Microsoft released a security as part of the December Patch Tuesday that addressed 72 vulnerabilities, including 30 classified as critical Remote Code Execution (RCE) vulnerabilities.
These fixes are crucial for securing Windows operating systems and related software against potential exploitation.
Key Highlights of December 2024 Patch Tuesday Updates:
A recent security update has addressed a total of 71 vulnerabilities across various platforms,, including 30 remote code execution vulnerabilities and 28 elevation of privilege vulnerabilities, which represent critical risks to system security.
Additionally, it resolves 4 denial of service vulnerabilities, 1 spoofing vulnerability, and 7 information disclosure vulnerabilities. The update also includes 1 defense-in-depth improvement, further enhancing overall system protection.
Additionally, the update resolved other issues, such as the elevation of privilege vulnerabilities, security feature bypasses, and more.
The affected platforms include a wide range of Windows versions, from modern systems like Windows 11 and Windows 10 to older systems such as Windows Server 2008 and various Windows Server variants.
Leveraging 2024 MITRE ATT&CK Results for SME & MSP Cybersecurity Leaders – Attend Free Webinar
Zero-day Vulnerability Exploited
CVE-2024-49138 is a zero-day vulnerability that was actively exploited before being patched in Microsoft’s December 2024 Patch Tuesday update. This critical security flaw affects the Windows Common Log File System Driver and is classified as an Elevation of Privilege vulnerability.
The vulnerability was discovered by the Advanced Research Team at CrowdStrike. It allows attackers to gain SYSTEM privileges on Windows devices, potentially giving them full control over the affected system.
While it’s confirmed that the vulnerability was actively exploited in the wild, specific details about the exploitation methods have not been disclosed.
The December 2024 Patch Tuesday update includes a fix for this vulnerability, and users are strongly advised to apply the patch immediately.
Critical Remote Code Execution Vulnerabilities
This month’s patch includes fixes for CVE-2024-49116, a highly critical RCE vulnerability impacting multiple versions of Windows Server. Exploiting this flaw could allow attackers to execute arbitrary code remotely, potentially granting full system control.
Here are some of the products affected by CVE-2024-49116:
- Windows Server 2025 (Server Core Installation)
- Windows Server 2022, 23H2 Edition (Server Core installation)
- Windows Server 2022
- Windows Server 2019
- Windows Server 2012 R2
Additionally, an RCE vulnerability with CVE-2024-49112 impacts Windows 10 Version 1809 for both x64 and 32-bit systems.
Elevation of Privilege Vulnerabilities
Microsoft also addressed multiple Elevation of Privilege (EoP) vulnerabilities, which are critical in preventing attackers from gaining unauthorized access to higher system privileges.
Key Elevation of Privilege updates include:
- CVE-2024-49138: Affects Windows 11 Version 22H2 and Windows 10 Version 21H2 across various architectures.
- CVE-2024-49110: A significant EoP vulnerability affecting Windows Server 2025, Windows 11 Version 24H2, and other platforms.
- CVE-2024-49077: Impacts Windows Server 2022 23H2 Edition, as well as Windows 11 Version 23H2 systems.
For Windows 11, Version 22H2 addressed CVE-2024-49138 and CVE-2024-49081, targeting Elevation of Privilege risks. Version 23H2 resolved CVE-2024-49077, also related to Privilege Elevation. Additionally, Version 24H2 tackled CVE-2024-49110, a key Elevation of Privilege vulnerability.
In Windows 10, Version 22H2 fixed CVE-2024-49081, addressing Elevation of Privilege flaws. Version 21H2 resolved both CVE-2024-49081 and CVE-2024-49138 to mitigate privilege escalation threats.
For Windows Server, critical vulnerabilities were addressed in multiple versions.
- Windows Server 2025 patched CVE-2024-49116 (Remote Code Execution) and CVE-2024-49077 (Elevation of Privilege).
- Windows Server 2022 resolved both RCE and EoP vulnerabilities, including CVE-2024-49116 and CVE-2024-49081.
- Windows Server 2012 and 2012 R2 fixed CVE-2024-49088 (Elevation of Privilege) and CVE-2024-49080 (Remote Code Execution)
- Windows Server 2008 and 2008 R2 addressed critical Privilege Escalation vulnerabilities such as CVE-2024-49088.
With many vulnerabilities marked as Important or Critical, these updates are essential to prevent potential exploitation. Organizations and individuals are urged to apply these updates promptly through Windows Update or other tools to safeguard against security threats.
Microsoft’s December 2024 Patch Tuesday emphasizes consistently updating systems to mitigate vulnerabilities. With cyberattacks’ growing sophistication, addressing critical issues like Remote Code execution vulnerabilities and Elevation of Privilege flaws is paramount.
Apply these patches immediately through Windows Update or other deployment tools to ensure your systems are up to date. For more details, refer to Microsoft’s official security update documentation.
