Trending

News

Microsoft Confirms Zero-Day Vulnerability Actively Exploited on Windows Devices

Listen to this article

Microsoft has disclosed a zero-day security vulnerability, CVE-2024-49138, which allows attackers to achieve full system compromise on Windows devices. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has also confirmed the threat, listing it in the Known Exploited Vulnerability (KEV) Catalog. CISA describes the vulnerability as a “significant risk” and urges all users to implement remediation measures and install updates immediately.

CVE-2024-49138: A Critical Threat to Windows Users

This month’s Patch Tuesday included fixes for 72 vulnerabilities, but CVE-2024-49138 stands out as a critical concern. While specific details about the vulnerability are limited, it has been identified as a heap-based buffer overflow issue in the Microsoft Windows Common Log File System (CLFS) driver. The vulnerability impacts millions of users and spans all Windows OS editions back to Server 2008.

Chris Goettl, vice president of security product management at Ivanti, emphasized the urgency, stating, “The vulnerability is rated ‘Important’ by Microsoft with a CVSSv3.1 score of 7.8, but risk-based prioritization categorizes it as ‘Critical.’ Addressing this vulnerability should be the top priority in December’s updates.” CISA supports this prioritization, urging organizations to address the issue promptly to mitigate cyberattack risks.

Ransomware Risks from CVE-2024-49138

Microsoft has confirmed active exploitation of CVE-2024-49138, making it a pressing security concern for Windows users. Adam Barnett, lead software engineer at Rapid7, noted that this marks the third consecutive month Microsoft has published zero-day vulnerabilities without initially classifying them as “critical.”

The CLFS driver is a frequent target for cybercriminals, particularly ransomware operators. Barnett explained, “Ransomware authors who have exploited prior CLFS vulnerabilities will be eager to leverage this new exploit. Until Microsoft replaces the aging CLFS codebase, rather than patching individual flaws, similar vulnerabilities are likely to emerge.”

READ ALSO: CISA: Seven(7) New Advisories for Industrial Control Systems

CVE-2024-49138 Is Not Alone

Another high-risk vulnerability in this month’s updates is CVE-2024-49112, which affects the Lightweight Directory Access Protocol (LDAP) and has a CVSS score of 9.8. This flaw enables remote, unauthenticated code execution, prompting Microsoft to remind enterprises to block internet access for domain controllers as a mitigation step.

Tyler Reguly, associate director for security research at Fortra, reflected on the year’s overall security efforts, noting Microsoft resolved 1,088 vulnerabilities in 2024—similar to totals in 2023 and 2022.

Immediate Action Required

Windows users should prioritize installing updates to address these vulnerabilities. This action is distinct from upgrading operating systems and directly addresses active threats. Delaying updates leaves systems vulnerable to exploitation, so act swiftly to protect your devices and data.
Cyberkitera

Cyberkitera is a premier cybersecurity publishing platform dedicated to providing the latest insights, expert security tips, and news across all areas of cybersecurity. Our mission is to empower individuals and businesses with knowledge to prevent cyber threats, stay informed about emerging trends, and safeguard their digital assets. From industry updates to practical advice on protecting against cyber attacks, Cyberkitera is your trusted source for staying ahead in the ever-evolving world of cybersecurity.

view all posts

Related Posts

Post Comment

You May Have Missed