Cyber Security News

Microsoft Patch Tuesday December 2024, 71 Vulnerabilities Fixed Including 1 Zero-day

In its final Patch Tuesday of 2024, Microsoft has released a significant security update addressing a total of 71 vulnerabilities, including 16 critical vulnerabilities and 1 zero-day.

This December update marks a crucial milestone in Microsoft’s ongoing efforts to enhance the security of its products and protect users from potential cyber threats.

Critical Zero-Day Vulnerability Exploited: CVE-2024-49138

CVE-2024-49138, a zero-day vulnerability, was actively exploited before receiving a patch in Microsoft’s December 2024 Patch Tuesday update. This critical flaw, affecting the Windows Common Log File System Driver, is categorized as an Elevation of Privilege vulnerability.

The vulnerability, discovered by CrowdStrike’s Advanced Research Team, enables attackers to obtain SYSTEM-level privileges on Windows devices, potentially granting them full control over the compromised system.

Although it has been confirmed that this vulnerability was exploited in the wild, details about the methods used for exploitation remain undisclosed.

Microsoft’s December 2024 update addresses this vulnerability, and users are strongly encouraged to apply the patch immediately to protect their systems.

Critical Vulnerabilities Patched

The 16 critical vulnerabilities patched this month primarily affect Windows Remote Desktop Services, Windows Hyper-V, and the Lightweight Directory Access Protocol (LDAP) Client.

If exploited, these flaws could lead to remote code execution, potentially allowing attackers to gain full control of affected systems.

Leveraging 2024 MITRE ATT&CK Results for SME & MSP Cybersecurity Leaders – Attend Free Webinar

Among the most severe vulnerabilities are:

  • CVE-2024-49106, CVE-2024-49108, and CVE-2024-49115: Remote Code Execution Vulnerabilities in Windows Remote Desktop Services
  • CVE-2024-49117: A Remote Code Execution vulnerability in Windows Hyper-V
  • CVE-2024-49124: A Remote Code Execution vulnerability in the Lightweight Directory Access Protocol (LDAP) Client

Microsoft urges users and system administrators to apply these patches immediately to mitigate the risk of potential attacks.

The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-43451 to its Known Exploited Vulnerabilities Catalog, emphasizing the urgency of patching this flaw.

In addition to the critical and zero-day vulnerabilities, Microsoft has patched a wide range of important security issues across its product lineup. These include:

  • 30 Remote Code Execution vulnerabilities
  • 28 Elevation of Privilege vulnerabilities
  • 4 Denial of Service vulnerabilities
  • 1 Spoofing vulnerabilities
  • 7 Information Disclosure vulnerability
  • 1 Defense in Depth

Impact on Enterprise Systems

The December Patch Tuesday update is particularly significant for enterprise users. IT administrators should prioritize testing and deploying these patches, especially those affecting Windows Server, Exchange Server, and Active Directory services.

