Artios is the right partner to help businesses and organizations modernize by upgrading their infrastructure, switching to the Cloud and consulting services for the right technology choices.

Contacts

info[AT]artios.cc

+30 210 4401400

+30 2317 000400

Linkedin Facebook-f Youtube
Security

Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS Vulnerability

Microsoft closed out its Patch Tuesday updates for 2024 with fixes for a total of 72 security flaws spanning its software portfolio, including one that it said has been exploited in the wild.

Of the 72 flaws, 17 are rated Critical, 54 are rated Important, and one is rated Moderate in severity. Thirty-one of the vulnerabilities are remote code execution flaws, and 27 of them allow for the elevation of privileges.

This is in addition to 13 vulnerabilities the company has addressed in its Chromium-based Edge browser since the release of last month’s security update. In total, Microsoft has resolved as many as 1088 vulnerabilities in 2024 alone, per Fortra.

The vulnerability that Microsoft has acknowledged as having been actively exploited is CVE-2024-49138 (CVSS score: 7.8), a privilege escalation flaw in the Windows Common Log File System (CLFS) Driver.

“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” the company said in an advisory, crediting cybersecurity company CrowdStrike for discovering and reporting the flaw.

It’s worth noting that CVE-2024-49138 is the fifth actively exploited CLFS privilege escalation flaw since 2022 after CVE-2022-24521, CVE-2022-37969, CVE-2023-23376, and CVE-2023-28252 (CVSS scores: 7.8). It’s also the ninth vulnerability in the same component to be patched this year.

5
ARTIOS