Microsoft fixes 71 vulnerabilities in Windows and Office
- December 12, 2024
- 0
The last Patch Tuesday of the year was a busy day for Microsoft. No fewer than 71 vulnerabilities will be closed, including one in Windows that is being
The last Patch Tuesday of the year was a busy day for Microsoft. No fewer than 71 vulnerabilities will be closed, including one in Windows that is being actively exploited.
The first Tuesday of the month is traditionally Patch Tuesday at Microsoft. Even in the last edition in 2024, the developers of the software giant still had to work hard. In one fell swoop, Microsoft kills 21 CVE flies, spread across Windows, Office and Azure.
Sixteen vulnerabilities are classified as “critical” and the remaining vulnerabilities, except one, are classified as “high risk”. The full list can be found here.
Windows under attack
Of the 71 vulnerabilities, the vast majority, 59 to be exact, were common in Windows 11, Windows 10, and supported versions of Windows Server. The vulnerability CVE-2024-49138 is receiving particular attention. While this is not considered critical, it is the only vulnerability that Microsoft believes is being actively exploited.
The vulnerability is due to a buffer overflow in the shared protocol file system driver and could allow an attacker to gain system authorization. In combination with one of many Remote code executionThe attacker could cause great damage through security gaps (RCE). We recommend rolling out the Windows security update as soon as it is available for your device.
Eight vulnerabilities have been fixed for Office applications, three of which are potentially critical RCE vulnerabilities in Excel, Access and Outlook. The Outlook vulnerability would exploit a preview for file attachments. Microsoft emphasizes that this vulnerability will not allow attackers to obtain usage data, but will prevent you from accessing it yourself.
Not a record year
After this latest Patch Tuesday, the total number of patched vulnerabilities in Microsoft applications reaches 1,020. This is almost a record for Microsoft. In 2020, Microsoft had to intervene 1,250 times. 2024 will go down in history as a year that brought a lot of update misery for Microsoft, with the Windows 11 24H2 update being a painful chronicle.
Source: IT Daily
As an experienced journalist and author, Mary has been reporting on the latest news and trends for over 5 years. With a passion for uncovering the stories behind the headlines, Mary has earned a reputation as a trusted voice in the world of journalism. Her writing style is insightful, engaging and thought-provoking, as she takes a deep dive into the most pressing issues of our time.
