Microsoft holds last Patch Tuesday of the year with 72 gifts for admins

Patch Tuesday Microsoft hasn't added too much coal to the stocking this Patch Tuesday, with just 72 fixes, only one of which scored more than nine on the CVSS threat ranking scale.

Of more immediate concern is one vulnerability in the list that is actively being exploited - CVE-2024-49138 - which is allowing escalation of privilege attacks on the Windows Common Log File System Driver that can lead to full system access. Windows 10 and 11 systems are vulnerable, as are Server 2019 and later builds.

The highest-rated vuln in this month's goodie bag is CVE-2024-49112, which gets a CVSS score of 9.8, but Microsoft notes it's difficult to exploit it. The problem lies with Windows Lightweight Directory Access Protocol (LDAP), which would allow an attacker to remotely execute code on Windows 10 systems and every server OS since 2008 using custom LDAP calls.

Microsoft does suggest a ...