Microsoft has released updates to fix at least 70 security holes in Windows and related software, including a zero-day vulnerability that is already being exploited by attackers. The vulnerability, CVE-2024-49138, affects the Windows Common Log File System (CLFS) driver and allows an authenticated attacker to gain system-level privileges.
The issue is not new, with Rapid7 noting a series of similar zero-day elevation of privilege flaws in CLFS over the past few years. Security experts warn that this vulnerability could be exploited by ransomware authors who have previously targeted similar weaknesses.
In addition to the CLFS driver vulnerability, Microsoft has also patched a remote code execution flaw in the Lightweight Directory Access Protocol (LDAP) service on every version of Windows since Windows 7. The CVSS score for this vulnerability is 9.8 out of 10, indicating it’s highly critical.
To stay safe, users are advised to run Windows Update as soon as possible, especially if they haven’t enabled automatic updates. System administrators should also keep an eye on AskWoody.com for any issues with the patches.
Source: https://krebsonsecurity.com/2024/12/patch-tuesday-december-2024-edition