Site News and Information => Community alerts => Topic started by: Lori Dee on December 14, 2024, 01:10:25 PM Return to Full Version
Title: New Windows 0Day Attack Strikes—Microsoft Warns Millions To Update Now
Post by: Lori Dee on December 14, 2024, 01:10:25 PM
Post by: Lori Dee on December 14, 2024, 01:10:25 PM
New Windows 0Day Attack Strikes—Microsoft Warns Millions To Update Now
Link to Full Article (https://www.forbes.com/sites/daveywinder/2024/12/12/new-windows-0day-attack-confirmed-homeland-security-says-update-now/)
Forbes - Davey Winder
Dec 12, 2024,05:33am EST
Update, Dec. 12, 2024: This story, originally published Dec. 11, now includes further information from security experts regarding another critical vulnerability within the latest Windows security round-up and a reminder of why it's imperative everyone updates their Windows PC now.
Microsoft has confirmed a zero-day security vulnerability that can open up Windows devices to full system compromise is under active exploitation. The cyberattack has also been confirmed by the U.S. Cybersecurity and Infrastructure Security Agency, part of the Department of Homeland Security, which has added the security issue to the Known Exploited Vulnerability Catalog, and advised it "poses significant risks" with a recommendation for all users to take appropriate remediation measures and update now. Here's what you need to know about CVE-2024-49138.
The December round of Patch Tuesday vulnerability fixes has been released by Microsoft, and among the 72 vulnerabilities this month is one that needs your full attention right now: CVE-2024-49138.
Not much is known about the vulnerability itself, as is often the case with such zero-day issues this detail is held back until as many users as possible have had the opportunity to patch against the exploit. However, what we do know is that it's a heap-based buffer overflow vulnerability, a memory security issue, in the Microsoft Windows Common Log File System driver. We also know that it is a very widespread vulnerability impacting millions of Windows users.
--------------------
If you are using a Windows-based device of any type, keep your software updated.
Let's be safe out there.
Link to Full Article (https://www.forbes.com/sites/daveywinder/2024/12/12/new-windows-0day-attack-confirmed-homeland-security-says-update-now/)
Forbes - Davey Winder
Dec 12, 2024,05:33am EST
Update, Dec. 12, 2024: This story, originally published Dec. 11, now includes further information from security experts regarding another critical vulnerability within the latest Windows security round-up and a reminder of why it's imperative everyone updates their Windows PC now.
Microsoft has confirmed a zero-day security vulnerability that can open up Windows devices to full system compromise is under active exploitation. The cyberattack has also been confirmed by the U.S. Cybersecurity and Infrastructure Security Agency, part of the Department of Homeland Security, which has added the security issue to the Known Exploited Vulnerability Catalog, and advised it "poses significant risks" with a recommendation for all users to take appropriate remediation measures and update now. Here's what you need to know about CVE-2024-49138.
The December round of Patch Tuesday vulnerability fixes has been released by Microsoft, and among the 72 vulnerabilities this month is one that needs your full attention right now: CVE-2024-49138.
Not much is known about the vulnerability itself, as is often the case with such zero-day issues this detail is held back until as many users as possible have had the opportunity to patch against the exploit. However, what we do know is that it's a heap-based buffer overflow vulnerability, a memory security issue, in the Microsoft Windows Common Log File System driver. We also know that it is a very widespread vulnerability impacting millions of Windows users.
--------------------
If you are using a Windows-based device of any type, keep your software updated.
Let's be safe out there.