This month marked the discharge of Microsoft’s final scheduled updates. With the December 2024 Patch Tuesday replace bundle, Microsoft addressed 71 safety points throughout varied merchandise. Customers should replace their units promptly to take pleasure in peaceable holidays.
Bunch Of Important Vulnerabilities And A Zero-Day Bought Patched
Microsoft lately patched a zero-day affecting its Home windows Widespread Log File System Driver. Recognized as CVE-2024-49138, the vulnerability is primarily a privilege escalation subject, permitting a licensed adversary to realize SYSTEM privileges.
The Redmond big confirmed that it detected lively exploitation of this vulnerability, which was publicly disclosed earlier than the repair. Nevertheless, the agency didn’t share any particulars concerning the character of such exploits. This flaw obtained an necessary severity ranking and a CVSS rating of seven.8.
Apart from, the tech big additionally addressed 16 vital vulnerabilities, all of which allowed distant code execution. Of those, 9 vital flaws (CVSS 8.1) affected the Home windows Distant Desktop Providers, 2 impacted the Home windows Light-weight Listing Entry Protocol (LDAP), and a pair of others affected the Microsoft Message Queuing (MSMQ). As well as, Microsoft patched a single vital vulnerability within the Light-weight Listing Entry Protocol (LDAP) Shopper, Home windows Hyper-V, and Home windows Native Safety Authority Subsystem Service (LSASS).
Probably the most extreme of those vulnerabilities is CVE-2024-49112 (CVSS 9.8), affecting each LDAP shoppers and servers operating susceptible Home windows variations. Exploiting the flaw requires an unauthenticated, distant adversary to ship maliciously crafted RPC calls to the goal LDAP server area controller, or to trick the sufferer person into performing a website lookup for the attacker’s area or connect with a malicious LDAP server, to focus on an LDAP shopper. As soon as executed, the attacker might execute arbitrary codes throughout the context of the LDAP service.
Different Vital Patch Tuesday December Updates From Microsoft
Alongside the vulnerabilities listed above, Microsoft additionally addressed 54 different safety flaws affecting totally different merchandise. These embody 14 distant code execution vulnerabilities, 26 privilege escalation points, 5 denial of service flaws, 7 data disclosure points, and a pair of spoofing vulnerabilities.
The merchandise receiving probably the most safety fixes embody Microsoft Workplace, Microsoft SharePoint, Home windows Cellular Broadband Driver, Home windows Routing and Distant Entry Service (RRAS), Home windows Wi-fi Extensive Space Community Service (WwanSvc) and Wi-fi Extensive Space Community Service (WwanSvc).
Whereas Microsoft ensures computerized patching of all eligible programs, customers ought to verify their programs manually for updates to obtain all safety fixes in time.
Tell us your ideas within the feedback.
