- Microsoft releases final Patch Tuesday update for 2024
- It addresses 71 flaws, including one actively exploited zero-day vulnerability
- Experts say such flaws are often used in ransomware attacks
Microsoft The December Patch Tuesday cumulative update has been released, which includes a fix for a concerning zero-day vulnerability that was actively exploited in the wild.
The bug is described as a stack-based buffer overflow vulnerability in the Windows Universal Journaling File System driver. It is tracked as CVE-2024-49138 and can apparently be used to completely take over a vulnerable system.
U.S. agencies have also sounded the alarm about the flaw. The Cybersecurity and Infrastructure Security Agency (CISA) added it to its catalog of known exploitable vulnerabilities (KEV), describing it as a bug that “poses a significant risk” and urging users to apply the fix immediately.
Abused by ransomware
There is evidence that hackers exploited this CVE in attacks, but we don’t know how, so whether it is used in ransomware is just speculation at this time.
While undoubtedly dangerous, this stack-based buffer overflow bug isn’t the only one patched this time. Microsoft fixed a total of 71 vulnerabilities, 16 of which are considered critical because they allow threat actors to remotely execute arbitrary code.
Microsoft has fixed a total of 27 privilege escalation vulnerabilities, 30 RCE vulnerabilities, 7 information leakage vulnerabilities, 5 denial of service vulnerabilities, and 1 spoofing vulnerability. In addition to these flaws, Microsoft also fixed two Edge vulnerabilities on December 5 and 6. Computer beeps Report. The full list of patched defects can be found at here.
through Computer beeps