Microsoft just closed out its Patch Tuesday updates for 2024 by releasing fixes for 72 security flaws across its software portfolio: 17 rated Critical, 52 rated Important and one rated Moderate, and one that has been actively exploited in the wild. According to the cybersecurity firm Forta, Microsoft has resolved up to 1,088 vulnerabilities in 2024.
The vulnerability that Microsoft discovered is currently being exploited by hackers (tracked as CVE-2024-49138) is a privilege escalation flaw in the Windows common log file system (CLFS) driver which could be leveraged by an attacker to gain system privileges. Microsoft credits CrowdStrike for discovering and reporting the flaw, which is the fifth actively exploited CLFS privilege escalation flaw since 2022 – and the ninth vulnerability in the same component to receive a patch this year.
Ransomware attackers are focused on exploited CLFS privilege flaws in particular, according to one senior staff research engineer quoted by The Hacker News, as this enables them to move through a network to steal and encrypt data before extorting their victims. Microsoft has said it working to add a new verification step when parsing log files to detect malicious actors though.
In August 2024, the company stated the new security mitigations “provides CLFS the ability to detect when log files have been modified by anything other than the CLFS driver itself. This is accomplished by adding Hash-based Message Authentication Codes (HMAC) to the end of the log file.”
The flaw has been added to the Known Exploited Vulnerabilities catalog at the U.S. Cybersecurity and Infrastructure Security Agency (CISA), which will require Federal Civilian Executive Branch (FCEB) agencies to apply necessary remediations by December 31st.
This month’s highest severity bug though is a remote code execution flaw (tracked as CVE-2024-49112) that impacts the Windows Lightweight Directory Access Protocol (LDAP). According to Microsoft, it could allow an attacker to gain code execution through a specially crafted set of LDAP calls to execute arbitrary code within the context of the LDAP service.
Other bugs of note this month include three more remote code execution flaws: one impacting Windows Hyper-V (CVE-2024-49117) one the Remote Desktop Client (CVE-2024-49105) and one that impacts Microsoft Muzic (CVE-2024-49063).
How to stay safe
Don't wait to update your PC. Instead, do so as soon as it's recommended by your operating system. Microsoft makes this easy to remember since your PC will give you the option to install new updates whenever you restart or shut down.
Next, make sure that Windows Defender is set up on your PC - it's a great option and it ships free with your PC. Don't think that means you can skip out on installing some of the best antivirus software as well. Likewise, many antivirus software suites come with useful extras like a password manager or a VPN.
Patch Tuesday happens every month and you should plan to update your PC immediately after, usually around the second week of each month. If you have one of the best Windows laptops, you may think this is unnecessary, but if you want your machine to run well and virus free, ensuring that these security-focused updates are installed is the best way to do so.