Notebookcheck Logo

Critical security updates: Attackers can obtain system privileges on Windows devices

Vulnerabilities in several versions of Windows mandate the installation of security updates from Windows Update. (Image source: Microsoft)
Vulnerabilities in several versions of Windows mandate the installation of security updates from Windows Update. (Image source: Microsoft)
A security vulnerability in Windows 10 and 11, as well as Windows Server 2008 and 2022, is currently being actively exploited by attackers, making it urgent to install the latest security updates through Windows Update. Otherwise, attackers could use the vulnerability to gain system rights and cause significant damage.

Microsoft has addressed several security vulnerabilities in products including Sharepoint, Hyper-V, Windows, and Office as part of its December Patchday. The new updates prevent malicious code from running on devices running Microsoft software. In particular, a vulnerability in Windows 10/11 and Windows Server is being actively exploited by attackers, urging users of Windows systems to take immediate action.

The vulnerability, CVE-2024-49138 (Common Vulnerabilities and Exposures), could allow an attacker to gain system privileges. Various editions of Windows 10 and 11, as well as several Windows Server versions (including 2012 and 2008) are affected, which is why this vulnerability is classified as a "high" security risk. This vulnerability could allow hackers to gain system privileges and make far-reaching changes and manipulations to the operating system. However, Microsoft is not currently disclosing any details about how attackers might proceed.

Security vulnerabilities also found in other Microsoft products

Another vulnerability, CVE-2024-49112, in the Lightweight Directory Access Protocol (LDAP) is rated "critical" and also affects several current versions of Windows and Windows Server. According to Microsoft (via Heise Security), if security updates cannot currently be installed on a user's Windows computer, the domain controller should be disconnected from the Internet. No further information is available about this vulnerability either.

Microsoft's December patchday also fixes vulnerabilities in the Hyper-V virtualization platform, the Office suite and the Remote Desktop Service, with most of these vulnerabilities rated as "high". A detailed overview can be found in Microsoft's Security Update Guide (purchase the book "Windows Security Internals: A Deep Dive into Windows Authentication, Authorization, and Auditing" from Amazon US).

Read all 2 comments / answer
static version load dynamic
Loading Comments
Comment on this article
Please share our article, every link counts!
Mail Logo
> Expert Reviews and News on Laptops, Smartphones and Tech Innovations > News > News Archive > Newsarchive 2024 12 > Critical security updates: Attackers can obtain system privileges on Windows devices
Alexander Pensler, 2024-12-11 (Update: 2024-12-12)