December introduced a comparatively gentle Patch Tuesday, with a vulnerability that was actively exploited. Of all 70 vulnerabilities fastened, 16 had been labeled as essential.
“This yr, cybersecurity professionals have to be on Santa’s good listing, or, on the very least, Microsoft’s,” Tyler Reguly, affiliate director of cybersecurity analysis and growth, advised TechRepublic in an e-mail. safety at cybersecurity software program and providers firm Fortra.
Microsoft patch CLFS leaky
CVE-2024-49138 is an elevation of privilege vulnerability within the Windows Common Log File System (CLFS) driver. The driver is a key factor of Windows used to jot down transaction logs. Misuse of the driving force, particularly via improper bounds checking, might permit an attacker to achieve SYSTEM privileges. From there they might steal knowledge or set up backdoors.
“Given that CLFS is a normal element throughout a number of variations of Windows, together with server and consumer installations, the vulnerability is broad in scope, particularly in enterprise environments,” stated Mike Walters, president and co-founder of Action1, in an e-mail. -mail to TechRepublic.
Addressing this vulnerability must be a excessive precedence because it has already been exploited.
According to Reguly, Microsoft has launched patches for eight different CLFS vulnerabilities this yr.
“This is, nonetheless, an enchancment for Microsoft, which patched 12 CLFS vulnerabilities in 2022 and 10 CLFS vulnerabilities in 2023,” Reguly wrote.
SEE: The United States has sanctioned Chinese safety agency Sichuan Silence for exploiting a vulnerability in Sophos firewalls utilized in authorities infrastructure.
‘Tis the season of distant code execution
One vulnerability scored above 9 within the CVSS severity system: CVE-2024-49112which achieved a CVSS rating 9.8. A distant code execution vulnerability might permit an attacker to execute code inside the Windows Lightweight Directory Access Protocol (LDAP) service.
“Windows Server techniques that act as area controllers (DCs) are significantly in danger, given their essential position in managing listing providers,” Walters stated.
This makes December time to put in the patch for this vulnerability and to recollect an necessary safety hygiene issue: area controllers shouldn’t have entry to the Internet. Reguly identified that corporations following the Department of Defense’s DISA STIG for Active Directory domains ought to have already got blocked area controllers from Internet connections.
Action 1 famous that 9 of December’s vulnerabilities stem from potential distant code execution.
“Organizations ought to keep away from exposing RDP providers to the worldwide Internet and implement strong safety controls to mitigate dangers,” Walters wrote. “These flaws additional show the risks of leaving the PSR open and unprotected.”
“If nothing else, we will say that Microsoft is constant,” Reguly added. “While it could be good to see the variety of vulnerabilities lower annually, a minimum of consistency lets us know what to anticipate. Since Microsoft has has signed CISA’s Secure by Design commitmentwe might even see these numbers decline sooner or later.”
It’s time to take a look at the Apple, Google Chrome, and different Patch Tuesday safety updates
Many different corporations schedule their month-to-month releases for the second Tuesday of the month. Adobe supplied a listing of safety updates. Other notable patches, collected by Action 1embody:
- Patches for vulnerabilities in Google Chrome and Mozilla Firefox.
- A safety replace for greater than 100 Cisco units operating the NX-OS knowledge center-centric working system.
- Fixes for a number of native privilege escalation vulnerabilities in Linux.
- Patches for 2 actively exploited zero-day vulnerabilities in Macs with Intel chips.
An entire listing of Windows safety updates is out there at Microsoft Support.
