The Redmond, Wash. software maker plans to add a new verification step to parsing CLFS logfiles as part of a deliberate effort to cover one of the most attractive attack surfaces for APTs and ransomware attacks. Over the last five years, there have been at least 24 documented vulnerabilities in CLFS, the Windows subsystem used for data and event logging, pushing the Microsoft Offensive Research & Security Engineering (MORSE) team to design an operating system mitigation to address a class of vulnerabilities all at once. The mitigation, which will soon be fitted into the Windows Insiders Canary channel, will use Hash-based Message Authentication Codes (HMAC) to detect unauthorized modifications to CLFS logfiles, according to a Microsoft note describing the exploit roadblock.