Summary:
As part of the December Patch Tuesday, Microsoft addressed 71 flaws, including a zero-day vulnerability which is actively being exploited in attacks in the wild. Of the 71 flaws, there were 27 elevation of privilege vulnerabilities, 30 remote code execution vulnerabilities, 7 information disclosure vulnerabilities, 5 denial of service vulnerabilities, and 1 spoofing vulnerabilities. 16 of the vulnerabilities have been rated critical in severity, all of which can lead to remote code execution.

In addition to Microsoft, several other vendors have released updates in December 2024:

• Adobe released security updates for numerous products, including Photoshop, Commerce, Illustrator, InDesign, After Effects, Bridge, and more.
• CISA released advisories on industrial control system vulnerabilities in MOBATIME, Schneider Electric, National Instruments, Horner Automation, Rockwell Automation, and Ruijie.
• Cleo security file transfer is impacted by an actively exploited zero-day used in data theft attacks.
• Cisco releases security updates for multiple products, including Cisco NX-OS and Cisco ASA.
• IO-Data zero-day router flaws exploited in attacks to take over devices.
• 0patch released an unofficial patch for a Windows zero-day vulnerability that allows attackers to capture NTLM credentials.
• OpenWrt releases security updates for a Sysupgrade flaw that allowed attackers to distribute malicious firmware images.
• SAP releases security updates for multiple products as part of December Patch Day.
• Veeam released security updates for a critical RCE bug in Service Provider Console.

Security Officer Comments:
The actively exploited zero-day vulnerability, tracked as CVE-2024-49138, was identified by CrowdStrike's advanced research team. This flaw pertains to an elevation of privilege vulnerability within the Windows Common Log File System (CLFS) driver, which could potentially allow attackers to gain elevated system privileges on affected Windows devices. Notably, this vulnerability does not require user interaction and can be exploited in low-complexity attacks. Although Microsoft has confirmed that CVE-2024-49138 is being actively exploited in the wild, specific details about these ongoing intrusions have not yet been disclosed.

Suggested Corrections:
Organizations should review the list of vulnerabilities resolved and apply the relevant patches as needed. To access the full list of vulnerabilities addressed, please use the link down below:
https://www.bleepingcomputer.com/mi...ts/Microsoft-Patch-Tuesday-December-2024.html

Link(s):
https://www.bleepingcomputer.com/ne...-tuesday-fixes-1-exploited-zero-day-71-flaws/