Microsoft has released its December 2024 Patch Tuesday, addressing 71 security vulnerabilities, including a critical zero-day flaw. The update encompasses:
Vulnerability Breakdown:
– 30 Remote Code Execution Vulnerabilities
– 27 Elevation of Privilege Vulnerabilities
– 7 Information Disclosure Vulnerabilities
– 5 Denial of Service Vulnerabilities
– 1 Spoofing Vulnerability
Critical Zero-Day Vulnerability:
The most significant fix addresses CVE-2024-49138, a Windows Common Log File System Driver Elevation of Privilege Vulnerability that was being actively exploited. This flaw allowed attackers to gain SYSTEM privileges on Windows devices. The vulnerability was discovered by CrowdStrike’s Advanced Research Team.
Notable Updates from Other Vendors:
– Adobe: Security updates for Photoshop, Commerce, Illustrator, and other products
– CISA: Advisories for industrial control system vulnerabilities
– Cisco: Security updates for NX-OS and ASA products
– SAP: Multiple product security updates
– Veeam: Critical RCE bug fix in Service Provider Console
Key Areas Addressed:
– Windows Remote Desktop Services
– Microsoft Office applications
– Windows LDAP
– Windows Message Queuing
– Windows Kernel and drivers
– SharePoint and other Microsoft services
The update includes sixteen critical vulnerabilities, primarily focusing on remote code execution flaws. Users are advised to apply these security updates promptly to maintain system security.