Microsoft’s Patch Tuesday, has just celebrated its 21st anniversary. After a wrap-up covering the 20th anniversary in 2023, the Tenable Security Response Team (SRT) chose to keep the tradition and cover trends and significant vulnerabilities from the 2024 Patch Tuesday releases.

In 2024, Microsoft patched 1,009 CVEs throughout the year across a multitude of products. In contrast, 2023 saw 909 CVE’s patched and in 2022, 917 CVE’s were patched. While Microsoft has yet to break its 2020 record with 1,245 CVE’s patched, 2024 was still significant, as it is only the second time since Patch Tuesday’s inception that Microsoft patched over 1,000 CVE’s in a year.

Please find below a comment from Satnam Narang, sr. staff research engineer at Tenable and a full 2024 year in review of Patch Tuesday analysis.

“In 2024, Microsoft patched 1009 CVEs including 22 zero-day vulnerabilities that were exploited in the wild. Looking at all 1009 vulnerabilities patched this year, nearly 40% were remote code execution flaws. Elevation of privilege and denial of service vulnerabilities accounted for 29% and 10% respectively. The majority of vulnerabilities were rated as important at 93.6%, followed by critical at 5.4% and moderate at 1.1%. There were no vulnerabilities labelled as low.

“In its final Patch Tuesday of 2024, Microsoft addressed CVE-2024-49138, an elevation of privilege zero day in the Windows Common Log File System (CLFS) Driver and the lone flaw in this month’s release with the “exploited” label.

“CVE-2024-49138 was the ninth vulnerability in the Windows CLFS driver patched in 2024, but the first to be exploited in the wild this year. Last year, there were two CLFS driver zero-days (CVE-2023-28252, CVE-2023-23376) exploited in the wild.

“Though in-the-wild exploitation details aren’t known yet, looking back at the history of CLFS driver vulnerabilities, it is interesting to note that ransomware operators have developed a penchant for exploiting CLFS elevation of privilege flaws over the last few years. Unlike advanced persistent threat groups that typically focus on precision and patience, ransomware operators and affiliates are focused on the smash and grab tactics by any means necessary. By using elevation of privilege flaws like this one in CLFS, ransomware affiliates can move through a given network in order to steal and encrypt data and begin extorting their victims.”