microsoft patches 72 Vulnerabilities in Final 2024 Update,Including Actively Exploited Flaw
Microsoft has released its last Patch Tuesday update for 2024,addressing 72 security vulnerabilities across its software ecosystem. The update includes fixes for 17 critical, 54 crucial, and one moderate vulnerability, bringing the total number of vulnerabilities patched by Microsoft this year to a staggering 1,088.
This final update for the year tackles a range of issues, with 31 flaws potentially allowing attackers to execute their own code on vulnerable systems (remote code execution) and 27 enabling attackers to gain elevated privileges.
Actively Exploited Flaw Demands Immediate Attention
Of particular concern is CVE-2024-49138, a vulnerability in the Windows Common Log File System (CLFS) Driver. This flaw allows attackers to gain elevated privileges and is currently being actively exploited in the wild. Microsoft has assigned it a CVSS score of 7.8, indicating a high severity level.
Critical Flaws in Key components
Another critical vulnerability, CVE-2024-49112, affects the Windows Lightweight Directory Access Protocol and could allow for remote code execution, earning a CVSS score of 9.8.
Other high-severity flaws were also identified in Windows Hyper-V,Remote Desktop Client,and Microsoft muzic.
Microsoft Strengthens Defenses
To combat these vulnerabilities, Microsoft is implementing several security enhancements. These include bolstering CLFS security with Hash-based Message Authentication Codes for log files and phasing out the outdated NTLM authentication protocol in favor of the more secure Kerberos.
Extended Protection for Authentication will now be enabled by default to block NTLM relay attacks. These changes reflect Microsoft’s ongoing commitment to providing robust security across its products and services.
Urgent Call to Action for Users
Microsoft urges all users and administrators to apply these patches immediately to protect their systems from potential exploitation.
Microsoft Patches 72 Vulnerabilities in Final 2024 Update,Including Actively Exploited Flaw
NewsDirectory3.com – In a critical security update, Microsoft has released its final Patch Tuesday release for 2024, addressing a total of 72 vulnerabilities across its software ecosystem. This update follows a year of meaningful patching efforts, bringing the total number of vulnerabilities addressed by microsoft in 2024 to a staggering 1,088.
The final update for the year tackles a wide range of security issues, including 31 flaws possibly allowing attackers to execute their own code on vulnerable systems (remote code execution) and 27 enabling attackers to gain elevated privileges.
Urgent Patch Required: Actively Exploited Flaw
Of particular concern is CVE-2024-49138,a vulnerability in the Windows Common Log File System (CLFS) Driver. This flaw allows attackers to gain elevated privileges and is currently being actively exploited in the wild. Microsoft has assigned this exploit a CVSS score of 7.8, indicating a high severity level.
Critical Vulnerabilities in Key Components
Another critical vulnerability, CVE-2024-49112, affects the Windows Lightweight Directory Access Protocol and could allow for remote code execution, earning a CVSS score of 9.8.
Other high-severity flaws were also identified in Windows Hyper-V, Remote Desktop Client, and Microsoft muzic.
Microsoft Bolsters Defenses
To strengthen security and protect against these vulnerabilities, Microsoft has implemented several enhancements. These include bolstering CLFS security wiht Hash-based Message Authentication Codes for log files and phasing out the outdated NTLM authentication protocol in favor of the more secure Kerberos protocol.
Extended Protection for Authentication will now be enabled by default to better protect against NTLM relay attacks. These changes underscore Microsoft’s ongoing dedication to providing robust security across its products and services.
Urgent Call to Action: Patch Promptly
Microsoft strongly urges all users and administrators to apply these patches immediately to protect their systems from potential exploitation.Delaying the installation of these critical security updates could leave systems vulnerable to attacks.
