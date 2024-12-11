Microsoft December 2024 Patch Tuesday Fixes 1 Exploited Zero-Day, 71 Flaws

11/12/2024
Mahak Aggarwal
2 Min Read
Add Comment
Microsoft December 2024 Patch Tuesday Fixes 1 Exploited Zero-Day, 71 Flaws
Microsoft's December 2024 Patch Tuesday addresses 71 flaws, including 1 actively exploited zero-day and 16 critical remote code execution vulnerabilities.   

Microsoft’s December 2024 Patch Tuesday has arrived, bringing with it a wave of security updates to address 71 vulnerabilities. Among these are fixes for one actively exploited zero-day vulnerability and a total of sixteen critical vulnerabilities, all of which are classified as remote code execution flaws.

Vulnerability Breakdown

The 71 vulnerabilities patched this month span various categories, including:

  • Elevation of Privilege Vulnerabilities: 27
  • Remote Code Execution Vulnerabilities: 30
  • Information Disclosure Vulnerabilities: 7
  • Denial of Service Vulnerabilities: 5
  • Spoofing Vulnerabilities: 1

This count excludes two Edge flaws addressed earlier in December.

Actively Exploited Zero-Day Vulnerability

Of particular concern was an actively exploited zero-day vulnerability, a flaw that is publicly disclosed or actively exploited before an official fix is available. This month’s Patch Tuesday addresses one such vulnerability:

  • CVE-2024-49138: Windows Common Log File System Driver Elevation of Privilege Vulnerability

This vulnerability allows attackers to gain SYSTEM privileges on Windows devices. While the specifics of its exploitation remain undisclosed, it’s worth noting that the flaw was discovered by the Advanced Research Team with CrowdStrike.

Recent Updates from Other Companies

Microsoft isn’t alone in its efforts to bolster security. Other vendors have also released updates and advisories this month, including:

  • Adobe: Security updates for various products, including Photoshop, Commerce, Illustrator, InDesign, After Effects, Bridge, and more.
  • CISA: Advisories on industrial control system vulnerabilities in MOBATIME, Schneider Electric, National Instruments, Horner Automation, Rockwell Automation, and Ruijie.
  • Cleo: Addressed an actively exploited zero-day in its security file transfer product, which was used in data theft attacks.
  • Cisco: Released security updates for multiple products, including Cisco NX-OS and Cisco ASA.
  • IO-Data: Patched zero-day router flaws that were exploited to take over devices.
  • 0patch: Issued an unofficial patch for a Windows zero-day vulnerability that allowed attackers to capture NTLM credentials.
  • OpenWrt: Released security updates for a Sysupgrade flaw that allowed attackers to distribute malicious firmware images.
  • SAP: Released security updates for multiple products as part of its December Patch Day.
  • Veeam: Released security updates for a critical RCE bug in Service Provider Console.
FacebookXLinkedInWhatsAppRedditPinterest

About the author

View All Posts
Avatar photo

Mahak Aggarwal

With a BA in Mass Communication from Symbiosis, Pune, and 5 years of experience, Mahak brings compelling tech stories to life. Her engaging style has won her the 'Rising Star in Tech Journalism' award at a recent media conclave. Her in-depth research and engaging writing style make her pieces both informative and captivating, providing readers with valuable insights.

Add Comment

Click here to post a comment

Follow Us on Social Media

Web Stories

Best Mobile Phones under Rs 25,000 in December 2024: Nothing Phone 2(a), OnePlus Nord CE 4 Lite & More!
Best Mobile Phones under Rs 25,000 in December 2024: Nothing Phone 2(a), OnePlus Nord CE 4 Lite & More!
Xiaomi launched Redmi Note 14 series in India with Redmi Buds 6, a new outdoor speaker.
Xiaomi launched Redmi Note 14 series in India with Redmi Buds 6, a new outdoor speaker.
Top Smartphone Picks Under ₹15,000 in December 2024: Samsung Galaxy F15 5G, Vivo T3x and More!
Top Smartphone Picks Under ₹15,000 in December 2024: Samsung Galaxy F15 5G, Vivo T3x and More!
6 Best Smartphones Under Rs 40,000 in December 2024: OnePlus 12R, Samsung A55 & More!
6 Best Smartphones Under Rs 40,000 in December 2024: OnePlus 12R, Samsung A55 & More!
Flagship Android Smartphones Powered by Snapdragon 8 Elite: realme GT 7 Pro, iQOO 13 & More!
Flagship Android Smartphones Powered by Snapdragon 8 Elite: realme GT 7 Pro, iQOO 13 & More!
Best phones under ₹20,000 in December 2024: realme P1 Speed, OnePlus Nord CE 4 Lite& More!
Best phones under ₹20,000 in December 2024: realme P1 Speed, OnePlus Nord CE 4 Lite& More!
View all stories
Best Mobile Phones under Rs 25,000 in December 2024: Nothing Phone 2(a), OnePlus Nord CE 4 Lite & More! Xiaomi launched Redmi Note 14 series in India with Redmi Buds 6, a new outdoor speaker. Top Smartphone Picks Under ₹15,000 in December 2024: Samsung Galaxy F15 5G, Vivo T3x and More! 6 Best Smartphones Under Rs 40,000 in December 2024: OnePlus 12R, Samsung A55 & More! Flagship Android Smartphones Powered by Snapdragon 8 Elite: realme GT 7 Pro, iQOO 13 & More! Best phones under ₹20,000 in December 2024: realme P1 Speed, OnePlus Nord CE 4 Lite& More!