Microsoft Windows 11 and Windows 10 Updated With Fix for Actively Exploited Zero-Day Vulnerability


Microsoft has rolled out its latest security updates as part of the December 2024 Patch Tuesday release, and users with Windows laptops and desktop computers should update their systems as soon as possible. According to the company’s release notes, the latest security updates fix a publicly disclosed, actively exploited zero-day vulnerability. It also includes fixes for 30 remote code execution vulnerabilities — of these, 16 are designated as critical — and 41 other security flaws related to operating system components.

Microsoft Fixes Zero-Day Vulnerability Discovered by Crowdstrike

The security updates rolled out by Microsoft on Tuesday (via BleepingComputer) include a fix for CVE-2024-49138 (Windows Common Log File System Driver Elevation of Privilege Vulnerability), which is a publicly disclosed zero-day vulnerability that was actively exploited, according to the company.

The flaw allowed attackers to gain access to system-level privileges on an affected Windows PC, and was discovered by Crowdstrike’s Advanced Research Team. Details on how the flaw was exploited were not provided by Microsoft, presumably to ensure that users have enough time to install the latest security updates.

In addition to the fixes for the actively exploited zero-day vulnerability, Microsoft has also patched a total of 71 flaws affecting various Windows components. This includes 30 remote code execution vulnerabilities, out of which 16 have a ‘Critical’ severity rating, and 27 vulnerabilities that would enable attackers to gain elevated privileges on an unpatched Windows PC.

The latest security updates for Windows also include patches for flaws in third party products. Vendors like Adobe, Cisco, OpenWrt, and SAP have issued security updates, while the US Cybersecurity and Infrastructure Security Agency (CISA) has published advisories on vulnerabilities in industrial control systems from various companies.

Users with Windows 11 PCs will need to install the KB5048667 (24H2) and KB5048685 (23H2) cumulative updates, which contain the December 2024 security updates. Users with older machines that are running Windows 10 will need to install the KB5048652 (22H2) update.



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *