In a critical security update, Microsoft has confirmed multiple vulnerabilities, including a zero-day exploit actively being attacked, as part of its December Patch Tuesday. Among the 72 vulnerabilities fixed, the updates target a significant flaw in the Windows Common Log File System (CVE-2024-49138) and include significant improvements for Windows 10 and 11. The U.S. CISA has added this zero-day vulnerability to its Known Exploited Vulnerabilities catalog, urging users to update their systems promptly. With features also introduced in Windows 11 24H2, this final major update of the year includes measures against various remote code execution vulnerabilities and enhances system privileges protection. Users are advised to install these updates to safeguard their systems against potential threats.