72 Vulnerabilities Fixed in Microsoft Patch Tuesday, December 2024
| CVE | Affected Systems | Severity |
|---|---|---|
| CVE-2024-49117 | Windows Hyper-V Remote Code Execution Vulnerability | Critical |
| CVE-2024-49124 | Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability | Critical |
| CVE-2024-49112 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | Critical |
| CVE-2024-49127 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | Critical |
| CVE-2024-49126 | Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability | Critical |
| CVE-2024-49118 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | Critical |
| CVE-2024-49122 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | Critical |
| CVE-2024-49132 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Critical |
| CVE-2024-49115 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Critical |
| CVE-2024-49116 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Critical |
| CVE-2024-49123 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Critical |
| CVE-2024-49128 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Critical |
| CVE-2024-49106 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Critical |
| CVE-2024-49108 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Critical |
| CVE-2024-49119 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Critical |
| CVE-2024-49120 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Critical |
| CVE-2024-49063 | Microsoft/Muzic Remote Code Execution Vulnerability | Important |
| CVE-2024-49057 | Microsoft Defender for Endpoint on Android Spoofing Vulnerability | Important |
| CVE-2024-49059 | Microsoft Office Elevation of Privilege Vulnerability | Important |
| CVE-2024-43600 | Microsoft Office Elevation of Privilege Vulnerability | Important |
| CVE-2024-49142 | Microsoft Access Remote Code Execution Vulnerability | Important |
| CVE-2024-49069 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| CVE-2024-49079 | Input Method Editor (IME) Remote Code Execution Vulnerability | Important |
| CVE-2024-49064 | Microsoft SharePoint Information Disclosure Vulnerability | Important |
| CVE-2024-49062 | Microsoft SharePoint Information Disclosure Vulnerability | Important |
| CVE-2024-49068 | Microsoft SharePoint Elevation of Privilege Vulnerability | Important |
| CVE-2024-49070 | Microsoft SharePoint Remote Code Execution Vulnerability | Important |
| CVE-2024-49065 | Microsoft Office Remote Code Execution Vulnerability | Important |
| CVE-2024-49091 | Windows Domain Name Service Remote Code Execution Vulnerability | Important |
| CVE-2024-43594 | System Center Operations Manager Elevation of Privilege Vulnerability | Important |
| CVE-2024-49114 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | Important |
| CVE-2024-49088 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important |
| CVE-2024-49138 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important |
| CVE-2024-49090 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important |
| CVE-2024-49082 | Windows File Explorer Information Disclosure Vulnerability | Important |
| CVE-2024-49080 | Windows IP Routing Management Snapin Remote Code Execution Vulnerability | Important |
| CVE-2024-49084 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| CVE-2024-49074 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | Important |
| CVE-2024-49121 | Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | Important |
| CVE-2024-49113 | Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | Important |
| CVE-2024-49096 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | Important |
| CVE-2024-49073 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability | Important |
| CVE-2024-49077 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability | Important |
| CVE-2024-49083 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability | Important |
| CVE-2024-49092 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability | Important |
| CVE-2024-49087 | Windows Mobile Broadband Driver Information Disclosure Vulnerability | Important |
| CVE-2024-49110 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability | Important |
| CVE-2024-49078 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability | Important |
| CVE-2024-49095 | Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability | Important |
| CVE-2024-49097 | Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability | Important |
| CVE-2024-49129 | Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability | Important |
| CVE-2024-49075 | Windows Remote Desktop Services Denial of Service Vulnerability | Important |
| CVE-2024-49093 | Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability | Important |
| CVE-2024-49085 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| CVE-2024-49086 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| CVE-2024-49089 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| CVE-2024-49125 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| CVE-2024-49104 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| CVE-2024-49102 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| CVE-2024-49072 | Windows Task Scheduler Elevation of Privilege Vulnerability | Important |
| CVE-2024-49076 | Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability | Important |
| CVE-2024-49081 | Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability | Important |
| CVE-2024-49103 | Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability | Important |
| CVE-2024-49111 | Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability | Important |
| CVE-2024-49109 | Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability | Important |
| CVE-2024-49101 | Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability | Important |
| CVE-2024-49094 | Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability | Important |
| CVE-2024-49098 | Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability | Important |
| CVE-2024-49099 | Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability | Important |
| CVE-2024-49107 | WmsRepair Service Elevation of Privilege Vulnerability | Important |
| CVE-2024-49041 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | Moderate |
| ADV240002 | Microsoft Office Defense in Depth Update | Moderate |
| CVE-2024-12053 | Chromium: CVE-2024-12053 Type Confusion in V8 | Unknown |
Microsoft has published a complete list of patched vulnerabilities, which provides detailed information about the exploitation methods, vulnerability descriptions, and other information.
All users should update their products to the latest version to prevent threat actors from exploiting these vulnerabilities.
The post Microsoft December 2024 Patch Tuesday – 71 Vulnerabilities Fixed, Including 1 Zero-day & 30 RCEs appeared first on Cyber Security News.
