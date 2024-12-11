Microsoft's December 2024 Patch Tuesday addresses 71 flaws, including 1 actively exploited zero-day and 16 critical remote code execution vulnerabilities.

Microsoft’s December 2024 Patch Tuesday has arrived, bringing with it a wave of security updates to address 71 vulnerabilities. Among these are fixes for one actively exploited zero-day vulnerability and a total of sixteen critical vulnerabilities, all of which are classified as remote code execution flaws.

Vulnerability Breakdown

The 71 vulnerabilities patched this month span various categories, including:

Elevation of Privilege Vulnerabilities: 27

Remote Code Execution Vulnerabilities: 30

Information Disclosure Vulnerabilities: 7

Denial of Service Vulnerabilities: 5

Spoofing Vulnerabilities: 1

This count excludes two Edge flaws addressed earlier in December.

Actively Exploited Zero-Day Vulnerability

Of particular concern was an actively exploited zero-day vulnerability, a flaw that is publicly disclosed or actively exploited before an official fix is available. This month’s Patch Tuesday addresses one such vulnerability:

CVE-2024-49138: Windows Common Log File System Driver Elevation of Privilege Vulnerability

This vulnerability allows attackers to gain SYSTEM privileges on Windows devices. While the specifics of its exploitation remain undisclosed, it’s worth noting that the flaw was discovered by the Advanced Research Team with CrowdStrike.

Recent Updates from Other Companies

Microsoft isn’t alone in its efforts to bolster security. Other vendors have also released updates and advisories this month, including: