Microsoft Patches 71 Flaws Including Exploited Windows CLFS Zero-Day
Microsoft released fixes for 71 CVEs across 10 product families, including 17 Critical and 54 Important vulnerabilities, with the update heavily concentrated on Windows. The most severe issue was CVE-2024-49112, a CVSS 9.8 remote code execution flaw in LDAP affecting supported Windows client and server versions back to Windows Server 2008, while multiple other patches addressed remote code execution risks in Remote Desktop Services and additional Windows components.
Microsoft also fixed an actively exploited zero-day, CVE-2024-49138, in the Windows Common Log File System Driver (CLFS), and identified six more vulnerabilities as more likely to be exploited within 30 days. Those higher-risk issues affected SharePoint, MSMQ, ReFS, and several Windows drivers, underscoring broad exposure across enterprise environments; Sophos said protections were available for five of the patched vulnerabilities, and noted Microsoft patched 1,015 CVEs through Patch Tuesday during 2024, the company’s highest annual total since 2020.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
1 event from the most recent confirmed update back to the earliest known activity.
Microsoft releases December 2024 Patch Tuesday fixes
Microsoft's December 2024 Patch Tuesday release addressed 71 CVEs across 10 product families, including 17 Critical and 54 Important vulnerabilities. The release included fixes for an actively exploited zero-day, CVE-2024-49138, and other high-risk flaws such as CVE-2024-49112 in LDAP.
Sources
1 reference tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Microsoft Patch Tuesday Fixes 79 CVEs, Including Exploited Windows Flaws
Microsoft released fixes for **79 vulnerabilities** across 11 product families, including **7 Critical** issues and multiple flaws already exploited or associated with exploited conditions. The most significant actively exploited bugs were **`CVE-2024-38014`** in **Windows Installer** and **`CVE-2024-38217`** in **Windows Mark of the Web**, while **`CVE-2024-43491`** in the **Windows Update servicing stack** was highlighted as a high-severity risk for supported **Windows 10 version 1507 LTSB** and **IoT Enterprise 2015 LTSB** systems. Windows accounted for **47** of the patched CVEs, with **SQL Server** receiving fixes for **13** vulnerabilities and **SharePoint** affected by several high-risk remote code execution flaws that Microsoft said were more likely to be exploited within 30 days. Microsoft also noted that **Windows 11 24H2** is affected by **29** CVEs, including two already exploited in the wild, and the release referenced three **Adobe** vulnerabilities, including **`CVE-2024-41869`**, a critical **Adobe Reader** use-after-free flaw for which a workable exploit was already available.
Jan 1, 2026
Microsoft Patches 163 Flaws Including Exploited SharePoint Bug
Microsoft released fixes for **163 CVEs** across 17 product families, including **8 Critical** vulnerabilities, **1 publicly disclosed** flaw, and **1 vulnerability under active exploitation**. The exploited issue, `CVE-2026-32201`, is a **Microsoft SharePoint Server spoofing vulnerability** that can let an unauthenticated attacker impersonate a user and read or modify certain data. Microsoft also patched `CVE-2026-33825`, a **publicly disclosed Microsoft Defender elevation-of-privilege flaw** that affects systems only when Defender is enabled; the company said customers using Defender automatic updates are remediated automatically. Among the most severe issues, Microsoft highlighted `CVE-2026-33824`, a **Critical Windows Internet Key Exchange (IKE) Service Extensions remote code execution vulnerability** with a **CVSS 9.8**, and advised defenders to restrict **UDP ports 500 and 4500** until patching is complete. Elevation-of-privilege bugs made up the largest share of the release with **94 CVEs**, while **Windows** accounted for **131** of the patched vulnerabilities. Microsoft said **24 flaws** were more likely to be exploited within 30 days, **18** carried CVSS scores of **8.0 or higher**, and the release also included **80 Edge-related advisories**, most inherited from Chrome.
May 25, 2026
Microsoft Patches 163 Flaws Including Exploited SharePoint Bug and Defender Zero-Day
Microsoft released fixes for **163 vulnerabilities** in its April Patch Tuesday update, marking one of its largest security releases on record. The bundle includes **8 Critical** flaws, **154 Important** issues, and **1 Moderate** bug, with seven of the Critical vulnerabilities enabling remote code execution across products and components including **Windows TCP/IP**, **Windows IKE Service Extensions**, **Active Directory**, **Remote Desktop Client**, **Microsoft Office**, and **Microsoft Word**. Belgian authorities urged organizations to apply the updates immediately. The most urgent issues include **`CVE-2026-32201`**, an actively exploited **Microsoft SharePoint Server** vulnerability that was added to CISA’s Known Exploited Vulnerabilities catalog, and **`CVE-2026-33825`** in **Microsoft Defender**, a publicly disclosed zero-day tied to proof-of-concept code associated with the **BlueHammer** exploit. Microsoft also shipped Windows 11 cumulative updates with security hardening changes, including safer handling of **`.rdp`** files and improved visibility into **Secure Boot** certificates, while the broader patch set addressed numerous elevation-of-privilege and security feature bypass flaws that could support post-compromise escalation.
Apr 22, 2026