Microsoft Releases December 2024 Security Updates

Scheduled updates for Microsoft products, including security updates for 72 vulnerabilities, with 1 reported as actively exploited

Threat ID:: CC-4589
Threat Severity:: Medium
Published:: 11 December 2024 4:45 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Scheduled updates for Microsoft products, including security updates for 72 vulnerabilities, with 1 reported as actively exploited

Affected platforms

The following platforms are known to be affected:

Microsoft Windows

Windows Server

Microsoft Office

The following platforms are also known to be affected:

• GitHub
• Microsoft Defender for Endpoint
• Microsoft Edge (Chromium-based)
• Microsoft Office Access
• Microsoft Office Excel
• Microsoft Office Publisher
• Microsoft Office SharePoint
• Microsoft Office Word
• Remote Desktop Client
• Role: DNS Server
• Role: Windows Hyper-V
• System Center Operations Manager
• Windows Cloud Files Mini Filter Driver
• Windows Common Log File System Driver
• Windows File Explorer
• Windows IP Routing Management Snapin
• Windows Kernel
• Windows Kernel-Mode Drivers
• Windows LDAP - Lightweight Directory Access Protocol
• Windows Local Security Authority Subsystem Service (LSASS)
• Windows Message Queuing
• Windows Mobile Broadband
• Windows PrintWorkflowUserSvc
• Windows Remote Desktop
• Windows Remote Desktop Services
• Windows Resilient File System (ReFS)
• Windows Routing and Remote Access Service (RRAS)
• Windows Task Scheduler
• Windows Virtualization-Based Security (VBS) Enclave
• Windows Wireless Wide Area Network Service
• WmsRepair Service

Threat details

Active exploitation of CVE-2024-49138

Microsoft has reported that one vulnerability, CVE-2024-49138, is under active exploitation. NHS England National CSOC urges organisations to apply relevant security updates to affected versions of Windows and Windows Server as soon as practicable.

Introduction

Microsoft has released security updates to address 72 vulnerabilities in Microsoft products. The security updates include seventeen critical vulnerabilities, of which one is under active exploitation. Some of these vulnerabilities are described below.

Vulnerability details

CVE-2024-49138 - Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVE-2024-49138 is an 'Heap-based Buffer Overflow' vulnerability in Windows and Windows Server with a CVSSv3 score of 7.8. Successful exploitation would allow an attacker to gain SYSTEM privileges. This vulnerability is under active exploitation.

CVE-2024-49112 - Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

CVE-2024-49112 is a Remote Code Execution vulnerability in Windows and Windows Server with a CVSSv3 score of 9.8. Successful exploitation could allow an unauthenticated attacker to gain code execution through a specially crafted set of LDAP calls to execute arbitrary code within the context of the LDAP service.

CVE-2024-49117 - Windows Hyper-V Remote Code Execution Vulnerability

CVE-2024-49117 is a Remote Code Execution vulnerability in Windows and Windows Server with a CVSSv3 score of 8.8. An authenticated attacker on a guest VM could send specially crafted file operation requests on the VM to hardware resources on the VM which could result in remote code execution on the host server.

CVE-2024-49105 - Remote Desktop Client Remote Code Execution Vulnerability

CVE-2024-49105 is a Remote Code Execution vulnerability in Windows, Windows Server, and Windows App Client for Windows Desktop with a CVSSv3 score of 8.4. Using a Remote Desktop connection, an authenticated attacker could exploit this vulnerability by triggering remote code execution on the server. Alternatively, an authenticated attacker could trigger guest-to-host RCE via a malicious program by connecting to the host using MMC. A successful exploitation of this vulnerability could lead to a browser sandbox escape.

CVE-2024-49093 - Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability

CVE-2024-49093 is a Privilege escalation vulnerability in Windows and Windows Server with a CVSSv3 score of 8.8. Using a low privilege AppContainer, an attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment; successful exploitation of this vulnerability would allow an attacker to obtain SYSTEM privileges.