December 2024 Security Patch Roundup: Critical Updates for Your Digital Estate

fahd.zafar • December 12, 2024

At Altiatech, we're committed to helping organisations secure their digital future. Our latest security advisory highlights critical patches and updates that require your immediate attention.

Microsoft's December Patch Tuesday

As a Microsoft Partner, we're closely monitoring Microsoft's latest security releases. This month brings 71 vulnerabilities, with 16 rated as Critical. Of particular concern is a zero-day vulnerability (CVE-2024-49138) in the Windows Common Log File System Driver that requires immediate attention.

Remote Desktop Services users should take particular note, with eleven new vulnerabilities patched - nine Critical and two Important. For organisations using Microsoft Entra (formerly Azure AD), we recommend reviewing these updates as part of your identity and access management strategy.

Adobe's Significant Update

Adobe has released updates for 16 applications, addressing 165 vulnerabilities. As part of our Modern Workspace solutions, we recommend prioritising these updates, particularly for creative teams using Adobe Creative Cloud applications.

Critical Updates from Key Security Vendors

Our strategic partnerships with leading security vendors allow us to provide comprehensive guidance on:

  • Palo Alto Networks' critical authentication bypass vulnerability (CVE-2024-0012)
  • Fortinet's eight new security patches
  • Cisco's December advisories
  • SAP's security notes affecting NetWeaver components

Industrial Control Systems Advisory

For our manufacturing and industrial sector clients, we're monitoring seven new security advisories affecting various ICS products. Our team can help assess your exposure and implement necessary updates.

Recommended Actions

Our security experts recommend:

  1. Immediate patching of actively exploited vulnerabilities
  2. Scheduled updates for Remote Desktop Services
  3. Comprehensive review of Adobe products in your environment
  4. Assessment of industrial control systems where applicable

How Altiatech Can Help

With our expertise in identity management through altIAM and our comprehensive cybersecurity services, we can help you:

  • Assess your current security posture
  • Implement critical patches
  • Manage your identity and access controls
  • Ensure compliance with security best practices

Take Action Now

Don't let your organisation's security be compromised. Our team of experts is ready to help secure your digital estate.

Contact Us


Trust Altiatech to keep your systems secure and compliant.

Demystifying Zero Trust: What It Really Means for Your Organisation

October 31, 2025
Zero trust has become one of the most discussed concepts in cybersecurity, yet widespread misconceptions make it difficult for organisations to understand what it actually involves. Vendor marketing hasn't helped, with many claiming their products deliver "zero trust" when in reality, it's neither a product nor a simple switch you can flip.  This guide cuts through the confusion to explain what zero trust genuinely means and when your organisation should consider adopting it.

Unpatched Chromium Flaw Can Crash Billions of Browsers

October 30, 2025
A critical vulnerability in Chromium's Blink rendering engine remains unpatched despite being disclosed to Google over two months ago, leaving billions of users vulnerable to browser crashes and system freezes.

Microsoft Azure Outage: DNS Issues Take Down Websites Globally

October 30, 2025
Microsoft's Azure cloud platform experienced a significant global outage on Wednesday, taking down major websites including Heathrow Airport, NatWest, Minecraft, and numerous retailers across several hours before services were restored.

AI Browsers Face Unavoidable Security Flaw: Prompt Injection

By fahd.zafar October 28, 2025
AI-powered browsers with agentic capabilities are introducing a fundamental security vulnerability that experts believe may never be fully resolved: prompt injection attacks.

Cyber Security Is Business Survival: Why the NCSC Is Writing to Britain's Biggest Companies

October 28, 2025
The National Cyber Security Centre has taken the extraordinary step of co-signing a ministerial letter to chief executives and chairs of Britain's leading businesses, including all FTSE 350 companies. The message is unambiguous: cyber security is no longer just an IT concern—it's a matter of business survival.

Microsoft Issues Urgent Friday WSUS Security Update

October 24, 2025
Microsoft published an unscheduled security patch on Friday addressing a severe vulnerability in Windows Server Update Services (WSUS), creating weekend work for system administrators.

Alaska Airlines Grounded: Primary Datacentre Failure

October 24, 2025
Alaska Airlines experienced its second mystery IT outage in three months, grounding its entire fleet for eight hours and cancelling over 360 flights. The incident raises uncomfortable questions about disaster recovery planning in critical infrastructure.

How a Millisecond Timing Bug Cost Hundreds of Billions

By fahd.zafar October 24, 2025
Amazon has revealed the shocking cause behind one of history's most devastating cloud outages: a simple race condition in DynamoDB's DNS management system brought down AWS services globally for an entire day, with damage estimates potentially reaching hundreds of billions of dollars.

The AWS Outage That Exposed Cloud Computing's Achilles Heel

By fahd.zafar October 21, 2025
When Amazon Web Services' US-EAST-1 region went down on 20th October, it didn't just affect services in Northern Virginia—it brought down websites and critical services across the globe, from European banks to UK government agencies. The incident has exposed a fundamental vulnerability in modern cloud infrastructure that no amount of redundancy planning can fully address.

Four Cyber Attacks Every Week: The UK's Escalating Digital Crisis

By fahd.zafar October 20, 2025
The numbers are stark and deeply concerning. The National Cyber Security Centre (NCSC) handled a record 204 nationally significant cyber attacks in the year to September 2025—an average of four every single week. This represents a dramatic increase from 89 incidents in the previous year, more than doubling in just 12 months.  For British businesses, this isn't abstract threat intelligence—it's a clear warning that the cyber threat landscape has fundamentally changed, and urgent action is required.