Microsoft's December Patch Tuesday Addresses 72 Vulnerabilities, Including Active Zero-Day
Microsoft's latest Patch Tuesday update addresses 72 security vulnerabilities, including a critical privilege escalation flaw in the Windows Common Log File System (CLFS) that has been actively exploited. This flaw, CVE-2024-49138, is the fifth such CLFS vulnerability exploited since 2022. Microsoft is implementing new security measures, such as HMAC, to mitigate these risks. Additionally, Microsoft plans to phase out NTLM in favor of Kerberos to enhance security. Other vendors, including Adobe and Google, have also released security updates.
