menu
techminis

A naukri.com initiative

google-web-stories
source image

Qualys

2w

read

98

img
dot

Image Credit: Qualys

Microsoft Patch Tuesday, December 2024 Security Update Review

  • Microsoft released its December Patch Tuesday, addressing 73 vulnerabilities, including 16 critical and 54 important severity vulnerabilities.
  • Microsoft has fixed several flaws in multiple software, including Spoofing, Denial of Service (DoS), Elevation of Privilege (EoP), Information Disclosure, and Remote Code Execution (RCE).
  • One of the vulnerabilities patched includes a zero-day vulnerability that was known to be exploited in the wild.
  • The vulnerabilities Microsoft has addressed this month affects products such as Windows Hyper-V, Windows Cloud Files Mini Filter Driver, Windows Remote Desktop, Windows Message Queuing, and more.
  • Several critical severity vulnerabilities have been patched, among which, CVE-2024-49117, CVE-2024-49124, CVE-2024-49126, CVE-2024-49122 & CVE-2024-49118, CVE-2024-49112, CVE-2024-49127, and CVE-2024-49106, CVE-2024-49108, CVE-2024-49115, CVE-2024-49116, CVE-2024-49119, CVE-2024-49120, CVE-2024-49123.
  • Microsoft has addressed two vulnerabilities in Microsoft Edge (Chromium-based) in this month’s updates.
  • Microsoft SharePoint has a remote code execution vulnerability (CVE-2024-49070), and the Windows Resilient File System (ReFS) has an elevation of privilege vulnerability (CVE-2024-49093).
  • Qualys Policy Compliance provides out-of-the-box mitigation or compensatory controls that can reduce the risk of a vulnerability being exploited because the remediation (fix/Patch) cannot be done now.
  • The next Patch Tuesday falls on January 14th.
  • The Qualys Research team hosts a monthly webinar series to help our existing customers leverage the seamless integration between Qualys Vulnerability Management Detection Response (VMDR) and Qualys Patch Management.

Read Full Article

like

5 Likes

For uninterrupted reading, download the app