Redmond, December 11, 2024 –Microsoft closes 2024 with patches for 72 flaws, including an actively exploited zero-day in CLFS. Updates tighten security against ransomware and privilege escalation.
In a critical move for cybersecurity, Microsoft has rolled out its final Patch Tuesday update of 2024, addressing 72 vulnerabilities across its ecosystem. Among these, a zero-day flaw actively exploited in the wild has taken center stage, raising alarm among users and security experts alike.
The zero-day vulnerability, CVE-2024-49138, is a privilege escalation flaw in the Windows Common Log File System (CLFS) driver. Rated at 7.8 on the CVSS scale, it could allow attackers to gain SYSTEM privileges, posing severe risks to users.
Satnam Narang, a senior researcher at Tenable explained:
This vulnerability highlights how attackers are exploiting CLFS flaws for rapid network penetration.
This is not an isolated incident. Since 2022, Microsoft has patched five actively exploited vulnerabilities in the CLFS driver. The ongoing focus on this component underscores its appeal to ransomware operators, who use such flaws for “smash-and-grab” attacks.
Microsoft’s update also tackles high-severity issues like CVE-2024-49112, a remote code execution flaw in Windows Lightweight Directory Access Protocol (LDAP), rated at a staggering 9.8. Experts warn that this flaw could allow unauthenticated attackers to execute arbitrary code.
In response to rising threats, Microsoft is reinforcing security measures, including deprecating the legacy NTLM authentication protocol and enabling Extended Protection for Authentication (EPA) by default.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-49138 to its Known Exploited Vulnerabilities catalog, mandating federal agencies to patch affected systems by December 31.
Other News At VPNRanks
Hey, wait!
Stay informed on the latest privacy updates, cybersecurity insights, and internet freedom news by following VPNRanks news daily! As your primary resource for critical updates in online security, we ensure you’re always in the know. Make VPNRanks your go-to guide for safeguarding your digital life!
