{"id":136282,"date":"2024-12-12T19:08:59","date_gmt":"2024-12-12T12:08:59","guid":{"rendered":"https:\/\/hotvideos24.online\/?p=136282"},"modified":"2024-12-12T19:08:59","modified_gmt":"2024-12-12T12:08:59","slug":"new-windows-0day-attack-strikes-microsoft-warns-millions-to-update-now","status":"publish","type":"post","link":"https:\/\/hotvideos24.online\/?p=136282","title":{"rendered":"New Windows 0Day Attack Strikes\u2014Microsoft Warns Millions To Update Now"},"content":{"rendered":"<p> <script async src=\"https:\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-3711241968723425\"\r\n     crossorigin=\"anonymous\"><\/script>\r\n<ins class=\"adsbygoogle\"\r\n     style=\"display:block\"\r\n     data-ad-format=\"fluid\"\r\n     data-ad-layout-key=\"-fb+5w+4e-db+86\"\r\n     data-ad-client=\"ca-pub-3711241968723425\"\r\n     data-ad-slot=\"7910942971\"><\/ins>\r\n<script>\r\n     (adsbygoogle = window.adsbygoogle || []).push({});\r\n<\/script><br \/>\n<\/p>\n<div>\n<figure class=\"embed-base image-embed embed-0\" role=\"presentation\"><figcaption><fbs-accordion><\/p>\n<p class=\"color-body light-text\">Windows users urged to update now as new cyberattack confirmed<\/p>\n<p><\/fbs-accordion><small>NurPhoto via Getty Images<\/small><\/figcaption><\/figure>\n<p><em>Update, Dec. 12, 2024: This story, originally published Dec. 11, now includes further information from security experts regarding another critical vulnerability within the latest Windows security round-up and a reminder of why it\u2019s imperative everyone updates their Windows PC now.<\/em><\/p>\n<p>Microsoft has confirmed a zero-day security vulnerability that can open up Windows devices to full system compromise is under active exploitation. The cyberattack has also been confirmed by the <a href=\"https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/12\/10\/cisa-confirms-271-new-critical-security-warnings-from-android-to-zyxel\/\" target=\"_self\" class=\"color-link\" title=\"https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/12\/10\/cisa-confirms-271-new-critical-security-warnings-from-android-to-zyxel\/\" data-ga-track=\"InternalLink:https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/12\/10\/cisa-confirms-271-new-critical-security-warnings-from-android-to-zyxel\/\" aria-label=\"U.S. Cybersecurity and Infrastructure Security Agency\" rel=\"noopener\">U.S. Cybersecurity and Infrastructure Security Agency<\/a>, part of the Department of Homeland Security, which has added the security issue to the Known Exploited Vulnerability Catalog, and advised it \u201cposes significant risks\u201d with a recommendation for all users to take appropriate remediation measures and update now. Here\u2019s what you need to know about CVE-2024-49138.<\/p>\n<p><a class=\"embed-base color-body color-body-border link-embed embed-2\" href=\"https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/12\/10\/new-android-windows-warning-this-attack-downdates-browser-security\/\" target=\"_blank\" aria-label=\"New Android, Windows Warning\u2014Attack Erases Browser Security Updates\" rel=\"noopener noreferrer\" data-ga-track=\"forbesEmbedly:https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/12\/10\/new-android-windows-warning-this-attack-downdates-browser-security\/\"><span class=\"link-embed__info\"><span class=\"link-embed__provider\">Forbes<\/span><span class=\"link-embed__title\">New Android, Windows Warning\u2014Attack Erases Browser Security Updates<\/span><small class=\"link-embed__byline\">By <span class=\"link-embed__author\">Davey Winder<\/span><\/small><\/span><span class=\"link-embed__thumbnail-wrapper\"><span class=\"link-embed__thumbnail allow-inline-style\" style=\"background-image: url(https:\/\/specials-images.forbesimg.com\/imageserve\/660d1b09f7df78879da1abfd\/960x0.jpg);\"\/><\/span><\/a><\/p>\n<h2 class=\"subhead-embed color-accent bg-base font-accent font-size text-align\">The CVE-2024-49138 Threat To Windows Users<\/h2>\n<p>The <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/releaseNote\/2024-Dec\" rel=\"nofollow noopener noreferrer\" target=\"_blank\" class=\"color-link\" title=\"https:\/\/msrc.microsoft.com\/update-guide\/releaseNote\/2024-Dec\" data-ga-track=\"ExternalLink:https:\/\/msrc.microsoft.com\/update-guide\/releaseNote\/2024-Dec\" aria-label=\"December round of Patch Tuesday vulnerability fixes\">December round of Patch Tuesday vulnerability fixes<\/a> has been released by Microsoft, and among the 72 vulnerabilities this month is one that needs your full attention right now: <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2024-49138\" rel=\"nofollow noopener noreferrer\" target=\"_blank\" class=\"color-link\" title=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2024-49138\" data-ga-track=\"ExternalLink:https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2024-49138\" aria-label=\"CVE-2024-49138\">CVE-2024-49138<\/a>.