Microsoft’s final Patch Tuesday of 2024 addresses 71 vulnerabilities, including 16 critical ones and a zero-day. This update highlights Microsoft’s commitment to improving product security and safeguarding users from cyber threats.
Critical Zero-Day Exploited: CVE-2024-49138
CVE-2024-49138, a critical Elevation of Privilege vulnerability in the Windows Common Log File System Driver, was actively exploited before being patched in Microsoft’s December 2024 update.
Discovered by CrowdStrike’s Advanced Research Team, this flaw allows attackers to gain SYSTEM-level privileges, giving them full control over compromised systems.
While exploitation in the wild has been confirmed, specific methods remain undisclosed. Microsoft urges users to apply the patch immediately to secure their systems.
Vulnerabilities Patched
This month’s update addresses 16 critical flaws in Windows Remote Desktop Services, Hyper-V, and LDAP Client, which could enable remote code execution and full system control if exploited.
Key Vulnerabilities and Updates
Microsoft’s December update addresses several severe vulnerabilities:
- CVE-2024-49106, CVE-2024-49108, CVE-2024-49115: Remote Code Execution flaws in Windows Remote Desktop Services.
- CVE-2024-49117: Remote Code Execution in Windows Hyper-V.
- CVE-2024-49124: Remote Code Execution in the LDAP Client.
Administrators are urged to apply these patches immediately to reduce the risk of exploitation.
CISA has also added CVE-2024-43451 to its Known Exploited Vulnerabilities Catalog, further highlighting the need for prompt action.
Beyond critical and zero-day fixes, Microsoft resolved:
- 30 Remote Code Execution vulnerabilities.
- 28 Elevation of Privilege flaws.
- 4 Denial of Service issues.
- 7 Information Disclosure vulnerabilities.
- 1 Spoofing flaw and 1 Defense in Depth update.
Prompt patching is essential to safeguard systems from potential threats.
Microsoft December Patch Tuesday: 72 Vulnerabilities Fixed, Critical Updates for Enterprise Systems
| CVE Number | CVE Title | Impact |
| CVE-2024-49106 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Remote Code Execution |
| CVE-2024-49108 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Remote Code Execution |
| CVE-2024-49115 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Remote Code Execution |
| CVE-2024-49117 | Windows Hyper-V Remote Code Execution Vulnerability | Remote Code Execution |
| CVE-2024-49119 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Remote Code Execution |
| CVE-2024-49120 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Remote Code Execution |
| CVE-2024-49122 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | Remote Code Execution |
| CVE-2024-49123 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Remote Code Execution |
| CVE-2024-49124 | Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability | Remote Code Execution |
| CVE-2024-49126 | Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability | Remote Code Execution |
| CVE-2024-49132 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Remote Code Execution |
| CVE-2024-49112 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | Remote Code Execution |
| CVE-2024-49116 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Remote Code Execution |
| CVE-2024-49118 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | Remote Code Execution |
| CVE-2024-49127 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | Remote Code Execution |
| CVE-2024-49128 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Remote Code Execution |
| CVE-2024-38033 | PowerShell Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2024-43594 | System Center Operations Manager Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2024-49057 | Microsoft Defender for Endpoint on Android Spoofing Vulnerability | Spoofing |
| CVE-2024-49059 | Microsoft Office Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2024-49064 | Microsoft SharePoint Information Disclosure Vulnerability | Information Disclosure |
| CVE-2024-49068 | Microsoft SharePoint Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2024-49069 | Microsoft Excel Remote Code Execution Vulnerability | Remote Code Execution |
| CVE-2024-49070 | Microsoft SharePoint Remote Code Execution Vulnerability | Remote Code Execution |
| CVE-2024-49073 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2024-49074 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2024-49084 | Windows Kernel Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2024-49085 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Remote Code Execution |
| CVE-2024-49086 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Remote Code Execution |
| CVE-2024-49087 | Windows Mobile Broadband Driver Information Disclosure Vulnerability | Information Disclosure |
| CVE-2024-49089 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Remote Code Execution |
| CVE-2024-49091 | Windows Domain Name Service Remote Code Execution Vulnerability | Remote Code Execution |
| CVE-2024-49092 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2024-49093 | Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2024-49094 | Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2024-49096 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | Denial of Service |
| CVE-2024-49097 | Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2024-49098 | Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability | Information Disclosure |
| CVE-2024-49099 | Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability | Information Disclosure |
| CVE-2024-49101 | Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2024-49102 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Remote Code Execution |
| CVE-2024-49103 | Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability | Information Disclosure |
| CVE-2024-49104 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Remote Code Execution |
| CVE-2024-49107 | WmsRepair Service Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2024-49111 | Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2024-49121 | Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | Denial of Service |
| CVE-2024-49125 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Remote Code Execution |
| CVE-2024-49129 | Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability | Denial of Service |
| CVE-2024-49142 | Microsoft Access Remote Code Execution Vulnerability | Remote Code Execution |
| CVE-2024-43600 | Microsoft Office Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2024-49062 | Microsoft SharePoint Information Disclosure Vulnerability | Information Disclosure |
| CVE-2024-49063 | Microsoft/Muzic Remote Code Execution Vulnerability | Remote Code Execution |
| CVE-2024-49065 | Microsoft Office Remote Code Execution Vulnerability | Remote Code Execution |
| CVE-2024-49072 | Windows Task Scheduler Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2024-49075 | Windows Remote Desktop Services Denial of Service Vulnerability | Denial of Service |
| CVE-2024-49076 | Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2024-49077 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2024-49078 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2024-49079 | Input Method Editor (IME) Remote Code Execution Vulnerability | Remote Code Execution |
| CVE-2024-49080 | Windows IP Routing Management Snapin Remote Code Execution Vulnerability | Remote Code Execution |
| CVE-2024-49081 | Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2024-49082 | Windows File Explorer Information Disclosure Vulnerability | Information Disclosure |
| CVE-2024-49083 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2024-49088 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2024-49090 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2024-49095 | Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2024-49109 | Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2024-49110 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2024-49113 | Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | Denial of Service |
| CVE-2024-49114 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2024-49138 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Elevation of Privilege |
| ADV240002 | Microsoft Office Defense in Depth Update | Defense in Depth |
Microsoft has introduced a hotpatching preview for Windows 11 Enterprise 24H2 and Windows 365 Enterprise, reducing annual reboots from twelve to four to minimize downtime.
As 2024 ends, Microsoft advances its Secure Future Initiative, preparing for a 2025 OS launch featuring a secure kernel, stricter app controls, and enhanced AI, as Windows 10 transitions to Extended Security Updates.
The December 2024 Patch Tuesday highlights the importance of timely updates, urging users to apply patches promptly to safeguard systems against evolving cyber threats.
Leave A Comment