Critical Security Alert: Microsoft Patches Actively Exploited Zero-Day Among 71 Dangerous Flaws

Critical Security Alert: Microsoft Patches Actively Exploited Zero-Day Among 71 Dangerous Flaws

Microsoft December 2024 Patch Tuesday Security Update Overview

Microsoft has released its December 2024 Patch Tuesday, addressing 71 security vulnerabilities, including a critical zero-day flaw. The update encompasses:

Vulnerability Breakdown:
– 30 Remote Code Execution Vulnerabilities
– 27 Elevation of Privilege Vulnerabilities
– 7 Information Disclosure Vulnerabilities
– 5 Denial of Service Vulnerabilities
– 1 Spoofing Vulnerability

Critical Zero-Day Vulnerability:
The most significant fix addresses CVE-2024-49138, a Windows Common Log File System Driver Elevation of Privilege Vulnerability that was being actively exploited. This flaw allowed attackers to gain SYSTEM privileges on Windows devices. The vulnerability was discovered by CrowdStrike’s Advanced Research Team.

Notable Updates from Other Vendors:
– Adobe: Security updates for Photoshop, Commerce, Illustrator, and other products
– CISA: Advisories for industrial control system vulnerabilities
– Cisco: Security updates for NX-OS and ASA products
– SAP: Multiple product security updates
– Veeam: Critical RCE bug fix in Service Provider Console

Key Areas Addressed:
– Windows Remote Desktop Services
– Microsoft Office applications
– Windows LDAP
– Windows Message Queuing
– Windows Kernel and drivers
– SharePoint and other Microsoft services

The update includes sixteen critical vulnerabilities, primarily focusing on remote code execution flaws. Users are advised to apply these security updates promptly to maintain system security.

Share This Article