Patch Tuesday: Microsoft patches one actively exploited vulnerability, among others

December brought a relatively light Patch Tuesday, in which a vulnerability was actively exploited. Of all 70 vulnerabilities fixed, 16 were classified as critical.

“This year, cybersecurity professionals need to be on Santa’s nice list, or at least on Microsoft’s list,” Tyler Regule, associate director of security R&D at cybersecurity software and services company Fortra, told TechRepublic in an email. Needed.”

Microsoft fixes leaked CLFS

CVE-2024-49138 There is an elevation of privilege vulnerability in the Windows Common Log File System (CLFS) driver. Drivers are a key element of Windows that are used to write transaction logs. Driver abuse, especially through improper bounds checking, could allow an attacker to gain system privileges. From there, they could steal data or plant backdoors.

“Given that CLFS is a standard component in many editions of Windows, including server and client installations, the vulnerability has a broad reach, especially in enterprise environments,” Mike Walters, president and co-founder of Action1, said in an email to TechRepublic.

Addressing this vulnerability should be a high priority as it has already been exploited.

According to Regule, Microsoft has released patches for eight other CLFS vulnerabilities this year.

“However, this is an improvement for Microsoft, which fixed 12 CLFS vulnerabilities in 2022 and 10 CLFS vulnerabilities in 2023,” Regule wrote.

WATCH: US sanctions Chinese security firm Sichuan Cylance for exploiting vulnerability in Sophos firewall used in government infrastructure.

‘Tis the season… of remote code execution

A vulnerability received a score greater than nine on the CVSS severity system: CVE-2024-49112Which scored CVSS 9.8. A remote code execution vulnerability could allow an attacker to execute code inside the Windows Lightweight Directory Access Protocol (LDAP) service.

“Windows Server systems that act as domain controllers (DCs) are particularly at risk given their critical role in managing directory services,” Walters said.

This makes December a good time to install the patch for this vulnerability and remember an important factor of security hygiene: domain controllers should not have Internet access. Regule pointed out that companies following the Department of Defense’s DISA STIG for Active Directory domains should already have blocked domain controllers from Internet connections.

action 1 noted that nine of the December vulnerabilities were related to potential remote code execution.

“Organizations should avoid exposing RDP services to the global Internet and implement strong security controls to minimize the risks,” Walters wrote. “These flaws further prove the dangers of leaving RDP open and vulnerable.”

“If nothing else, we can say that Microsoft is consistent,” Regule said. “While it would be nice to see the number of vulnerabilities decreasing each year, at least the consistency gives us an idea of ​​what to expect. Since Microsoft has Signed CISA’s Secure by Design pledgeWe may see a decline in these numbers in the future.

It’s time to check for Apple, Google Chrome and other Patch Tuesday security updates

Many other companies schedule their monthly releases for the second Tuesday of the month. Adobe A list of security updates is provided. Other major patches, as collected by action 1include:

• Patches for vulnerabilities in Google Chrome and Mozilla Firefox.
• A security update for more than 100 Cisco devices that use the NX-OS data center-centric operating system.
• Fixed several local privilege escalation vulnerabilities in Linux.
• Patches for two actively used zero-day vulnerabilities in Macs with Intel chips.

A full list of Windows security updates can be found here Microsoft support,