Patch Tuesday, December 2024 Edition – Krebs on Security

Microsoft Updates released today to plug at least 70 security holes Windows and Windows software, including a vulnerability that has been exploited in active attacks.

Zero-day observation utilization involves CVE-2024-49138a security weakness Windows Universal Logging File System (CLFS) driver – used by applications to write transaction logs – could allow an authenticated attacker to gain “system” level privileges on a vulnerable Windows device.

security company Quick 7 pointed out that there have been a series of zero-day privilege escalation vulnerabilities in CLFS over the past few years.

“Ransomware authors who have abused previous CLFS vulnerabilities will be very happy to have access to new vulnerabilities,” wrote Adam BarnettChief Software Engineer at Rapid7. “It is expected that more CLFS zero-day vulnerabilities will emerge in the future, at least until Microsoft fully replaces the aging CLFS code base rather than providing on-site fixes for specific flaws.”

According to year-end statistics, privilege escalation vulnerabilities account for 29% of the 1,009 security vulnerabilities Microsoft has fixed so far in 2024 tenable;Nearly 40% of these errors were vulnerabilities that could allow an attacker to execute malicious code on a vulnerable device.

Rob ReevesChief Safety Engineer Immersive Labcall for special attention CVE-2024-49112remote code execution defects lightweight directory access protocol (LDAP) service All Windows versions since Windows 7. CVE-2024-49112 has a CVSS (Bad) score of 9.8 out of 10.

“LDAP is most commonly found on domain controller servers in Windows networks. LDAP must be exposed to other servers and clients in the enterprise environment for the domain to function properly,” Reeves said. “Microsoft has not yet released specific information about the vulnerability, but said the attack is of low complexity and does not require authentication.”

Tyler Reguli At the security company fotra Microsoft’s 2024 patch tally is slightly different at 1,088 vulnerabilities, which he said is strikingly similar to the 1,063 vulnerabilities addressed in 2023 and the 1,119 vulnerabilities addressed in 2022.

“If nothing else, we can say that Microsoft is consistent,” Reguli said. “While it’s nice to see the number of vulnerabilities decreasing year over year, at least the consistency gives us an idea of ​​what to expect.”

If you are a Windows end user and your system is not set up to automatically install updates, please take a moment this week to perform Windows Updates, preferably after backing up your system and/or important data.

System administrators should be concerned AskWoody.comwhich usually contains details on whether any Patch Tuesday fixes caused issues. In the meantime, if you encounter any issues applying this month’s fixes, drop a note in the comments below.