InfoSecBulletin Cybersecurity for mankind
Microsoft published December 2024 Patch Tuesday, which includes security updates for 71 flaws, including one actively exploited zero-day vulnerability.
This Patch Tuesday fixed sixteen critical vulnerabilities, all of which are remote code execution flaws.
Delay patching leaves about 50,000 Fortinet firewalls to zero-day attack
Daily Security Update Dated: 21.01.2025
126 Linux kernel Vulns Allow Attackers Exploit 78 Linux Sub-Systems
CERT-UA alerts about “security audit” requests through AnyDesk
Oracle Critical Pre-Release update addressed 320 flaw
OWASP Reveils Top 10 Smart Contract Vulnerabilities for 2025
Multiple Azure DevOps Vulns Allow To Inject CRLF Queries & Rebind DNS
Intel holds 22 employees from one Bangladeshi University
VPN Surge 1500% in USA after TikTok Shut Down
MITRE Launches D3FEND 1.0; The Milestone for Cybersecurity Ontology
The number of bugs in each vulnerability category is listed below:
27 Elevation of Privilege Vulnerabilities3
30 Remote Code Execution Vulnerabilities
7 Information Disclosure Vulnerabilities
5 Denial of Service Vulnerabilities
1 Spoofing Vulnerabilities
This count does not include two Edge flaws that were previously fixed on December 5 and 6th.
One actively exploited zero-day disclosed
This month’s Patch Tuesday fixes one actively exploited, publicly disclosed zero-day vulnerability.
Microsoft classifies a zero-day flaw as one that is publicly disclosed or actively exploited while no official fix is available.
The actively exploited zero-day vulnerability in today’s updates are:
CVE-2024-49138 – Windows Common Log File System Driver Elevation of Privilege Vulnerability
Microsoft has fixed an actively exploited zero-day that allows attackers to gain SYSTEM privileges on Windows devices.
No information has been released as to how the flaw was exploited in attack.
The December 2024 Patch Tuesday Security Updates
Below is the complete list of resolved vulnerabilities in the December 2024 Patch Tuesday updates.
Read out full report here.