72 Vulnerabilities Fixed in Microsoft Patch Tuesday, December

CVE NumberCVE TitleImpact
CVE-2024-49106Windows Remote Desktop Services Remote Code Execution VulnerabilityRemote Code Execution
CVE-2024-49108Windows Remote Desktop Services Remote Code Execution VulnerabilityRemote Code Execution
CVE-2024-49115Windows Remote Desktop Services Remote Code Execution VulnerabilityRemote Code Execution
CVE-2024-49117Windows Hyper-V Remote Code Execution VulnerabilityRemote Code Execution
CVE-2024-49119Windows Remote Desktop Services Remote Code Execution VulnerabilityRemote Code Execution
CVE-2024-49120Windows Remote Desktop Services Remote Code Execution VulnerabilityRemote Code Execution
CVE-2024-49122Microsoft Message Queuing (MSMQ) Remote Code Execution VulnerabilityRemote Code Execution
CVE-2024-49123Windows Remote Desktop Services Remote Code Execution VulnerabilityRemote Code Execution
CVE-2024-49124Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution VulnerabilityRemote Code Execution
CVE-2024-49126Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution VulnerabilityRemote Code Execution
CVE-2024-49132Windows Remote Desktop Services Remote Code Execution VulnerabilityRemote Code Execution
CVE-2024-49112Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution VulnerabilityRemote Code Execution
CVE-2024-49116Windows Remote Desktop Services Remote Code Execution VulnerabilityRemote Code Execution
CVE-2024-49118Microsoft Message Queuing (MSMQ) Remote Code Execution VulnerabilityRemote Code Execution
CVE-2024-49127Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution VulnerabilityRemote Code Execution
CVE-2024-49128Windows Remote Desktop Services Remote Code Execution VulnerabilityRemote Code Execution
CVE-2024-38033PowerShell Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2024-43594System Center Operations Manager Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2024-49057Microsoft Defender for Endpoint on Android Spoofing VulnerabilitySpoofing
CVE-2024-49059Microsoft Office Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2024-49064Microsoft SharePoint Information Disclosure VulnerabilityInformation Disclosure
CVE-2024-49068Microsoft SharePoint Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2024-49069Microsoft Excel Remote Code Execution VulnerabilityRemote Code Execution
CVE-2024-49070Microsoft SharePoint Remote Code Execution VulnerabilityRemote Code Execution
CVE-2024-49073Windows Mobile Broadband Driver Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2024-49074Windows Kernel-Mode Driver Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2024-49084Windows Kernel Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2024-49085Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityRemote Code Execution
CVE-2024-49086Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityRemote Code Execution
CVE-2024-49087Windows Mobile Broadband Driver Information Disclosure VulnerabilityInformation Disclosure
CVE-2024-49089Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityRemote Code Execution
CVE-2024-49091Windows Domain Name Service Remote Code Execution VulnerabilityRemote Code Execution
CVE-2024-49092Windows Mobile Broadband Driver Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2024-49093Windows Resilient File System (ReFS) Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2024-49094Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2024-49096Microsoft Message Queuing (MSMQ) Denial of Service VulnerabilityDenial of Service
CVE-2024-49097Windows PrintWorkflowUserSvc Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2024-49098Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure VulnerabilityInformation Disclosure
CVE-2024-49099Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure VulnerabilityInformation Disclosure
CVE-2024-49101Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2024-49102Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityRemote Code Execution
CVE-2024-49103Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure VulnerabilityInformation Disclosure
CVE-2024-49104Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityRemote Code Execution
CVE-2024-49107WmsRepair Service Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2024-49111Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2024-49121Windows Lightweight Directory Access Protocol (LDAP) Denial of Service VulnerabilityDenial of Service
CVE-2024-49125Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityRemote Code Execution
CVE-2024-49129Windows Remote Desktop Gateway (RD Gateway) Denial of Service VulnerabilityDenial of Service
CVE-2024-49142Microsoft Access Remote Code Execution VulnerabilityRemote Code Execution
CVE-2024-43600Microsoft Office Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2024-49062Microsoft SharePoint Information Disclosure VulnerabilityInformation Disclosure
CVE-2024-49063Microsoft/Muzic Remote Code Execution VulnerabilityRemote Code Execution
CVE-2024-49065Microsoft Office Remote Code Execution VulnerabilityRemote Code Execution
CVE-2024-49072Windows Task Scheduler Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2024-49075Windows Remote Desktop Services Denial of Service VulnerabilityDenial of Service
CVE-2024-49076Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2024-49077Windows Mobile Broadband Driver Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2024-49078Windows Mobile Broadband Driver Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2024-49079Input Method Editor (IME) Remote Code Execution VulnerabilityRemote Code Execution
CVE-2024-49080Windows IP Routing Management Snapin Remote Code Execution VulnerabilityRemote Code Execution
CVE-2024-49081Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2024-49082Windows File Explorer Information Disclosure VulnerabilityInformation Disclosure
CVE-2024-49083Windows Mobile Broadband Driver Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2024-49088Windows Common Log File System Driver Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2024-49090Windows Common Log File System Driver Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2024-49095Windows PrintWorkflowUserSvc Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2024-49109Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2024-49110Windows Mobile Broadband Driver Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2024-49113Windows Lightweight Directory Access Protocol (LDAP) Denial of Service VulnerabilityDenial of Service
CVE-2024-49114Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2024-49138Windows Common Log File System Driver Elevation of Privilege VulnerabilityElevation of Privilege
ADV240002Microsoft Office Defense in Depth UpdateDefense in Depth

Microsoft has also announced a preview program for hotpatching both Windows 11 Enterprise 24H2 and Windows 365 Enterprise. This new model aims to reduce required reboots from twelve to four per year, potentially minimizing downtime for enterprise systems.

As we approach the end of 2024, Microsoft continues to advance its Secure Future Initiative. The company is preparing for the release of a new operating system in 2025, coinciding with Windows 10 entering Extended Security Update (ESU) support.

This new OS is expected to feature a more secure kernel, tighter controls on applications and drivers, and enhanced AI capabilities.

The December 2024 Patch Tuesday underscores the ongoing importance of prompt security updates. As cyber threats continue to evolve, regular patching remains a critical defense against potential exploits.

Users and organizations are strongly advised to apply these updates as soon as possible to ensure the security and integrity of their systems.

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Leave a Comment
Share
Published by
Gurubaran
Tags: cyber securityCyber Security NewsVulnerability
2 days ago

Recent Posts

Splunk RCE Vulnerability Let Attackers Execute Remote Code

Splunk, the data analysis and monitoring platform, is grappling with a Remote Code Execution (RCE)…

1 hour ago

Europol Shutsdown 27 DDoS Service Provider Platforms

In a major international operation codenamed “PowerOFF,” Europol, collaborating with law enforcement agencies across 15…

2 hours ago

Resecurity introduces Government Security Operations Center (GSOC) at NATO Edge 2024

Resecurity, a global leader in cybersecurity solutions, unveiled its advanced Government Security Operations Center (GSOC)…

16 hours ago

Reserachers Uncovered Zloader DNS Tunneling Tactics For Stealthy C2 Communication

Zloader, a sophisticated Trojan, has recently evolved with features that enhance its stealth and destructive…

16 hours ago

US Charged Chinese Hackers for Exploiting Thousands of Firewall

The US Treasury Department's Office of Foreign Assets Control (OFAC) has sanctioned Sichuan Silence Information…

16 hours ago

DMD Diamond Launches Open Beta for v4 Blockchain Ahead of 2025 Mainnet

DMD Diamond - one of the oldest blockchain projects in the space has announced the start…

16 hours ago