Press Release

Microsoft Patch Tuesday 2024 Year in Review: Comment from Satnam Narang, Sr. Staff Research Engineer, Tenable

“In 2024, Microsoft patched 1009 CVEs including 22 zero-day vulnerabilities that were exploited in the wild. Looking at all 1009 vulnerabilities patched this year, nearly 40% were remote code execution flaws. Elevation of privilege and denial of service vulnerabilities accounted for 29% and 10% respectively. The majority of vulnerabilities were rated as important at 93.6%, followed by critical at 5.4% and moderate at 1.1%. There were no vulnerabilities labelled as low. 

 

“In its final Patch Tuesday of 2024, Microsoft addressed CVE-2024-49138, an elevation of privilege zero day in the Windows Common Log File System (CLFS) Driver and the lone flaw in this month’s release with the “exploited” label.

 

“CVE-2024-49138 was the ninth vulnerability in the Windows CLFS driver patched in 2024, but the first to be exploited in the wild this year. Last year, there were two CLFS driver zero-days (CVE-2023-28252, CVE-2023-23376) exploited in the wild.

 

“Though in-the-wild exploitation details aren’t known yet, looking back at the history of CLFS driver vulnerabilities, it is interesting to note that ransomware operators have developed a penchant for exploiting CLFS elevation of privilege flaws over the last few years. Unlike advanced persistent threat groups that typically focus on precision and patience, ransomware operators and affiliates are focused on the smash and grab tactics by any means necessary. By using elevation of privilege flaws like this one in CLFS, ransomware affiliates can move through a given network in order to steal and encrypt data and begin extorting their victims.”— Satnam Narang, Sr. Staff Research Engineer, Tenable