Wednesday , December 18 2024
Microsoft

Microsoft December 2024 Patch Tuesday – 71 Vulnerabilities Fixed, 1 Zero-day

infosecbulletin 1 week ago International

Microsoft published December 2024 Patch Tuesday, which includes security updates for 71 flaws, including one actively exploited zero-day vulnerability.

This Patch Tuesday fixed sixteen critical vulnerabilities, all of which are remote code execution flaws.

CISA released best practices to secure Microsoft 365 Cloud environments

By infosecbulletin / Wednesday , December 18 2024
CISA has issued Binding Operational Directive (BOD) 25-01, requiring federal civilian agencies to improve the security of their Microsoft 365...
Read More
CISA released best practices to secure Microsoft 365 Cloud environments

Data breach! Ireland fines Meta $264 million, Australia $50m

By infosecbulletin / Wednesday , December 18 2024
The Irish Data Protection Commission fined Meta €251 million ($263.6 million) for GDPR violations related to a 2018 data breach...
Read More
Data breach! Ireland fines Meta $264 million, Australia $50m

Over 25K SonicWall VPN Firewalls exposed to critical flaws

By infosecbulletin / Wednesday , December 18 2024
More than 25,000 SonicWall SSL VPN devices are vulnerable to critical flaws, with 20,000 running outdated SonicOS/OSX firmware that is...
Read More
Over 25K SonicWall VPN Firewalls exposed to critical flaws

AI-made nude images incident, one school, 50 female victim

By infosecbulletin / Tuesday , December 17 2024
Nearly half of the high school’s female students were victimized in AI based deepfake the images and videos. The students...
Read More
AI-made nude images incident, one school, 50 female victim

Over 4 lac files ‘leaked’: Telecom Namibia hit by major cyberattack

By infosecbulletin / Monday , December 16 2024
Telecom Namibia experienced a cyber incident that leaked customer data. The company is working with local and international cybersecurity experts...
Read More
Over 4 lac files ‘leaked’: Telecom Namibia hit by major cyberattack

HSBC sued by ASIC: customers allegedly scammed of $23 million

By infosecbulletin / Monday , December 16 2024
HSBC Bank Australia Limited did not sufficiently safeguard customers from scams that resulted in millions of dollars being lost, as...
Read More
HSBC sued by ASIC: customers allegedly scammed of $23 million

Sophos Thwarts Global Firewall Attack promptly, Protects Thousands from Data Theft

By infosecbulletin / Sunday , December 15 2024
On 10Th December, 2024 The US Department of Justice said in a press release that a Chinese-born man named Guang...
Read More
Sophos Thwarts Global Firewall Attack promptly, Protects Thousands from Data Theft

Android malware attack Indian banks: Infected 419 devices

By infosecbulletin / Saturday , December 14 2024
Researchers discovered a new Android banking trojan aimed at Indian users. This malware pretends to be essential utility services to...
Read More
Android malware attack Indian banks: Infected 419 devices

Indian-American OpenAI whistleblower Suchir Balaji found dead in San Francisco

By infosecbulletin / Saturday , December 14 2024
A whistleblower from OpenAI, Suchir Balaji, an Indian-American ex-researcher at OpenAI who criticized the company's practices, was found dead in...
Read More
Indian-American OpenAI whistleblower Suchir Balaji found dead in San Francisco

Canadian company exposed unprotected almost 5 million records

By infosecbulletin / Saturday , December 14 2024
Cybersecurity expert, Jeremiah Fowler discovered an unsecured database containing almost 5 million records reportedly relating to Care1 — a Canadian...
Read More
Canadian company exposed unprotected almost 5 million records

The number of bugs in each vulnerability category is listed below:

27 Elevation of Privilege Vulnerabilities3

30 Remote Code Execution Vulnerabilities

7 Information Disclosure Vulnerabilities

5 Denial of Service Vulnerabilities

1 Spoofing Vulnerabilities

This count does not include two Edge flaws that were previously fixed on December 5 and 6th.

One actively exploited zero-day disclosed

This month’s Patch Tuesday fixes one actively exploited, publicly disclosed zero-day vulnerability.

Microsoft classifies a zero-day flaw as one that is publicly disclosed or actively exploited while no official fix is available.

The actively exploited zero-day vulnerability in today’s updates are:

CVE-2024-49138 – Windows Common Log File System Driver Elevation of Privilege Vulnerability

Microsoft has fixed an actively exploited zero-day that allows attackers to gain SYSTEM privileges on Windows devices.

No information has been released as to how the flaw was exploited in attack.

The December 2024 Patch Tuesday Security Updates

Below is the complete list of resolved vulnerabilities in the December 2024 Patch Tuesday updates.

Read out full report here.

Check Also

firewall

Sophos Thwarts Global Firewall Attack promptly, Protects Thousands from Data Theft

On 10Th December, 2024 The US Department of Justice said in a press release that …

Leave a Reply

Your email address will not be published. Required fields are marked *

Mail: [email protected]
© Copyright 2024, All Rights Reserved InfoSecBulletin