Microsoft's December Patch Tuesday Addresses 72 Vulnerabilities, Including Active Zero-Day

December 11, 2024 at 07:16 AM

•

1 min read

Microsoft's December Patch Tuesday Addresses 72 Vulnerabilities, Including Active Zero-Day — Photo: The Hacker News

TL;DR Summary

Microsoft's latest Patch Tuesday update addresses 72 security vulnerabilities, including a critical privilege escalation flaw in the Windows Common Log File System (CLFS) that has been actively exploited. This flaw, CVE-2024-49138, is the fifth such CLFS vulnerability exploited since 2022. Microsoft is implementing new security measures, such as HMAC, to mitigate these risks. Additionally, Microsoft plans to phase out NTLM in favor of Kerberos to enhance security. Other vendors, including Adobe and Google, have also released security updates.

Topics:technology #cybersecurity #microsoft #patchtuesday #security #technology #vulnerabilities

Share this article

Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS Vulnerability The Hacker News
New Windows 0Day Attack Confirmed—Homeland Security Says Update Now Forbes
Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws BleepingComputer
Patch Tuesday, December 2024 Edition Krebs on Security
Microsoft holds last Patch Tuesday of the year with 72 gifts for admins The Register

Reading Insights

Total Reads

Unique Readers

Time Saved

5 min

vs 6 min read

Condensed

92%

1,017 → 78 words

Want the full story? Read the original article

Read on The Hacker News

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights