December 2024 Security Patch Roundup: Critical Updates for Your Digital Estate

fahd.zafar • December 12, 2024

At Altiatech, we're committed to helping organisations secure their digital future. Our latest security advisory highlights critical patches and updates that require your immediate attention.

Microsoft's December Patch Tuesday

As a Microsoft Partner, we're closely monitoring Microsoft's latest security releases. This month brings 71 vulnerabilities, with 16 rated as Critical. Of particular concern is a zero-day vulnerability (CVE-2024-49138) in the Windows Common Log File System Driver that requires immediate attention.

Remote Desktop Services users should take particular note, with eleven new vulnerabilities patched - nine Critical and two Important. For organisations using Microsoft Entra (formerly Azure AD), we recommend reviewing these updates as part of your identity and access management strategy.

Adobe's Significant Update

Adobe has released updates for 16 applications, addressing 165 vulnerabilities. As part of our Modern Workspace solutions, we recommend prioritising these updates, particularly for creative teams using Adobe Creative Cloud applications.

Critical Updates from Key Security Vendors

Our strategic partnerships with leading security vendors allow us to provide comprehensive guidance on:

  • Palo Alto Networks' critical authentication bypass vulnerability (CVE-2024-0012)
  • Fortinet's eight new security patches
  • Cisco's December advisories
  • SAP's security notes affecting NetWeaver components

Industrial Control Systems Advisory

For our manufacturing and industrial sector clients, we're monitoring seven new security advisories affecting various ICS products. Our team can help assess your exposure and implement necessary updates.

Recommended Actions

Our security experts recommend:

  1. Immediate patching of actively exploited vulnerabilities
  2. Scheduled updates for Remote Desktop Services
  3. Comprehensive review of Adobe products in your environment
  4. Assessment of industrial control systems where applicable

How Altiatech Can Help

With our expertise in identity management through altIAM and our comprehensive cybersecurity services, we can help you:

  • Assess your current security posture
  • Implement critical patches
  • Manage your identity and access controls
  • Ensure compliance with security best practices

Take Action Now

Don't let your organisation's security be compromised. Our team of experts is ready to help secure your digital estate.

Contact Us


Trust Altiatech to keep your systems secure and compliant.

Zero Trust Security: Moving Beyond Perimeter Defence in Hybrid Work Environments

December 15, 2025
Traditional security models assumed everything inside the corporate network was trustworthy, focusing defensive efforts on the perimeter. This approach fails catastrophically in today's hybrid work environment where employees access resources from homes, coffee shops, and co-working spaces whilst applications reside across multiple clouds.
Microsoft logo on a wood-paneled wall, with colorful squares and company name.

Microsoft 365: Major Licensing Changes Coming in 2026

December 10, 2025
Microsoft is introducing major Microsoft 365 licensing changes in 2026. Learn what’s changing, who is affected and how businesses should prepare.

The Real Cost of Cloud Waste: How UK Organisations Are Losing Thousands Monthly

December 8, 2025
Cloud computing promised cost savings through pay-per-use models and elastic scaling. Yet many UK organisations discover their cloud bills steadily increasing without corresponding business growth. The culprit? Cloud waste - unnecessary spending on unused or inefficiently configured resources.

Zendesk Users Targeted with Sophisticated Support Platform Attack

November 28, 2025
A threat group known as Scattered Lapsus$ Hunters is targeting Zendesk users through a sophisticated campaign involving fake support sites and weaponised helpdesk tickets, according to security researchers at ReliaQuest. The operation represents an evolution in how cybercriminals exploit trust in enterprise SaaS platforms.

AWS Introduces DNS Failover for US East Region—Acknowledging Its Reliability Problem

November 28, 2025
Amazon Web Services has launched a new feature allowing customers to make DNS changes within 60 minutes during service disruptions in its US East (N. Virginia) region. The announcement tacitly acknowledges what many have long observed: AWS's largest and most critical region has a reliability problem.

Two Years After Ransomware Attack, Scottish Council Still Rebuilding Systems

November 28, 2025
A Scottish council remains unable to fully restore critical systems two years after a devastating ransomware attack, highlighting the long-term consequences of inadequate cybersecurity preparation and the challenges facing resource-constrained local authorities.  Comhairle nan Eilean Siar, serving Scotland's Western Isles, suffered a ransomware attack in November 2023 that required extensive system reconstruction. According to a report published by Scotland's Accounts Commission, several systems remain unrestored even now, with large data volumes slowing the digital recovery process.

Windows 10 End-of-Life: Your Complete Migration Strategy for 2026

November 26, 2025
Ready to migrate from Windows 10? Contact Altiatech for a comprehensive migration assessment and strategy tailored to your organisation's needs.

CISA Warning: Commercial Spyware Actively Targeting Messaging App Users

November 25, 2025
The Cybersecurity and Infrastructure Security Agency has issued an alert warning that multiple cyber threat actors are actively leveraging commercial spyware to target users of mobile messaging applications including Signal and WhatsApp. The sophisticated campaigns use advanced social engineering and exploit techniques to compromise victims' devices and gain unauthorized access to their communications.

Microsoft's AI Agents in Windows: What Businesses Need to Know About Copilot Actions

By fahd.zafar November 24, 2025
Microsoft has introduced experimental AI agent capabilities into Windows through Copilot Actions and agent workspaces, features designed to automate everyday tasks like organising files, scheduling meetings, and sending emails. However, the announcement comes with significant security warnings that business leaders and IT administrators must understand before enabling these capabilities.

First AI-Orchestrated Cyber Espionage Campaign Detected: What Businesses Need to Know

November 17, 2025
Anthropic has disclosed the first documented case of a large-scale cyberattack executed with minimal human intervention, marking a significant escalation in AI-enabled cyber threats. The campaign, attributed with high confidence to a Chinese state-sponsored group, demonstrates how rapidly AI capabilities are being weaponised for espionage operations.