Microsoft has released its final Patch Tuesday updates for 2024 addressing more than 70 security vulnerabilities across its software ecosystem, including a high-risk vulnerability exploited in the wild.
Tracked as CVE-2024-49138, the flaw affects the Windows Common Log File System (CLFS) Driver and can be abused by a local user for code execution with SYSTEM privileges.
CVE-2024-49138 marks the fifth actively exploited CLFS privilege escalation vulnerability since 2022. Previous patched flaws include
CVE-2022-24521, CVE-2022-37969, CVE-2023-23376, and CVE-2023-28252.
In addition to CVE-2024-49138, Microsoft has addressed a slew of high-risk vulnerabilities across various software, including Microsoft Access, Microsoft Defender for Endpoint on Android, Microsoft LDAP, Microsoft Excel, Microsoft SharePoint, Microsoft LSASS, Microsoft IME, MSMQ, Microsoft Windows Remote Desktop Services, and Microsoft RRAS.