Microsoft has acknowledged that a serious zero-day security vulnerability that could lead to complete system compromise on Windows devices and it is right now being actively exploited. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is the section of the Department of Homeland Security that has also confirmed that the cyber threat has been added to the Known Exploited Vulnerability Catalog.
They have warned that this issue presents major risks and have strongly recommended that all users take immediate action to remediate and update their systems.
In December, Microsoft released its Patch Tuesday updates, addressing a total of 72 vulnerabilities but one in particular demands urgent attention, which is CVE:2024-49138.
Details about this vulnerability remain scarce as it is typical with the zero-day threats with some specifics withheld to allow the users time to implement necessary patches.
However, it has been identified as a heap-based buffer overflow vulnerability within the Microsoft Windows Common Log File System driver, it represented a major memory security flaw that affects millions of Windows users.
The vice president of security product management at Ivanti, Chris Goettl, mentioned that “This vulnerability impacts all editions of Windows OS dating back to Server 2008.”
Microsft has classified the CV as Important, assigning it a CVSSv3.1 score of 7.8, given the potential impact, risk-based prioritization would categorize this vulnerability as Critical which makes the Windows OS update this month an absolute priority.
CISA has also echoed this sentiment and emphasized the urgency by including it in the KEV catalog and urging organizations to minimize their exposure to cyber traits by focusing on prompt remediation of the critical issue. With Microsoft reporting evidence of active exploitation and public disclosure regarding CVE-2024-49138, it is clear that it represents a crucial security moment for the users of Windows.
Tech Journalist
Subscribe to our newsletter and get top Tech, Gaming & Streaming latest news, updates and amazing offers delivered directly in your inbox.
