released on July 1, 2024. Orange […]

April Linux Patch Wednesday. Total vulnerabilities: 251. 👌 164 in the Linux Kernel. No vulnerabilities show signs of being exploited in the wild. There are 7 vulnerabilities that appear to have publicly available exploits. For 2 vulnerabilities, exploit code with detailed explanation is available on GitHub. Both were first patched in RedOS packages: 🔸 SQL […]

About Elevation of Privilege – Windows Process Activation (CVE-2025-21204) vulnerability. This vulnerability from the April Microsoft Patch Tuesday was not highlighted by VM vendors in their reviews. It affects the Windows Update Stack component and is related to improper link resolution before file access (CWE-59). 🔻 On April 14, researcher Elli Shlomo (CYBERDOM) published a […]

April “In the Trend of VM” (#14): vulnerabilities in Microsoft Windows, VMware products, Kubernetes, and Apache Tomcat. We decided to pause recording new videos, so for now only text. 🤷‍♂️🙂 🗞 Post on Habr (rus)🗒 Digest on the PT website (rus) A total of 11 trending vulnerabilities: 🔻 Elevation of Privilege – Windows Cloud Files […]

March episode “In the Trend of VM” (#13): vulnerabilities of Microsoft, PAN-OS, СommuniGate and who should patch hosts with deployed application. I’m posting the translated video with a big delay, but it’s better than never. 😉 📹 Video on YouTube and LinkedIn🗞 Post on Habr (rus)🗒 Digest on the PT website Content: 🔻 00:00 Greetings […]

April Microsoft Patch Tuesday. A total of 153 vulnerabilities, 2 times more than in March. Of these, 32 were added between the March and April MSPTs. Three vulnerabilities show signs of exploitation in the wild: 🔻 EoP – Windows Common Log File System Driver (CVE-2025-29824). An attacker can gain SYSTEM privileges. No technical details yet.🔻 […]

About Elevation of Privilege – Windows Cloud Files Mini Filter Driver (CVE-2024-30085) vulnerability. cldflt.sys is a Windows Cloud Files Mini Filter driver responsible for representing cloud-stored files and folders as if they were located on the local machine. The vulnerability in this driver, fixed as part of the June 2024 Microsoft Patch Tuesday, allows an […]