Microsoft's December Patch Tuesday Fixes 71 Vulnerabilities, Including 1 Zero-Day

Microsoft has released its December 2024 Patch Tuesday updates, addressing 71 vulnerabilities, including one actively exploited zero-day. Affected platforms range from Windows Server 2008 to modern systems like Windows 11 and Windows Server 2025.

Summary of Updates

16 Critical Vulnerabilities: All involve remote code execution.

Vulnerability Categories:

27 Elevation of Privilege

30 Remote Code Execution (RCE)

7 Information Disclosure

5 Denial of Service

1 Spoofing

This list excludes two Microsoft Edge vulnerabilities resolved earlier on December 5 and 6.

Zero-Day Vulnerability:

CVE-2024-49138: Windows Common Log File System Driver Elevation of Privilege Vulnerability.

This zero-day vulnerability enables attackers to gain SYSTEM privileges on Windows devices.

While the flaw was actively exploited, details of its use in attacks remain undisclosed. It was identified by CrowdStrike’s Advanced Research Team, and further insights are expected.

Critical RCE Vulnerabilities

1. CVE-2024-49116: Impacts multiple Windows Server versions. Exploiting this flaw allows attackers to execute arbitrary code remotely, potentially gaining full system control.
2. CVE-2024-49112: Targets Windows 10 Version 1809 (x64 and 32-bit).

Other critical RCE vulnerabilities include flaws in:

• Windows Remote Desktop Services (e.g., CVE-2024-49115, CVE-2024-49132)
• Microsoft Message Queuing (e.g., CVE-2024-49118)
• Lightweight Directory Access Protocol (LDAP)

Elevation of Privilege Vulnerabilities

Microsoft has addressed multiple Elevation of Privilege (EoP) vulnerabilities in its latest updates, crucial for preventing unauthorized access to elevated system privileges.

Key Elevation of Privilege Fixes:

• CVE-2024-49138: Affects Windows 11 Version 22H2 and Windows 10 Version 21H2 across various architectures.
• CVE-2024-49110: Impacts Windows Server 2025, Windows 11 Version 24H2, and other platforms.
• CVE-2024-49077: Targets Windows Server 2022 23H2 Edition and Windows 11 Version 23H2 systems.

Windows 11:

• Version 22H2: Resolved CVE-2024-49138 and CVE-2024-49081, addressing Elevation of Privilege risks.
• Version 23H2: Mitigated CVE-2024-49077, another Privilege Elevation vulnerability.
• Version 24H2: Fixed CVE-2024-49110, a significant Elevation of Privilege flaw.

Windows 10:

• Version 22H2: Addressed CVE-2024-49081, mitigating Elevation of Privilege vulnerabilities.
• Version 21H2: Resolved CVE-2024-49081 and CVE-2024-49138, strengthening defenses against privilege escalation threats.

Windows Server:

• Windows Server 2025: Patched CVE-2024-49116 (Remote Code Execution) and CVE-2024-49077 (Elevation of Privilege).
• Windows Server 2022: Fixed both RCE and EoP vulnerabilities, including CVE-2024-49116 and CVE-2024-49081.
• Windows Server 2012 and 2012 R2: Addressed CVE-2024-49088 (Elevation of Privilege) and CVE-2024-49080 (Remote Code Execution).
• Windows Server 2008 and 2008 R2: Resolved critical privilege escalation vulnerabilities, such as CVE-2024-49088.

BleepingComputer has full description of each vulnerability and the systems it affects, you can view the full report here.

Importance of Applying Updates

With many vulnerabilities marked as Important or Critical, these updates are vital to prevent exploitation. Microsoft urges organizations and individuals to apply these updates promptly using Windows Update or deployment tools to mitigate security threats.

This December 2024 Patch Tuesday underscores the importance of staying current with system updates. As cyberattacks grow increasingly sophisticated, addressing critical issues such as Remote Code Execution and Elevation of Privilege vulnerabilities is essential.

Ensure your systems are protected by applying these patches immediately. For detailed information, refer to Microsoft’s official security update documentation.