A critical security vulnerability affecting Windows 10, 11, and several Windows Server versions is currently being actively exploited. It is crucial to install the latest security updates from Windows Update immediately. Failure to do so could allow attackers to gain system privileges and potentially cause significant damage.
CVE-2024-49138: High-Risk Vulnerability
The vulnerability, tracked as CVE-2024-49138, allows attackers to escalate privileges to the system level. Several editions of Windows 10 and 11, as well as Windows Server versions (including 2012 and 2008), are at risk. While Microsoft has not disclosed specific details about the exploit method, the potential impact is severe.
CVE-2024-49112: Critical LDAP Vulnerability
Another critical vulnerability, CVE-2024-49112, affects the Lightweight Directory Access Protocol (LDAP) in various Windows versions. Microsoft advises disconnecting affected domain controllers from the internet if security updates cannot be installed immediately.
Other Vulnerabilities Addressed
Microsoft's December Patch Tuesday also addresses vulnerabilities in Hyper-V, Office, and Remote Desktop Services. Most of these are classified as "high" risk.
Get the Updates Now
For a detailed list of affected products and the available security updates, refer to Microsoft's Security Update Guide
