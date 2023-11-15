An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. That means rogue software and users on a vulnerable Windows box can take over the whole thing with this flaw. We'd expect to hear more about who is abusing this hole and how widespread the attacks are in the near future. The vulnerability affects Windows Cloud Files Mini Filter Driver and also can lead to SYSTEM privileges. It also received a 7.8 CVSS rating.

The driver is used for managing and facilitating the operations of cloud-stored files. It's loaded by default on just about every version of Windows, so it provides a broad attack surface. He warns that both of these flaws are probably paired with a code execution bug in the attacks that Microsoft has observed. That is to say, a miscreant would typically find a way to gain arbitrary user-level execution on a target's machine and then use one of the above holes to gain sysadmin-level control

