The final Patch Tuesday of 2024 was released recently and Microsoft also rolled out a series of vital security updates that address a staggering 71 vulnerabilities across its applications and services.
Among the 71 vulnerabilities, 16 have been labelled as ‘critical’ while nearly all others are classified as ‘high risk’ with one specific flaw alright being exploited in the wild. This makes it imperative to apply the patches available without any delay.
Microsft has patched a total of 1.020 securities throughout 2024, making it the second most challenging year for the company in terms of security issues. It is only trailing behind 2020 when around 1,250 vulnerabilities were recorded.
Details of these vulnerabilities are somewhat limited in the Security Update Guide of Microsoft. However, Dustin Childs on the Trend Micro ZDI blog, offered a more comprehensive analysis of Patch Tuesday catering specifically to administrators managing corporate networks.
A significant number of vulnerabilities which are 59 total and affect various versions of Microsoft are still to receive security updates from Microsoft. While Windows 7 and 8.1 are not included in security reports anymore, they may still be at risk. If the hardware allows transitioning to Windows 10 22H2 or Windows 11 23H2, it is suggested to ensure ongoing security updates.
Microsoft reported that the attacks are already underway targeting a specific vulnerability in Windows which is identified as CVE-2024-49138. This buffer overflow flaw in the shared protocol file system driver poses a high risk further allowing the attackers to get the system authorization through privilege escalation. Although the Windows 11 24H2 update is available, it may be right to wait till the current issues are resolved.
An attacker could potentially seize complete control of the Windows system when combined with a remote Code Execution which could lead to significant damage to the system.
