December introduced a comparatively gentle Patch Tuesday, with one vulnerability having been actively exploited. Of all 70 vulnerabilities fastened, 16 have been categorized as important.
“This 12 months, cybersecurity professionals should be on Santa’s good record, or, on the very least, Microsoft’s,” Tyler Reguly, affiliate director of safety R&D at cybersecurity software program and companies firm Fortra, advised TechRepublic in an e-mail.
Microsoft patches leaky CLFS
CVE-2024-49138 is an elevation of privilege vulnerability within the Home windows Widespread Log File System (CLFS) driver. The driving force is a key ingredient of Home windows used to jot down transaction logs. Misuse of the motive force, particularly by improper bounds checking, may let an attacker acquire SYSTEM privileges. From there, they might steal knowledge or set up backdoors.
“On condition that CLFS is a regular element throughout a number of variations of Home windows, together with server and shopper installations, the vulnerability has intensive attain, particularly in enterprise environments,” Mike Walters, president and co-founder of Action1, stated in an e-mail to TechRepublic.
Addressing this vulnerability must be a excessive precedence because it has already been exploited.
Microsoft has launched patches for eight different CLFS vulnerabilities this 12 months, in accordance with Reguly.
“That’s, nevertheless, an enchancment for Microsoft, who patched 12 CLFS vulnerabilities in 2022 and 10 CLFS vulnerabilities in 2023,” Reguly wrote.
SEE: The U.S. sanctioned Chinese language safety agency Sichuan Silence for exploiting a vulnerability in Sophos firewalls utilized in authorities infrastructure.
‘Tis the season … for distant code execution
One vulnerability scored larger than 9 on the CVSS severity system: CVE-2024-49112, which scored CVSS 9.8. A distant code execution vulnerability may enable an attacker to execute code contained in the Home windows Light-weight Listing Entry Protocol (LDAP) service.
“Home windows Server techniques appearing as area controllers (DCs) are particularly in danger, given their essential function in managing listing companies,” stated Walters.
This makes December each a superb time to put in the patch for this vulnerability and to recollect an essential issue of safety hygiene: Area controllers shouldn’t have web entry. Reguly identified that firms following the Division of Protection’s DISA STIG for Lively Listing Domains ought to have already got blocked area controllers from web connections.
Motion 1 famous that 9 of the December vulnerabilities stem associated to the potential distant code execution.
“Organizations ought to keep away from exposing RDP companies to the worldwide web and implement strong safety controls to mitigate dangers,” wrote Walters. “These flaws additional show the hazards of leaving RDP open and unprotected.”
“If nothing else, we are able to say that Microsoft is constant,” Reguly added. “Whereas it could be good to see the variety of vulnerabilities annually reducing, a minimum of consistency lets us know what to anticipate. Since Microsoft has signed CISA’s Safe by Design pledge, we may even see these numbers drop sooner or later.”
Time to verify in on Apple, Google Chrome, and different Patch Tuesday safety updates
Many different firms time their month-to-month releases for the second Tuesday of the month. Adobe supplied an inventory of safety updates. Different main patches, as collected by Motion 1, embody:
- Patches for vulnerabilities in Google Chrome and Mozilla Firefox.
- A safety replace for over 100 Cisco units that use the NX-OS knowledge center-focused working system.
- Fixes for a number of native privilege escalation vulnerabilities in Linux.
- Patches for 2 actively exploited zero-day vulnerabilities in Macs with Intel chips.
An entire record of Home windows safety updates will be discovered at Microsoft Help.
/cdn.vox-cdn.com/uploads/chorus_asset/file/25290333/STK255_Google_Gemini_C.jpg "Gemini can now tell when a PDF is on your phone screen")
