Microsoft Addresses Critical Zero-Day CVE-2024-49138 & 72 Additional Flaws in December Patch Tuesday

Microsoft has released its December 2024 Patch Tuesday security update, addressing a total of 73 vulnerabilities across its product portfolio. This comprehensive update includes fixes for 16 critical and 54 important vulnerabilities, with one actively exploited zero-day vulnerability demanding immediate attention.

This Patch Tuesday update also delivers security enhancements across a wide range of Microsoft products and services, including Microsoft Defender for Endpoint, Windows Cloud Files Mini Filter Driver, Windows Mobile Broadband, and Windows Kernel-Mode Drivers. These updates address various attack vectors, such as spoofing, denial of service (DoS), elevation of privilege (EoP), information disclosure, and remote code execution (RCE).

Zero-Day Exploitation Necessitates Urgent Action

CVE-2024-49138, a vulnerability in the Windows Common Log File System (CLFS) driver, is currently being exploited in the wild. Successful exploitation could allow attackers to gain SYSTEM privileges, potentially leading to complete system compromise. This vulnerability has been added to the Cybersecurity and Infrastructure Security Agency (CISA)’s Known Exploited Vulnerabilities Catalog, with a directive for federal agencies to patch by December 31st, 2024. Microsoft urges all users to prioritize patching this vulnerability to mitigate active threats.

Critical Vulnerabilities Across Multiple Products

In addition to CVE-2024-49138, Microsoft addressed several critical vulnerabilities, including:

• CVE-2024-49117: A remote code execution vulnerability in Windows Hyper-V that could allow attackers to compromise multiple virtual machines, amplifying the impact of a successful attack.
• CVE-2024-49124, CVE-2024-49112, CVE-2024-49127: Remote code execution vulnerabilities in the Lightweight Directory Access Protocol (LDAP) client and server, enabling attackers to execute arbitrary code on vulnerable systems.
• CVE-2024-49126: A remote code execution vulnerability in the Local Security Authority Subsystem Service (LSASS), potentially granting attackers control over the server.
• CVE-2024-49122, CVE-2024-49118: Remote code execution vulnerabilities in Microsoft Message Queuing (MSMQ) that could allow attackers to compromise MSMQ servers.
• CVE-2024-49106, CVE-2024-49108, CVE-2024-49115, CVE-2024-49116, CVE-2024-49119, CVE-2024-49120, CVE-2024-49123, CVE-2024-49128, CVE-2024-49132: A series of remote code execution vulnerabilities in Windows Remote Desktop Services, enabling attackers to exploit race conditions and gain unauthorized access.

Mitigating Risk Through Timely Patching

Microsoft strongly recommends that all users prioritize the installation of these critical security updates. Timely patching is crucial in mitigating the risk of cyberattacks and ensuring the continued security of systems and data.

Related Posts:

• Google Fixes Critical RCE Vulnerabilities in December 2024 Pixel Security Update
• CISA & Microsoft Warn of 6 Actively Exploited Zero-Day Vulnerabilities
• Microsoft April Patch Tuesday includes mitigate Spectre Variant 2 for AMD processors
• Microsoft’s September Patch Tuesday: A Patchwork of Urgency with 4 Zero-Days Under Attack