Susan's Place Logo

News:

According to Google Analytics 25,259,719 users made visits accounting for 140,758,117 Pageviews since December 2006

Main Menu

New Windows 0Day Attack Strikes—Microsoft Warns Millions To Update Now

Started by Lori Dee, December 14, 2024, 01:10:25 PM

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

Lori Dee

New Windows 0Day Attack Strikes—Microsoft Warns Millions To Update Now
Link to Full Article
Forbes - Davey Winder
Dec 12, 2024,05:33am EST
Update, Dec. 12, 2024: This story, originally published Dec. 11, now includes further information from security experts regarding another critical vulnerability within the latest Windows security round-up and a reminder of why it's imperative everyone updates their Windows PC now.

Microsoft has confirmed a zero-day security vulnerability that can open up Windows devices to full system compromise is under active exploitation. The cyberattack has also been confirmed by the U.S. Cybersecurity and Infrastructure Security Agency, part of the Department of Homeland Security, which has added the security issue to the Known Exploited Vulnerability Catalog, and advised it "poses significant risks" with a recommendation for all users to take appropriate remediation measures and update now. Here's what you need to know about CVE-2024-49138.

The December round of Patch Tuesday vulnerability fixes has been released by Microsoft, and among the 72 vulnerabilities this month is one that needs your full attention right now: CVE-2024-49138.

Not much is known about the vulnerability itself, as is often the case with such zero-day issues this detail is held back until as many users as possible have had the opportunity to patch against the exploit. However, what we do know is that it's a heap-based buffer overflow vulnerability, a memory security issue, in the Microsoft Windows Common Log File System driver. We also know that it is a very widespread vulnerability impacting millions of Windows users.


--------------------

If you are using a Windows-based device of any type, keep your software updated.
Let's be safe out there.

My Life is Based on a True Story
U.S. Army - SSG (Staff Sergeant) - M60A3 Tank Master Gunner
2017 - GD Diagnosis / 2019- 2nd Diagnosis / 2020 - HRT / 2022 - FFS & Legal Name Change
/ 2024 - Voice Training / 2025 - Passport & IDs complete