This month saw the release of Microsoft’s final scheduled updates for the year. In the December 2024 Patch Tuesday update bundle, Microsoft addressed a total of 71 security issues across a range of products. It is crucial for users to promptly update their devices to ensure a secure holiday season.
Critical Vulnerabilities Addressed and Zero-Day Patched
Microsoft recently released a patch for a zero-day vulnerability affecting its Windows Common Log File System Driver. Known as CVE-2024-49138, this vulnerability posed a privilege escalation risk, potentially allowing an unauthorized attacker to gain SYSTEM privileges.
Microsoft confirmed active exploitation of this vulnerability, which was publicly disclosed prior to the patch. However, specific details regarding the nature of these exploits were not disclosed by the company. This vulnerability was rated as important and received a CVSS score of 7.8.
In addition to the zero-day patch, Microsoft also addressed 16 critical vulnerabilities that all enabled remote code execution. Among these, 9 critical flaws (CVSS 8.1) impacted Windows Remote Desktop Services, 2 affected Windows Lightweight Directory Access Protocol (LDAP), and 2 affected Microsoft Message Queuing (MSMQ). Furthermore, Microsoft patched a critical vulnerability each in Lightweight Directory Access Protocol (LDAP) Client, Windows Hyper-V, and Windows Local Security Authority Subsystem Service (LSASS).
One of the most severe vulnerabilities patched is CVE-2024-49112 (CVSS 9.8), affecting both LDAP clients and servers running vulnerable Windows versions. Exploiting this flaw requires an unauthenticated, remote attacker to send maliciously crafted RPC calls to the target LDAP server domain controller or trick the victim user into performing a domain lookup for the attacker’s domain or connecting to a malicious LDAP server to target an LDAP client. Once exploited, the attacker could execute arbitrary code within the context of the LDAP service.
Other Important December Patch Tuesday Updates from Microsoft
In addition to the aforementioned vulnerabilities, Microsoft also addressed 54 other security flaws affecting various products. These include 14 remote code execution vulnerabilities, 26 privilege escalation issues, 5 denial of service flaws, 7 information disclosure issues, and 2 spoofing vulnerabilities.
Products receiving the most security fixes include Microsoft Office, Microsoft SharePoint, Windows Mobile Broadband Driver, Windows Routing and Remote Access Service (RRAS), Windows Wireless Wide Area Network Service (WwanSvc), and Wireless Wide Area Network Service (WwanSvc).
While Microsoft ensures automatic patching for eligible systems, users are advised to manually check their systems for updates to ensure timely receipt of all security fixes.
We welcome your thoughts and feedback in the comments section.
