Microsoft’s December 2024 Patch Tuesday Addresses 70 CVEs

Published:

spot_img

Microsoft’s December 2024 Patch Tuesday: Addressing Critical Vulnerabilities and Zero-Day Flaws

Microsoft’s December Patch Tuesday: A Year-End Security Overhaul

In a significant year-end update, Microsoft has rolled out its December Patch Tuesday, addressing a staggering 71 newly identified vulnerabilities across its product suite. This marks the last patch of 2024, a year that has already seen the company tackle a record-breaking 1,009 Common Vulnerabilities and Exposures (CVEs), the second-highest annual total in Patch Tuesday history.

Among the critical issues resolved this month is CVE-2024-49138, a zero-day vulnerability in the Windows Common Log File System (CLFS) driver. This flaw has been actively exploited, allowing attackers to gain SYSTEM-level privileges, making it particularly dangerous. Classified as a heap-based buffer overflow, CVE-2024-49138 is the ninth CLFS-related vulnerability addressed this year and has been rated as “important” with a CVSSv3 score of 7.8.

The December update also tackled a range of other vulnerabilities, including 30 remote code execution flaws and 27 elevation of privilege issues. Notably, CVE-2024-49070, a remote code execution vulnerability in Microsoft SharePoint, was also patched, alongside critical flaws in Microsoft Message Queuing and Remote Desktop Services.

Cybersecurity experts emphasize the urgency of these updates, especially with ransomware operators increasingly targeting elevation of privilege vulnerabilities. Satnam Narang, a Senior Staff Research Engineer at Tenable, noted that the exploitation of CLFS vulnerabilities has become a common tactic for attackers seeking to infiltrate networks.

As 2024 draws to a close, Microsoft’s proactive approach to security highlights the ongoing battle against cyber threats, underscoring the importance of timely updates for users and organizations alike. The December Patch Tuesday serves as a reminder of the ever-evolving landscape of cybersecurity and the need for vigilance in protecting sensitive data.

spot_img

Related articles

Recent articles

Dutch Police Investigate Vishing Call as Key Lead in Odido Cyberattack Exposing 6.39 Million Customers

Dutch Police Investigate Vishing Call as Key Lead in Odido Cyberattack Exposing 6.39 Million Customers The recent cyberattack on Odido, a major Dutch telecom provider,...

Cybersecurity Researchers Uncover “Ghostcommit”: A New Image-Based Attack Manipulating AI to Steal Sensitive Data

Cybersecurity Researchers Uncover "Ghostcommit": A New Image-Based Attack Manipulating AI to Steal Sensitive Data Cybersecurity researchers have identified a sophisticated supply chain attack technique dubbed...

Irvinder Singh Lail Appointed to Strengthen J.S. Held’s Global Capability Leadership

Irvinder Singh Lail Appointed to Strengthen J.S. Held's Global Capability Leadership In a significant move for the global consulting landscape, J.S. Held has appointed Irvinder...

From 17,000 to 1.1 Million Assets: Lumen Technologies Strengthens Exposure Management Through Comprehensive Data Reconciliation

From 17,000 to 1.1 Million Assets: Lumen Technologies Strengthens Exposure Management Through Comprehensive Data Reconciliation In a landscape where cybersecurity threats are increasingly sophisticated, accurate...