Microsoft Fixes Zero-Day Vulnerability Discovered by Crowdstrike
The safety updates rolled out by Microsoft on Tuesday (via BleepingComputer) embrace a repair for CVE-2024-49138 (Windows Common Log File System Driver Elevation of Privilege Vulnerability), which is a publicly disclosed zero-day vulnerability that was actively exploited, based on the corporate.
The flaw allowed attackers to achieve entry to system-level privileges on an affected Windows PC, and was found by Crowdstrike’s Advanced Research Team. Details on how the flaw was exploited weren’t offered by Microsoft, presumably to make sure that customers have sufficient time to put in the most recent safety updates.
In addition to the fixes for the actively exploited zero-day vulnerability, Microsoft has additionally patched a complete of 71 flaws affecting varied Windows elements. This consists of 30 distant code execution vulnerabilities, out of which 16 have a ‘Critical’ severity ranking, and 27 vulnerabilities that might allow attackers to achieve elevated privileges on an unpatched Windows PC.
The newest safety updates for Windows additionally embrace patches for flaws in third celebration merchandise. Vendors like Adobe, Cisco, OpenWrt, and SAP have issued safety updates, whereas the US Cybersecurity and Infrastructure Security Agency (CISA) has revealed advisories on vulnerabilities in industrial management techniques from varied firms.
Users with Windows 11 PCs might want to set up the KB5048667 (24H2) and KB5048685 (23H2) cumulative updates, which comprise the December 2024 safety updates. Users with older machines which are working Windows 10 might want to set up the KB5048652 (22H2) replace.
