Article Details

Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws. Today is Microsoft's December 2024 Patch Tuesday, which includes security updates for 71 flaws, including one actively exploited zero-day vulnerability. This Patch Tuesday fixed sixteen critical vulnerabilities, all of which are remote code execution flaws. The number of bugs in each vulnerability category is listed below: This count does not include two Edge flaws that were previously fixed on December 5 and 6th. One actively exploited zero-day disclosed This month's Patch Tuesday fixes one actively exploited, publicly disclosed zero-day vulnerability. Microsoft classifies a zero-day flaw as one that is publicly disclosed or actively exploited while no official fix is available. The actively exploited zero-day vulnerability in today's updates are: CVE-2024-49138 - Windows Common Log File System Driver Elevation of Privilege Vulnerability Microsoft has fixed an actively exploited zero-day that allows attackers to gain SYSTEM privileges on Windows devices. No information has been released as to how the flaw was exploited in attacks. However, as it was discovered by the Advanced Research Team with CrowdStrike, we will likely see a report about its exploitation in the future. BleepingComputer contacted CrowdStrike for more information but has not yet received a response. Recent updates from other companies Other vendors who released updates or advisories in December 2024 include: The December 2024 Patch Tuesday Security Updates Below is the complete list of resolved vulnerabilities in the December 2024 Patch Tuesday updates. To access the full description of each vulnerability and the systems it affects, you can view the full report here.