"Microsoft Tackling Windows Logfile Flaws With New HMAC-Based Security Mitigation"
Microsoft is experimenting with a new security mitigation to combat the rise in cyberattacks involving the exploitation of vulnerabilities in the Windows Common Log File System (CLFS). The software maker will add a new verification step to CLFS logfile parsing to cover an attack surface attractive to Advanced Persistent Threats (APTs) and ransomware attackers. In recent years, at least 24 vulnerabilities have been reported in CLFS, the Windows subsystem used for data and event logging, prompting the Microsoft Offensive Research and Security Engineering (MORSE) team to develop a mitigation in order to address a class of vulnerabilities. This article continues to discuss Microsoft's experimentation with a new security mitigation to block attacks targeting flaws in the Windows CLFS.
Submitted by grigby1