gengstah

gengstah

Exploring the spaces between specs — where weird machines live and exploits are born

Blog posts

2025

December 2025 Patch Tuesday

4 minute read

Published:

CVE-2025-62221 - Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

A Windows Cloud Files Mini Filter Driver (cldflt.sys) bug (CVE-2025-62221) is being actively exploited this month and has been patched in this month’s Patch Tuesday. In October, there was a TOCTOU bug (CVE-2025-55680) patched in the same driver. This time around, the bug is a Use-after-Free (UaF). I looked at the patch made to the driver and shared my findings in this blog.

Joined the OSEE club

2 minute read

Published:

Joined the OSEE club

For the past few months, I have been juggling work and studying for the OSEE exam. Today, I finally got an email from OffSec saying that I passed 🎉

November 2025 Patch Tuesday - CLFS

4 minute read

Published:

Patch Diffing

Patch diffing is the process of generating a diff or the difference or changes made to a file or software as a whole, by comparing the bytes of an old and new version of the same file. This process is used by attackers and defenders alike to find out what changes are made in the software in question. In cybersecurity, more often than not, this process is used to find out what flaw/s the new version of the software patched.