Microsoft Windows 11 and Windows 10 Updated With Fix for Actively Exploited Zero-Day Vulnerability
Microsoft has patched a publicly disclosed zero-day vulnerability that was actively exploited to gain system-level privileges on Windows PCs.
Advertisement
Highlights
- Microsoft has fixed several critical Windows security flaws
- Both Windows 11 and Windows 10 have received security fixes
- Microsoft has released patches for 71 security vulnerabilities
PCs running Windows 11 and Windows 10 will receive mandatory updates with fixes for the flaws
Photo Credit: Microsoft
Microsoft has rolled out its latest security updates as part of the December 2024 Patch Tuesday release, and users with Windows laptops and desktop computers should update their systems as soon as possible. According to the company's release notes, the latest security updates fix a publicly disclosed, actively exploited zero-day vulnerability. It also includes fixes for 30 remote code execution vulnerabilities — of these, 16 are designated as critical — and 41 other security flaws related to operating system components.
Microsoft Fixes Zero-Day Vulnerability Discovered by Crowdstrike
The security updates rolled out by Microsoft on Tuesday (via BleepingComputer) include a fix for CVE-2024-49138 (Windows Common Log File System Driver Elevation of Privilege Vulnerability), which is a publicly disclosed zero-day vulnerability that was actively exploited, according to the company.
The flaw allowed attackers to gain access to system-level privileges on an affected Windows PC, and was discovered by Crowdstrike's Advanced Research Team. Details on how the flaw was exploited were not provided by Microsoft, presumably to ensure that users have enough time to install the latest security updates.
In addition to the fixes for the actively exploited zero-day vulnerability, Microsoft has also patched a total of 71 flaws affecting various Windows components. This includes 30 remote code execution vulnerabilities, out of which 16 have a 'Critical' severity rating, and 27 vulnerabilities that would enable attackers to gain elevated privileges on an unpatched Windows PC.
Advertisement
The latest security updates for Windows also include patches for flaws in third party products. Vendors like Adobe, Cisco, OpenWrt, and SAP have issued security updates, while the US Cybersecurity and Infrastructure Security Agency (CISA) has published advisories on vulnerabilities in industrial control systems from various companies.
- Some Ubisoft Games May Stop Responding After Latest Windows 11 Update
- Microsoft's New In-Game Edge Browser Will Provide Game Hints, Guides, More
- Microsoft Windows 365 Link Cloud PC Device Launched With These Features
- Microsoft Makes It Easier to Install Windows 11 on Arm-Based PCs
- Google Rolls Out Quick Share App for ARM-Based Devices
Users with Windows 11 PCs will need to install the KB5048667 (24H2) and KB5048685 (23H2) cumulative updates, which contain the December 2024 security updates. Users with older machines that are running Windows 10 will need to install the KB5048652 (22H2) update.
For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.
Further reading:
Windows 11, Windows 10, Windows Security Updates, Microsoft Updates, Security Updates, Microsoft Patch Tuesday, Microsoft, Windows
Advertisement