Urgent Security Update Needed: New Windows Vulnerability Under Active Attack
Microsoft has confirmed a dangerous security vulnerability affecting millions of Windows devices. This zero-day vulnerability, known as CVE-2024-49138, allows attackers to gain complete control over vulnerable machines. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this to its Known Exploited Vulnerability Catalog, underscoring the urgency of the threat. All Windows users need to update their systems immediately.
Microsoft has confirmed that the vulnerability is being actively exploited.
What users need to know:
-
CVE-2024-49138 is a high-severity vulnerability,less formally referred as a heap-based buffer overflow. These attacks target the Microsoft Windows Common Log File System, a core component found in all Windows OS editions dating back to at least Windows Server 2008.
- The severity of the vulnerability prompted the CISAto issue an alert urging organizations to prioritize patching. It’s crucial to implement this update immediately to mitigate your risk.
Cybersecurity experts agree that this is a critical situation for users. Joe Innovation Chris Goettl, vice president of security product management at Ivanti, reminded all users that "This vulnerability is rated important by Microsoft with a CVSSv3.1
score of 7.8. Risk-based prioritization, meaning patching for this month."
What to do right now:
Windows users can find the December Patch Tuesday update via Ruff to help deflect attacks,
score of 7.8. Risk based-prioritization would rate this vulnerability as Critical which makes the Windows OS update this month .
*
https://msrc.microsoft.com/update-guide/releaseNote/2024-Dec
https://msrc.microsoft.com/update-guide/releaseNote/2024-Dec
.
" rel="nofollow noopener noreferrer"
.
