Patch Tuesday: Microsoft Patches One Actively Exploited Vulnerability, Among Others
techrepublic.comDecember marked a quiet month with 70 vulnerabilities patched, plus updates from outside of Microsoft.
December brought a relatively mild Patch Tuesday, with one vulnerability having been actively exploited. Of all 70 vulnerabilities fixed, 16 were classified as critical.
“This year, cybersecurity professionals must be on Santa’s nice list, or, at the very least, Microsoft’s,” Tyler Reguly, associate director of security R&D at cybersecurity software and services company Fortra, told TechRepublic in an email.
Microsoft patches leaky CLFS
CVE-2024-49138 is an elevation of privilege vulnerability in the Windows Common Log File System (CLFS) driver. The driver is a key element of Windows used to write transaction logs. Misuse of the driver, specifically through improper bounds checking, could let an attacker gain SYSTEM privileges. From there, they could steal data or install backdoors.
“Given that CLFS is a standard component across multiple versions of Windows, including server and client ...
Copyright of this story solely belongs to techrepublic.com . To see the full text click HERE