Microsoft has rolled out its newest safety updates as a part of the December 2024 Patch Tuesday launch, and customers with Home windows laptops and desktop computer systems ought to replace their programs as quickly as doable. In response to the corporate’s launch notes, the newest safety updates repair a publicly disclosed, actively exploited zero-day vulnerability. It additionally contains fixes for 30 distant code execution vulnerabilities — of those, 16 are designated as crucial — and 41 different safety flaws associated to working system elements.
Microsoft Fixes Zero-Day Vulnerability Found by Crowdstrike
The safety updates rolled out by Microsoft on Tuesday (via BleepingComputer) embrace a repair for CVE-2024-49138 (Home windows Frequent Log File System Driver Elevation of Privilege Vulnerability), which is a publicly disclosed zero-day vulnerability that was actively exploited, in line with the corporate.
The flaw allowed attackers to achieve entry to system-level privileges on an affected Windows PC, and was found by Crowdstrike’s Superior Analysis Workforce. Particulars on how the flaw was exploited weren’t offered by Microsoft, presumably to make sure that customers have sufficient time to put in the newest safety updates.
Along with the fixes for the actively exploited zero-day vulnerability, Microsoft has additionally patched a complete of 71 flaws affecting varied Home windows elements. This contains 30 distant code execution vulnerabilities, out of which 16 have a ‘Essential’ severity score, and 27 vulnerabilities that will allow attackers to achieve elevated privileges on an unpatched Home windows PC.
The most recent safety updates for Home windows additionally embrace patches for flaws in third social gathering merchandise. Distributors like Adobe, Cisco, OpenWrt, and SAP have issued safety updates, whereas the US Cybersecurity and Infrastructure Safety Company (CISA) has printed advisories on vulnerabilities in industrial management programs from varied corporations.
Customers with Windows 11 PCs might want to set up the KB5048667 (24H2) and KB5048685 (23H2) cumulative updates, which comprise the December 2024 safety updates. Customers with older machines which are working Windows 10 might want to set up the KB5048652 (22H2) replace.
About The Author