<\/p>\n<p><fbs-ad position=\"inread\" progressive=\"\" ad-id=\"article-0-inread\" aria-hidden=\"true\" role=\"presentation\"\/><\/p>\n<p>Not much is known about the vulnerability itself, as is often the case with such zero-day issues this detail is held back until as many users as possible have had the opportunity to patch against the exploit. However, what we do know is that it\u2019s a heap-based buffer overflow vulnerability, a memory security issue, in the Microsoft Windows Common Log File System driver. We also know that it is a very widespread vulnerability impacting millions of Windows users.<\/p>\n<p>\u201cThe vulnerability affects all Windows OS editions back to Server 2008,\u201d Chris Goettl, vice president of security product management at Ivanti, said. \u201cThe CVE is rated Important by Microsoft and has a CVSSv3.1 score of 7.8. Risk-based prioritization would rate this vulnerability as Critical which makes the Windows OS update this month your top priority.\u201d<\/p>\n<p>CISA also sees this as being a top priority, having added it to the KEV catalog along with stating that it \u201cCISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation\u201d of the critical issue.<\/p>\n<p> <a class=\"embed-base color-body color-body-border link-embed embed-4\" href=\"https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/12\/07\/gmail-takeover-hack-attack-google-warns-you-have-just-7-days-to-act\/\" target=\"_blank\" aria-label=\"Gmail Takeover Hack Attack\u2014Google Says You Have 7 Days To Act\" rel=\"noopener noreferrer\" data-ga-track=\"forbesEmbedly:https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/12\/07\/gmail-takeover-hack-attack-google-warns-you-have-just-7-days-to-act\/\"><span class=\"link-embed__info\"><span class=\"link-embed__provider\">Forbes<\/span><span class=\"link-embed__title\">Gmail Takeover Hack Attack\u2014Google Says You Have 7 Days To Act<\/span><small class=\"link-embed__byline\">By <span class=\"link-embed__author\">Davey Winder<\/span><\/small><\/span><span class=\"link-embed__thumbnail-wrapper\"><span class=\"link-embed__thumbnail allow-inline-style\" style=\"background-image: url(https:\/\/specials-images.forbesimg.com\/imageserve\/64e7031f115ba4a1a14af6bb\/960x0.jpg);\"\/><\/span><\/a><\/p>\n<h2 class=\"subhead-embed color-accent bg-base font-accent font-size text-align\">The Ransomware Risk Posed By CVE-2024-49138 To Windows Users<\/h2>\n<p>Given that Microsoft has said that it has evidenc<\/p>\n<p>e of in-the-wild exploitation and public disclosure for CVE-2024-49138, it\u2019s no wonder that this is being seen as a critical security moment for Windows users. Although, as Adam Barnett, lead software engineer at Rapid7, sagely pointed out, \u201cfor the third month in a row, Microsoft has published zero-day vulnerabilities on Patch Tuesday without evaluating any of them as critical severity at time of publication.\u201d Why is this important? Because Windows Common Log File System exploits are a favorite among cybercriminals, especially those participating in the ransomware sector. \u201cRansomware authors who have abused previous CLFS vulnerabilities will be only too pleased to get their hands on a fresh one,\u201d Barnett said, \u201cexpect more CLFS zero-day vulnerabilities to emerge in the future, at least until Microsoft performs a full replacement of the aging CLFS codebase instead of offering spot fixes for specific flaws.\u201d I have approached Microsoft for a statement.<\/p>\n<p><a class=\"embed-base color-body color-body-border link-embed embed-6\" href=\"https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/12\/03\/new-windows-backdoor-security-warning-for-bing-dropbox-google-users\/\" target=\"_blank\" aria-label=\"New Windows Backdoor Security Warning For Bing, Dropbox, Google Users\" rel=\"noopener noreferrer\" data-ga-track=\"forbesEmbedly:https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/12\/03\/new-windows-backdoor-security-warning-for-bing-dropbox-google-users\/\"><span class=\"link-embed__info\"><span class=\"link-embed__provider\">Forbes<\/span><span class=\"link-embed__title\">New Windows Backdoor Security Warning For Bing, Dropbox, Google Users<\/span><small class=\"link-embed__byline\">By <span class=\"link-embed__author\">Davey Winder<\/span><\/small><\/span><span class=\"link-embed__thumbnail-wrapper\"><span class=\"link-embed__thumbnail allow-inline-style\" style=\"background-image: url(https:\/\/specials-images.forbesimg.com\/imageserve\/670a4df7a23cbf3bc079fb37\/960x0.jpg);\"\/><\/span><\/a><\/p>\n<h2 class=\"subhead-embed color-accent bg-base font-accent font-size text-align\">CVE-2024-49138 Is Not The Only Windows Critical Vulnerability This Month<\/h2>\n<p>There\u2019s actually only a single security vulnerability with a criticality rating higher than 9.0 this month, and that\u2019s CVE-2024-49112 which targets the lightweight directory access protocol and has been allocated a whopping 9.8 on the risk scale. Unsurprisingly, this vulnerability could lead to remote and unauthenticated code execution, hence the exceptionally high score.