Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
  • AI
  • Tech
  • Cybersecurity
  • Finance
  • DeFi & Blockchain
  • Startups
  • Gaming
Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
Dataconomy
No Result
View All Result

Critical Windows vulnerabilities patched: Update before it’s too late

The software giant reported that at least 25 vulnerabilities in CLFS have been documented over the last five years

byKerem Gülen
December 11, 2024
in Cybersecurity, News
Home News Cybersecurity

Microsoft on December 10, 2024, released patches addressing over 70 security flaws, including an actively exploited zero-day vulnerability in the Windows Common Log File System (CLFS). The patches aim to enhance security across various components of its operating system amid rising cyber threats.

Microsoft releases patches for over 70 security flaws, including zero-day vulnerability

The zero-day vulnerability, identified as CVE-2024-49138, has a CVSS severity score of 7.8 out of 10. Discovered by CrowdStrike, it allows attackers to escalate their privileges to SYSTEM through a heap-based buffer overflow, requiring minimal privileges and zero user interaction for exploitation. Microsoft, however, did not provide indicators of compromise or telemetry to aid in identifying affected systems.

The software giant reported that at least 25 vulnerabilities in CLFS have been documented over the last five years. Earlier this year, Microsoft announced plans to bolster security for the CLFS with Hash-based Message Authentication Codes (HMAC) to protect against unauthorized changes to log files, a target for advanced persistent threats (APTs) and ransomware exploits.

Stay Ahead of the Curve!

Don't miss out on the latest insights, trends, and analysis in the world of data, technology, and startups. Subscribe to our newsletter and get exclusive content delivered straight to your inbox.

Among the December patches, Microsoft also highlighted crucial fixes related to the HTTP/2 Rapid Reset Attack, tagged as CVE-2023-44487, which had been exploited in widespread denial-of-service campaigns. Originally patched in October 2024, users are urged to install the available updates to secure their systems.

The update addressed at least 16 critical-severity vulnerabilities across various Windows components. Particularly, Microsoft has recommended immediate action on the Windows LDAP remote code execution vulnerability (CVE-2024-49112), which poses a critical risk with a CVSS score of 9.8. This vulnerability allows unauthenticated attackers to execute arbitrary code through specially crafted LDAP calls. Microsoft advises temporarily disconnecting Domain Controllers from the internet as a mitigation strategy.

Other significant vulnerabilities in the December release include guest-to-host remote code execution flaws in Windows Hyper-V and critical RCE vulnerabilities affecting Windows Remote Desktop Services. Additionally, two major issues in the Microsoft Message Queuing (MSMQ) service and a critical RCE flaw in the Microsoft/Muzic AI project were addressed.

According to Zero Day Initiative (ZDI), Microsoft has issued patches for a total of 1,020 vulnerabilities in 2024 to date, with 27 of those documented as zero-day attacks targeting Microsoft’s Windows ecosystem this year.

The security landscape remains tense, with ongoing investigations into various vulnerabilities, including the Centralized Logging feature. As the situation develops, the urgency for users to stay updated with Microsoft’s patches is underscored by the ongoing exploitation of several flaws in the wild.

Patching vulnerable Windows components

The December 2024 Patch Tuesday event signifies a critical effort by Microsoft to address numerous vulnerabilities that may leave systems exposed. Notably, the series of updates includes fixes for various Windows services and applications that are heavily utilized across organizations.

The patches tackled security flaws in applications such as Microsoft Office and Microsoft Edge, alongside core OS vulnerabilities. For instance, CVE-2024-49063 involves a remote code execution vulnerability in the Microsoft/Muzic platform and CVE-2024-49057 affects Microsoft Defender for Endpoint on Android.

Other notable vulnerabilities include multiple flaws linked to the Windows Lightweight Directory Access Protocol (CVE-2024-49112, CVE-2024-49121, CVE-2024-49124), each carrying critical severity ratings. These vulnerabilities allow potential remote code execution or denial-of-service scenarios that could severely affect network operations.

Additionally, various components like Windows Mobile Broadband and PrintWorkflowUserSvc also faced vulnerabilities fixed in this batch of updates, emphasizing the extensive range of issues Microsoft must continuously monitor and patch.


Featured image credit: Microsoft 365/Unsplash

Tags: Microsoft

Related Posts

Isotopes AI emerges from stealth with  million seed funding for Aidnn

Isotopes AI emerges from stealth with $20 million seed funding for Aidnn

September 8, 2025
Alex Xcode AI tool team joins OpenAI Codex division

Alex Xcode AI tool team joins OpenAI Codex division

September 8, 2025
Criminals are Grokking their way into your devices

Criminals are Grokking their way into your devices

September 8, 2025
Uc San Diego study questions phishing training impact

Uc San Diego study questions phishing training impact

September 8, 2025
Alibaba releases Qwen-3-Max-Preview, its largest AI model yet

Alibaba releases Qwen-3-Max-Preview, its largest AI model yet

September 8, 2025
Jeff Dean explains AI’s impact on jobs and innovation at Singapore

Jeff Dean explains AI’s impact on jobs and innovation at Singapore

September 8, 2025

LATEST NEWS

Isotopes AI emerges from stealth with $20 million seed funding for Aidnn

Alex Xcode AI tool team joins OpenAI Codex division

Criminals are Grokking their way into your devices

Uc San Diego study questions phishing training impact

Alibaba releases Qwen-3-Max-Preview, its largest AI model yet

Jeff Dean explains AI’s impact on jobs and innovation at Singapore

Dataconomy

COPYRIGHT © DATACONOMY MEDIA GMBH, ALL RIGHTS RESERVED.

  • About
  • Imprint
  • Contact
  • Legal & Privacy

Follow Us

  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
No Result
View All Result
Subscribe

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.