windows 10 – TheNewsHub https://thenewshub.in Wed, 11 Dec 2024 06:49:51 +0000 en-US hourly 1 https://wordpress.org/?v=6.7.1 Microsoft Windows 11 and Windows 10 Updated With Fix for Actively Exploited Zero-Day Vulnerability https://thenewshub.in/2024/12/11/microsoft-windows-11-and-windows-10-updated-with-fix-for-actively-exploited-zero-day-vulnerability/ https://thenewshub.in/2024/12/11/microsoft-windows-11-and-windows-10-updated-with-fix-for-actively-exploited-zero-day-vulnerability/?noamp=mobile#respond Wed, 11 Dec 2024 06:49:51 +0000 https://thenewshub.in/2024/12/11/microsoft-windows-11-and-windows-10-updated-with-fix-for-actively-exploited-zero-day-vulnerability/

Microsoft has rolled out its latest security updates as part of the December 2024 Patch Tuesday release, and users with Windows laptops and desktop computers should update their systems as soon as possible. According to the company’s release notes, the latest security updates fix a publicly disclosed, actively exploited zero-day vulnerability. It also includes fixes for 30 remote code execution vulnerabilities — of these, 16 are designated as critical — and 41 other security flaws related to operating system components.

Microsoft Fixes Zero-Day Vulnerability Discovered by Crowdstrike

The security updates rolled out by Microsoft on Tuesday (via BleepingComputer) include a fix for CVE-2024-49138 (Windows Common Log File System Driver Elevation of Privilege Vulnerability), which is a publicly disclosed zero-day vulnerability that was actively exploited, according to the company.

The flaw allowed attackers to gain access to system-level privileges on an affected Windows PC, and was discovered by Crowdstrike’s Advanced Research Team. Details on how the flaw was exploited were not provided by Microsoft, presumably to ensure that users have enough time to install the latest security updates.

In addition to the fixes for the actively exploited zero-day vulnerability, Microsoft has also patched a total of 71 flaws affecting various Windows components. This includes 30 remote code execution vulnerabilities, out of which 16 have a ‘Critical’ severity rating, and 27 vulnerabilities that would enable attackers to gain elevated privileges on an unpatched Windows PC.

The latest security updates for Windows also include patches for flaws in third party products. Vendors like Adobe, Cisco, OpenWrt, and SAP have issued security updates, while the US Cybersecurity and Infrastructure Security Agency (CISA) has published advisories on vulnerabilities in industrial control systems from various companies.

Users with Windows 11 PCs will need to install the KB5048667 (24H2) and KB5048685 (23H2) cumulative updates, which contain the December 2024 security updates. Users with older machines that are running Windows 10 will need to install the KB5048652 (22H2) update.

]]> https://thenewshub.in/2024/12/11/microsoft-windows-11-and-windows-10-updated-with-fix-for-actively-exploited-zero-day-vulnerability/feed/ 0 CERT-In Warns Users of Multiple Vulnerabilities in Different Versions of Microsoft Windows OS https://thenewshub.in/2024/08/13/cert-in-warns-users-of-multiple-vulnerabilities-in-different-versions-of-microsoft-windows-os/ https://thenewshub.in/2024/08/13/cert-in-warns-users-of-multiple-vulnerabilities-in-different-versions-of-microsoft-windows-os/?noamp=mobile#respond Tue, 13 Aug 2024 09:45:22 +0000 https://thenewshub.in/2024/08/13/cert-in-warns-users-of-multiple-vulnerabilities-in-different-versions-of-microsoft-windows-os/

The Indian Computer Emergency Response Team (CERT-In) has issued an advisory regarding multiple vulnerabilities affecting Microsoft’s Windows operating systems. Two separate vulnerabilities were found in various builds of Windows 10, Windows 11, and Windows Server, the company’s platform for running network-based applications. The cybersecurity agency has flagged these vulnerabilities as medium risk. While no security patches for them exist currently, Microsoft has released a set of actions users can take to safeguard themselves. Notably, CERT-In highlighted several security flaws in older Apple operating systems earlier this month.

CERT-In Issues Advisory for Microsoft Windows OS

In an advisory issued on Monday (August 12), the cybersecurity agency highlighted two different vulnerabilities in Windows OS. These security flaws can allow an attacker to gain unauthorised privileges on the targeted system.

“These vulnerabilities exist in Windows-based systems supporting Virtualization Based Security (VBS) and Windows Backup. An attacker with appropriate privileges could exploit these vulnerabilities to reintroduce previously mitigated issues or bypass VBS protections,” said CERT-In.

The two vulnerabilities have been labelled CVE-2024-21302 and CVE-2024-38202 by the nodal agency, which comes under the Ministry of Electronics and Information Technology (MeitY). Here, CVE stands for common vulnerabilities and exposures, and the format is a standardised method of identifying and describing security flaws in software. The full list of affected Windows software is shared below.

  • Windows Server 2016 (Server Core installation)
  • Windows Server 2016
  • Windows 10 Version 1607 for x64-based Systems
  • Windows 10 Version 1607 for 32-bit Systems
  • Windows 10 for x64-based Systems
  • Windows 10 for 32-bit Systems
  • Windows 11 Version 24H2 for x64-based Systems
  • Windows 11 Version 24H2 for ARM64-based Systems
  • Windows Server 2022, 23H2 Edition (Server Core installation)
  • Windows 11 Version 23H2 for x64-based Systems
  • Windows 11 Version 23H2 for ARM64-based Systems
  • Windows 10 Version 22H2 for 32-bit Systems
  • Windows 10 Version 22H2 for ARM64-based Systems
  • Windows 10 Version 22H2 for x64-based Systems
  • Windows 11 Version 22H2 for x64-based Systems
  • Windows 11 Version 22H2 for ARM64-based Systems
  • Windows 10 Version 21H2 for x64-based Systems
  • Windows 10 Version 21H2 for ARM64-based Systems
  • Windows 10 Version 21H2 for 32-bit Systems
  • Windows 11 version 21H2 for ARM64-based Systems
  • Windows 11 version 21H2 for x64-based Systems
  • Windows Server 2022 (Server Core installation)
  • Windows Server 2022
  • Windows Server 2019 (Server Core installation)
  • Windows Server 2019
  • Windows 10 Version 1809 for ARM64-based Systems
  • Windows 10 Version 1809 for x64-based Systems
  • Windows 10 Version 1809 for 32-bit Systems

As per the advisory, currently, there are no security patches available for the security flaws. While this presents a concerning situation, the scope of the vulnerability is not very wide as the attacker needs to hold some privilege within the system before exploiting these flaws.

Microsoft has also posted a set of recommended actions for each of the vulnerabilities to help users mitigate the potential for an attack. The tech giant has also highlighted that the CVE will be updated and the users will be notified once a security update is ready to be shipped.

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who’sThat360 on Instagram and YouTube.


Nacon Delays Terminator: Survivors Until 2025, Says Game Needs Time to Meet Expectations



Itel A50, Itel A50C With Unisoc T603 SoC Launched in India: Price, Specifications



]]> https://thenewshub.in/2024/08/13/cert-in-warns-users-of-multiple-vulnerabilities-in-different-versions-of-microsoft-windows-os/feed/ 0