Microsoft Bolsters Security with December 2024 Patch Tuesday Fixes In its December 2024 Patch Tuesday release, Microsoft has addressed 71 security vulnerabilities across a range of products, including Windows, Office, SharePoint Server, and more. This patch includes a critical fix for an actively exploited zero-day vulnerability.

Total Addressed: 71 vulnerabilities

Critical: 16

Important: 54

Moderate:

This release marks the highest number of vulnerabilities resolved in a December update since at least 2017.

Zero-Day Vulnerability

CVE-2024-49138

Among the vulnerabilities patched, CVE-2024-49138 stands out, as it is currently being exploited in the wild. This flaw involves a privilege escalation in the Windows Common Log File System Driver, allowing attackers to gain SYSTEM privileges. Microsoft has yet to disclose specific details about the attacks utilizing this vulnerability.

Most Severe Vulnerability: CVE-2024-49112 Another significant flaw, tracked as CVE-2024-49112, involves the Windows Lightweight Directory Access Protocol (LDAP). With a CVSS score of 9.8, this remote code execution vulnerability could enable a remote, unauthenticated attacker to execute arbitrary code through specially crafted LDAP calls.

Additional Key Fix: CVE-2024-49117 Microsoft has also addressed a critical vulnerability in Windows Hyper-V (CVE-2024-49117). This flaw allows authenticated users within guest VMs to execute code on the host operating system or perform attacks across virtual machines. For more in-depth details, Microsoft has made the full list of patches available.

The link has been copied!