<\/p>\n<p>\u201cMicrosoft has provided mitigations that are really just proper security hygiene but serve as a good reminder for enterprises,\u201d Tyler Reguly, associate director for security research and development at Fortra, said, \u201cdomain controllers must be blocked from Internet access.\u201d Reguly also took the time to look back over the year and calculated that Microsoft had resolved a total of 1088 vulnerabilities which \u201cis surprisingly similar to the 1063 vulnerabilities resolved in 2023 and the 1119 vulnerabilities resolved in 2022.\u201d<\/p>\n<p>In the meantime, all Windows users are urged to update now and not be confused by other headlines seemingly suggesting the contrary. This is about Windows security, not updating your operating system from one major release to another: please, I implore you, do not waste time as those who would compromise your systems and data most certainly won\u2019t be.<\/p>\n<p><a class=\"embed-base color-body color-body-border link-embed embed-8\" href=\"https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/12\/11\/new-advanced-email-attack-warning-issued-5-things-to-know\/\" target=\"_blank\" aria-label=\"New Email Attack Warning\u20145 Things To Look Out For\" rel=\"noopener noreferrer\" data-ga-track=\"forbesEmbedly:https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/12\/11\/new-advanced-email-attack-warning-issued-5-things-to-know\/\"><span class=\"link-embed__info\"><span class=\"link-embed__provider\">Forbes<\/span><span class=\"link-embed__title\">New Email Attack Warning\u20145 Things To Look Out For<\/span><small class=\"link-embed__byline\">By <span class=\"link-embed__author\">Davey Winder<\/span><\/small><\/span><span class=\"link-embed__thumbnail-wrapper\"><span class=\"link-embed__thumbnail allow-inline-style\" style=\"background-image: url(https:\/\/specials-images.forbesimg.com\/imageserve\/67597933fa993f1442898a18\/960x0.jpg);\"\/><\/span><\/a>\n<\/div>\n<p><script async src=\"https:\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-3711241968723425\"\r\n     crossorigin=\"anonymous\"><\/script>\r\n<ins class=\"adsbygoogle\"\r\n     style=\"display:block\"\r\n     data-ad-format=\"fluid\"\r\n     data-ad-layout-key=\"-fb+5w+4e-db+86\"\r\n     data-ad-client=\"ca-pub-3711241968723425\"\r\n     data-ad-slot=\"7910942971\"><\/ins>\r\n<script>\r\n     (adsbygoogle = window.adsbygoogle || []).push({});\r\n<\/script><br \/>\n<br \/><div data-type=\"_mgwidget\" data-widget-id=\"1660802\">\r\n<\/div>\r\n<script>(function(w,q){w[q]=w[q]||[];w[q].push([\"_mgc.load\"])})(window,\"_mgq\");\r\n<\/script>\r\n<br \/>\n<br \/><a href=\"https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/12\/12\/new-windows-0day-attack-confirmed-homeland-security-says-update-now\/\">Source link <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Windows users urged to update now as new cyberattack confirmed NurPhoto via Getty Images Update, Dec. 12, 2024: This story, originally published Dec. 11, now includes further information from security &hellip; <a href=\"https:\/\/hotvideos24.online\/?p=136282\" class=\"more-link\">Read More<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8630],"tags":[],"class_list":["post-136282","post","type-post","status-publish","format-standard","hentry","category-technology","entry"],"_links":{"self":[{"href":"https:\/\/hotvideos24.online\/index.php?rest_route=\/wp\/v2\/posts\/136282","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hotvideos24.online\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hotvideos24.online\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hotvideos24.online\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/hotvideos24.online\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=136282"}],"version-history":[{"count":0,"href":"https:\/\/hotvideos24.online\/index.php?rest_route=\/wp\/v2\/posts\/136282\/revisions"}],"wp:attachment":[{"href":"https:\/\/hotvideos24.online\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=136282"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hotvideos24.online\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=136282"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hotvideos24.online\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=136282"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}