Skip to main content
Advertisement
Advertisement
Close
Cybersecurity
Adobe, too.
Listen to this article
0:00
Learn more. This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment.
The Microsoft logo is illuminated on a wall during a Microsoft launch event on May 2, 2017 in New York City. (Photo by Drew Angerer/Getty Images)
In its final Patch Tuesday update of 2024, Microsoft has addressed 71 new security vulnerabilities, including a zero-day flaw that is currently being actively exploited.
The zero-day vulnerability, documented as CVE-2024-49138, is a bug in the company’s Windows Common Log File System (CLFS). It poses a significant threat as it enables attackers to achieve system-level privileges via a heap-based buffer overflow, potentially allowing for ransomware attacks and other escalated cyber threats.
Detailed information about the specific extent or location of its exploitation has not been disclosed. CISA on Tuesday added the vulnerability to its Known Exploited Vulnerabilities list.
In tandem, Microsoft has urged immediate attention to another severe vulnerability, CVE-2024-49112, in the Windows Lightweight Directory Access Protocol (LDAP). The vulnerability carries a CVSS severity score of 9.8. This flaw can allow an attacker to execute remote code without authentication, posing a high risk to domain controllers central to network security structures. Microsoft’s advisory recommends urgent patching and isolation of LDAP services from untrusted networks to prevent potential exploits.
Advertisement
This month’s fixes highlight pressing threats within the Windows ecosystem, particularly the vulnerabilities enabling unauthorized access or remote code execution across critical services like Remote Desktop and Hyper-V. These patches underscore vulnerabilities that can readily be weaponized by cybercriminals aiming to exploit widely used enterprise components.
Also on Tuesday, Adobe issued patches addressing 167 vulnerabilities across its software suite, with significant updates in products like Adobe Experience Manager and Adobe Connect. None of Adobe’s patched vulnerabilities were known to be under active exploitation at the time of release.
Organizations are strongly encouraged to expedite these patches, given the severity scores and the additions to the KEV list.
You can view the full Microsoft list in the company’s Security Response Center.
Greg Otto
Written by Greg Otto
Greg Otto is Editor-in-Chief of CyberScoop, overseeing all editorial content for the website. Greg has led cybersecurity coverage that has won various awards, including accolades from the Society of Professional Journalists and the American Society of Business Publication Editors. Prior to joining Scoop News Group, Greg worked for the Washington Business Journal, U.S. News & World Report and WTOP Radio. He has a degree in broadcast journalism from Temple University.
In This Story
Advertisement
Advertisement
Advertisement
More Scoops
Latest Podcasts
Government
Technology
Advertisement
Continue to CyberScoop