Maybe the Microsoft security folks that are pushing rustlang support for drivers should consider CLFS is an old pile of unsafe code that is getting repeatedly abused by threat actors. Consensus among RE friends says it needs a rewrite. @epakskape @dwizzzleMSFT @markrussinovich
A little earlier, I found Windows CLFS 0-day used in ransomware attacks. But at that time, I've been tracking this actor for a year and they used 5(!) different CLFS exploits. Is there something seriously wrong with Windows CLFS? I decided to investigate. securelist.com/windows-clfs-…
Dec 22, 2023 · 4:14 AM UTC
