contact@domain.com
1, My Address, My Street, New York City, NY, USA
My Blog

ENVIRONMENTAL PROTECTION MANAGEMENT

Patch Tuesday: Microsoft Addresses Actively Exploited Vulnerability Alongside Other Key Updates
Home » Uncategorized  »  Patch Tuesday: Microsoft Addresses Actively Exploited Vulnerability Alongside Other Key Updates
Patch Tuesday: Microsoft Addresses Actively Exploited Vulnerability Alongside Other Key Updates
December 12, 2024
6:22 pm

December's Patch Tuesday Update: Critical Microsoft Vulnerabilities Addressed

In December, Microsoft released a security update addressing 70 vulnerabilities, including one that had already been actively exploited. Among these, 16 were deemed critical. According to Tyler Reguly, a security expert at Fortra, the updates highlight the continuing challenges faced by cybersecurity professionals.

Key Vulnerabilities Patched

One standout vulnerability, identified as CVE-2024-49138, pertains to the Windows Common Log File System (CLFS) driver. This elevation of privilege flaw could allow attackers to gain SYSTEM privileges, thereby enabling them to steal sensitive data or install backdoors on affected systems. Given its widespread impact across various Windows installations, addressing this vulnerability should be prioritized.

Mike Walters, the president and co-founder of Action1, pointed out that while Microsoft has made strides in addressing CLFS vulnerabilities over the past year, the urgency remains high, particularly because this particular vulnerability has already been exploited.

Cybersecurity Image

Remote Code Execution Risks

Another critical vulnerability this month was CVE-2024-49112, which posed a risk of remote code execution within the Windows Lightweight Directory Access Protocol (LDAP) service, scoring 9.8 on the CVSS severity scale. This vulnerability places domain controllers at significant risk, emphasizing the need for strict security measures, particularly regarding internet access for these systems.

Companies are urged to follow best practices for security hygiene, ensuring domain controllers are not exposed to the internet and taking precautions to secure Remote Desktop Protocol (RDP) services.

Additional Security Updates

In addition to Microsoft's patches, other technology firms released their security updates in coordination with the December Patch Tuesday. Highlights include:

  • Security patches for vulnerabilities in Google Chrome and Mozilla Firefox.
  • Updates for over 100 Cisco devices running on NX-OS.
  • Fixes for several local privilege escalation vulnerabilities in various Linux distributions.
  • Critical updates for two zero-day vulnerabilities affecting Macs with Intel processors.

For a complete overview of the December updates, you can consult the official Microsoft Support page.

The vigilance displayed by both Microsoft and other tech companies serves to reinforce the importance of security updates in maintaining the health of IT infrastructure as we navigate an increasingly complex digital landscape.



Original source

3D Printing Canada/USA - Igniting innovation with superior 3D printers and exceptional service. Experience creativity unleashed with our dedicated support. Trust your visions to our expert team. At 3DPC, we bring your ideas to life!
Category : Uncategorized

Leave a Reply

Your email address will not be published. Required fields are marked *