Microsoft holds last Patch of the Year with 72 Gifts for Admins.
Microsoft resolved 72 vulnerabilities in a variety of its products, including a zero-day [CVE-2024-49138 (CVSS score: 7.8)] that’s been exploited by attackers in the wild to execute code with higher privileges, and 16 critical vulnerabilities (all of which are remote code execution flaws).
https://msrc.microsoft.com/update-guide/releaseNote/2024-Dec
#microsoft #windows #update #it #security #privacy #engineer #media #tech #news![It's worth noting that CVE-2024-49138 is the fifth actively exploited CLFS privilege escalation flaw since 2022 after CVE-2022-24521, CVE-2022-37969, CVE-2023-23376 and CVE-2023-28252 (CVSS scores: 7.8). It's also the ninth vulnerability in the same component to be patched this year.
The fact that CLFS has become an attractive attack pathway for malicious actors has not gone unnoticed by Microsoft, which said it's working to add a new verification step when parsing such log files.
The number of fixed bugs in each vulnerability category is listed below:
• 27 Elevation of Privilege Vulnerabilities
• 30 Remote Code Execution Vulnerabilities
• 7 Information Disclosure Vulnerabilities
• 5 Denial of Service Vulnerabilities
• 1 Spoofing Vulnerabilities
[This count does not include two Edge flaws that were previously fixed on December 5 and 6th.]](https://friendica-leipzig.de/photo/preview/1024/351820 "It's worth noting that CVE-2024-49138 is the fifth actively exploited CLFS privilege escalation flaw since 2022 after CVE-2022-24521, CVE-2022-37969, CVE-2023-23376 and CVE-2023-28252 (CVSS scores: 7.8). It's also the ninth vulnerability in the same component to be patched this year.
The fact that CLFS has become an attractive attack pathway for malicious actors has not gone unnoticed by Microsoft, which said it's working to add a new verification step when parsing such log files.
The number of fixed bugs in each vulnerability category is listed below:
• 27 Elevation of Privilege Vulnerabilities
• 30 Remote Code Execution Vulnerabilities
• 7 Information Disclosure Vulnerabilities
• 5 Denial of Service Vulnerabilities
• 1 Spoofing Vulnerabilities
[This count does not include two Edge flaws that were previously fixed on December 5 and 6th.]")
Microsoft resolved 72 vulnerabilities in a variety of its products, including a zero-day [CVE-2024-49138 (CVSS score: 7.8)] that’s been exploited by attackers in the wild to execute code with higher privileges, and 16 critical vulnerabilities (all of which are remote code execution flaws).
https://msrc.microsoft.com/update-guide/releaseNote/2024-Dec
#microsoft #windows #update #it #security #privacy #engineer #media #tech #news
![It's worth noting that CVE-2024-49138 is the fifth actively exploited CLFS privilege escalation flaw since 2022 after CVE-2022-24521, CVE-2022-37969, CVE-2023-23376 and CVE-2023-28252 (CVSS scores: 7.8). It's also the ninth vulnerability in the same component to be patched this year.
The fact that CLFS has become an attractive attack pathway for malicious actors has not gone unnoticed by Microsoft, which said it's working to add a new verification step when parsing such log files.
The number of fixed bugs in each vulnerability category is listed below:
• 27 Elevation of Privilege Vulnerabilities
• 30 Remote Code Execution Vulnerabilities
• 7 Information Disclosure Vulnerabilities
• 5 Denial of Service Vulnerabilities
• 1 Spoofing Vulnerabilities
[This count does not include two Edge flaws that were previously fixed on December 5 and 6th.]](https://nerdculture.de/system/media_attachments/files/113/640/128/668/633/453/original/c83f6fda716e363d.jpeg "It's worth noting that CVE-2024-49138 is the fifth actively exploited CLFS privilege escalation flaw since 2022 after CVE-2022-24521, CVE-2022-37969, CVE-2023-23376 and CVE-2023-28252 (CVSS scores: 7.8). It's also the ninth vulnerability in the same component to be patched this year.
The fact that CLFS has become an attractive attack pathway for malicious actors has not gone unnoticed by Microsoft, which said it's working to add a new verification step when parsing such log files.
The number of fixed bugs in each vulnerability category is listed below:
• 27 Elevation of Privilege Vulnerabilities
• 30 Remote Code Execution Vulnerabilities
• 7 Information Disclosure Vulnerabilities
• 5 Denial of Service Vulnerabilities
• 1 Spoofing Vulnerabilities
[This count does not include two Edge flaws that were previously fixed on December 5 and 6th.]")
