“This year, cybersecurity professionals should be on Santa’s good list, or at least , of Microsoft,”.
Microsoft patch leaky CLFS
CVE-2024-49138 The Windows Common Log File System (CLFS) driver has an elevation of privilege vulnerability. A driver is an important element of Windows that is used to write the transaction log. Driver misuse, particularly through incorrect boundary checks, can allow an attacker to gain system privileges. From there, they can steal data or install a backdoor.
Mike Walters, president and co-founder of Action 1, said in an email to TechRepublic, “Given that CLFS is one of the many versions of Windows, The standard component, including server and client installations, has a wide reach of vulnerability, especially in enterprise environments,” Mike Walters told TechRepublic in a said in the email.
Addressing this vulnerability should be a high priority as it has already been exploited.
Microsoft has released patches for eight other CLFS vulnerabilities this year, according to Regoli.
“However, this is an improvement for Microsoft, which fixed 12 CLFS vulnerabilities in 2022 and 10 CLFS vulnerabilities in 2023,” Regoli wrote.
See: US imposes sanctions on Chinese. Security firm Sichuan Silence to exploit vulnerability in Sophos firewalls used in government infrastructure.
Tis the season … for remote code execution
A vulnerability scored greater than nine on the CVSS Severity System: CVE-2024-49112which scored a CVSS of 9.8. A remote code execution vulnerability could allow an attacker to execute code within the Windows Lightweight Directory Access Protocol (LDAP) service.
“Windows Server systems acting as domain controllers (DCs) are particularly at risk, given their critical role in managing directory services,” Walters said.
This makes December a good time to install a patch for this vulnerability and remember one of its key elements. Security Hygiene: Domain controllers should not have access to the Internet. Regoli pointed out that companies following the Department of Defense’s DISA STIG for Active Directory domains must already block domain controllers from Internet connections.
Action 1 Nine December vulnerabilities were noted to be related to potential remote code execution.
“Organizations should avoid exposing RDP services to the global Internet and implement robust security controls to mitigate risks,” Walters wrote. “These flaws further demonstrate the dangers of leaving RDP open and unsecured.”
“If nothing else, we can say that Microsoft is consistent,” Regoli added. “While it would be nice to see the number of vulnerabilities decrease each year, at least consistency lets us know what to expect. Since Microsoft has Signed CISA’s Secure by Design pledgewe may see these numbers decrease in the future.”
Time to check in on Apple, Google Chrome, and other Patch Tuesday security updates
Many other companies schedule their monthly releases for the second Tuesday of the month. Adobe List of security updates provided. Other large patches, as collected. Action 1Includes:
- Patches for vulnerabilities in Google Chrome and Mozilla Firefox.
- A security update for more than 100 Cisco devices that use the NX-OS data center-focused operating system.
- Fixes for several local privilege escalation vulnerabilities in Linux.
- Patches for two actively exploited zero-day vulnerabilities in Macs with Intel chips.
A complete list of Windows security updates can be found here. Microsoft Support.