2 min Security

Windows Patch Tuesday squashes bug that’s already exploited

Windows Patch Tuesday squashes bug that’s already exploited

The December 2024 Patch Tuesday contains 71 patches, 16 of which are labeled critical. One of them revolves around a zero-day that is already being exploited.

The vulnerability in question is CVE-2024-49138, which doesn’t seem that threatening with a CVSS score of 7.8. However, this bug in the Windows Common Log File System (CLFS) Driver gives attackers many options. Henry Smith, senior security engineer at Automox, suggests in conversation with Dark Reading that malicious actors use Windows APIs to manipulate or corrupt log data.

CrowdStrike’s Advanced Research Team discovered the vulnerability. This may mean we will hear more from that security company about exploitations of CVE-2024-49138 in the outside world.

Escalating privileges

The vulnerability is marginally dangerous on its own, but it becomes a significant risk along with an RCE bug that attackers may leverage. Thus, it appears once again that a not-too-critical vulnerability can actually be serious and vice versa. Thus, the CVSS score should never be taken to indicate the actual risk to organizations.

Read more: When is a critical vulnerability actually dangerous?

Indeed, vulnerabilities with a high CVE score (below CVSS 2.0 and CVSS 3.0) do not create the most dangerous security incidents. Security teams prioritize such vulnerabilities because high CVE scores indicate something else. They highlight, among other things, the attacker’s freedom of movement after an exploit, the difficulty of recovery, and the impact on IT system availability.

Another CVE that Microsoft is fighting through Patch Tuesday is CVE-2024-49112. A CVSS score of 9.8 is bound to make system administrators a little more eager to patch soon. This is an RCE vulnerability within the Windows Lightweight Directory Access Protocol (LDAP). It can compromise domain controllers and thereby manipulate user authentication. It is not yet known if this vulnerability has been exploited.

Also read: Last major Windows update of this year coming down the chimney