
Microsoft Patch Tuesday: December 2024
On December 10, 2024, Microsoft released their December 2024 security update, which included patches for 72 newly disclosed vulnerabilities. Among these vulnerabilities, Arctic Wolf has
Delivering security operations outcomes.
Delivering AI outcomes you can trust.
Leverage the power of scale and AI expertise.
Ecosystem integrations and technology partnerships.
Tailored security expertise and guided risk mitigation.
Security experts proactively protecting you 24×7.
Meet the security experts working alongside you and your team.
Learn how our IR team stops attacks and swiftly restores your organisation to pre-incident operations.
Address cyber risk end-to-end.
Map your security posture against industry standard frameworks.
Continuously discover, prioritise, and reduce exposure across your attack surface.
Receive end-to-end IR coverage for one incident, no matter the incident type.
Engage and prepare employees to recognize and neutralise social engineering attacks.
AI-driven prevention, detection, and response to stop endpoint threats before they disrupt your business.
Quickly detect, respond, and recover from advanced threats.
Recover quickly from cyber attacks and breaches, from threat containment to business restoration.
Stay covered at no cost with up to $3M in financial assistance for cybersecurity incidents.
Increase the likelihood of insurability, and potentially lower your rates.
Access a complimentary suite of tools to reduce risk and improve insurability.
NIS2 Directive
NIS2 aims to make the EU as a whole more resilient to cyber threats and strengthen cooperation between Member States on cybersecurity.The Arctic Wolf State of Cybersecurity: 2025 Trends ReportThe Arctic Wolf State of Cybersecurity: 2025 Trends Report serves as an opportunity for decision makers to share their experiences over the past 12 months and their perspectives on some of the most important issues shaping the IT and security landscape.2025 Arctic Wolf Threat ReportThe Arctic Wolf Threat Report draws upon the first-hand experience of our security experts, augmented by research from our threat intelligence team. |

On December 10, 2024, Microsoft released their December 2024 security update, which included patches for 72 newly disclosed vulnerabilities. Among these vulnerabilities, Arctic Wolf has
Update: Dec 11, 2024. Find the latest information in our follow-up security bulletin. On December 7, 2024, Arctic Wolf began observing a novel campaign exploiting

On December 3, 2024, Veeam disclosed a critical vulnerability within the Veeam Service Provider Console (VSPC), tracked as CVE-2024-42448, which was discovered during internal testing.

Click here for more information regarding our observations of these vulnerabilities being actively exploited. On November 19, 2024, Arctic Wolf began observing active exploitation of the recently-disclosed

Update (11/20/2024): Another follow-up bulletin has been published with new updates. Please refer to our updated bulletin for the most current information. On November 18,

Update (11/18/2024): A follow-up bulletin has been published with new updates. Please refer to our updated bulletin for the most current information. On November 14,

On November 12, 2024, Microsoft released its monthly security update, addressing 89 newly identified vulnerabilities. Among these vulnerabilities, Arctic Wolf has highlighted five that were

On November 12, 2024, Ivanti released fixes for CVE-2024-50330, a critical severity vulnerability in Ivanti Endpoint Manager (EPM). This flaw allows Remote Code Execution (RCE)

On November 5, 2024, Hewlett Packard Enterprise (HPE), the parent company of Aruba Networks, released a security bulletin addressing two critical-severity vulnerabilities affecting Aruba Networks

On November 1, 2024, details of a critical vulnerability affecting Synology NAS devices, which had been patched a few days earlier, were publicly disclosed. This

On October 29, 2024, QNAP issued a security advisory regarding a critical OS command injection vulnerability, tracked as CVE-2024-50388. Discovered by researchers at the Pwn2Own

On October 23, 2024, Fortinet published an advisory disclosing an actively exploited vulnerability (CVE-2024-47575) affecting FortiManager and FortiManager Cloud. The critical-severity vulnerability can be exploited

On October 21, 2024, Broadcom released updated fixes for the critical Remote Code Execution (RCE) vulnerability CVE-2024-38812 in vCenter Server and Cloud Foundation, as the

On October 15, 2024, SolarWinds released a hotfix for CVE-2024-28988, a critical Remote Code Execution (RCE) vulnerability affecting Web Help Desk (WHD). WHD is an

On October 9, 2024, GitLab released patches for a critical vulnerability affecting various versions of GitLab EE, identified as CVE-2024-9164. This flaw allows a remote

On October 7, 2024, Microsoft released its October security update, addressing 117 vulnerabilities. Arctic Wolf has highlighted four of these vulnerabilities, which were either classified

On September 24, 2024, Rackspace, a managed cloud computing company providing cloud hosting, dedicated servers, and multi-cloud solutions, reported an issue with their Rackspace Monitoring

On September 26, 2024, a security researcher disclosed several vulnerabilities affecting Common UNIX Printing System (CUPS) within GNU/Linux distributions. CUPS is an open-source printing system

On September 24, 2024, Hewlett Packard Enterprise (HPE), the parent company of Aruba Networks, released a security bulletin addressing three critical command injection vulnerabilities affecting

Update (10/22/2024): Broadcom has released updated fixes for this vulnerability as the initial patch from September did not fully resolve the issue. Please read our

On September 11, 2024, GitLab released patches for a critical vulnerability affecting various versions of GitLab CE/EE, identified as CVE-2024-6678. This flaw allows a remote

On September 10, 2024, Microsoft released its September security update, addressing 79 vulnerabilities. Arctic Wolf has highlighted four vulnerabilities in this bulletin that Microsoft labeled

On September 10, 2024, Ivanti released fixes for CVE-2024-29847, a maximum severity vulnerability in Ivanti Endpoint Manager (EPM). This flaw, found in the agent portal

On August 22, 2024, a remote code execution vulnerability (CVE-2024-40766) was disclosed in SonicOS, affecting a selection of SonicWall firewall devices. At the time of

On September 4, 2024, Veeam released a security bulletin announcing that they have fixed several vulnerabilities affecting various Veeam products. Arctic Wolf has highlighted five

On September 4, 2024, Cisco released fixes for two critical vulnerabilities in Cisco Smart Licensing Utility (CSLU), a tool used to manage licenses across Cisco

On September 3, 2024, Zyxel released patches for a critical OS command injection vulnerability, identified as CVE-2024-7261, affecting Access Points (APs) and security routers. This

On August 27, 2024, Fortra published a security advisory regarding a critical credential vulnerability in FileCatalyst Workflow, identified as CVE-2024-6633. FileCatalyst Workflow is a managed

Update: As of September 6, 2024, we published an updated bulletin indicating potential exploitation of CVE-2024-40766 by affiliates of Akira ransomware. Please review the updated bulletin for more details.

Updates Since Last Security Bulletin: CVE-2024-28986 was added to CISA’s Known Exploited Vulnerabilities Catalog. A second hotfix has been released to address a newly disclosed
GLOBAL HEADQUARTERS
© 2026 Arctic Wolf Networks Inc. All Rights Reserved. |
||||||
Privacy Notice |
Terms of Use |
Cookie Policy |
Accessibility Statement |
Information Security |
Sustainability Statement |
Cookies Settings |