Microsoft’s December 2024 Patch Tuesday: Addressing 70 Bugs including a Weaponised Threat and a CVSS Score of 9.8
Welcome to the December 2024 Microsoft Patch Tuesday Update
This month, Microsoft has delivered a large release of updates, fixing 70 vulnerabilities in total. One of these vulnerabilities has been weaponized AND public aware, with some carrying a critical CVSS score of 9.8. The update includes 16 critical patches which is the highest number for almost 6 months, 54 important fixes, covering products such as Windows, Windows Components, Hyper-V, Azure, Office, Visual Studio, Exchange, SQL Server and .NET.
Robert Brown, Head of Customer Success at Syxsense, underscores the need for strategic prioritization in vulnerability management. He draws attention to the presence of threats that could potentially serve as Jump Points, urging organizations to maintain heightened vigilance. With a combined CVSS score of 522.6 and an average score of 7.4, the critical nature of these vulnerabilities demands focused and careful remediation efforts.
Patch Tuesday Recap: Top 3 Vulnerabilities You Need to Know
As always, Patch Tuesday brings critical updates and security fixes to keep your systems protected. Here’s a breakdown of the most significant issues and why you should prioritize addressing them immediately.
1. CVE-2024-49138: Windows Common Log File System Driver Elevation of Privilege Vulnerability
- Severity: Important
- CVSS Score: 7.8
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
This vulnerability exploits the Common Log File System (CLFS) driver, enabling attackers to elevate privileges and gain SYSTEM-level access on the affected machine.
Why it matters: Attackers leveraging this flaw can gain full control of a system, bypassing typical security measures. This vulnerability has been weaponized and is publicly known, with active exploitation detected in the wild.
Current exploitability: High, due to active exploitation and public awareness. Systems without the patch are at significant risk.
What you can do:
- Patch immediately on all affected systems.
- Employ least privilege principles to minimize the impact of a successful exploit.
- Continuously monitor logs for signs of privilege escalation attempts.
2. CVE-2024-49112: Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
- Severity: Critical
- CVSS Score: 9.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
This vulnerability affects LDAP, a critical component for managing directory services. Unpatched systems could allow remote attackers to execute arbitrary code, resulting in full system compromise.
Why it matters: The combination of a critical CVSS score and the potential for remote code execution makes this one of the most dangerous vulnerabilities in this release.
Current exploitability: While exploitation is considered less likely and no weaponization has been detected, the high severity of this vulnerability demands immediate attention.
What you can do:
- Ensure all LDAP servers are patched without delay.
- Use network segmentation and firewall rules to restrict access to LDAP services.
- Regularly review access controls and permissions within your directory services.
3. CVE-2024-49117: Windows Hyper-V Remote Code Execution Vulnerability
- Severity: Critical
- CVSS Score: 8.8
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Changed
This vulnerability impacts Microsoft’s Hyper-V, a key virtualization platform. It allows an authenticated attacker operating within a guest VM to send specially crafted file operation requests to hardware resources on the VM. If successful, this could lead to remote code execution on the host server.
Why it matters: Compromise of the Hyper-V host could result in the attacker gaining control of other guest VMs running on the same server. This could escalate into a broader security breach across the virtualized environment.
Current exploitability: While this vulnerability has not been weaponized or publicly disclosed, the risk remains high due to its critical nature. Exploitation is considered less likely currently, but proactive mitigation is essential.
What you can do:
- Apply the latest patches to all Hyper-V servers immediately.
- Restrict access to guest VMs to trusted and authenticated users.
- Monitor VM activity for any unusual file operations or requests.
Final Thoughts
Staying ahead of potential threats requires consistent attention to Patch Tuesday updates. These vulnerabilities illustrate the importance of proactive security measures and timely patching. While some vulnerabilities may seem less likely to be exploited, the risks are too great to ignore—especially when attackers evolve quickly. Make patch management a priority and ensure your team is equipped to respond swiftly to emerging threats. As always, a well-maintained and secure environment is your best defense.
| Reference | Description | Vendor Severity | CVSS Score | Weaponised | Publicly Aware | Exploitability Assessment | Countermeasure | Additional Information | Bug Type |
| CVE-2024-49138 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important | 7.8 | Yes | Yes | Exploit Detected | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege |
| CVE-2024-49112 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | Critical | 9.8 | No | No | Less Likely | No | Remote Code Execution | |
| CVE-2024-49117 | Windows Hyper-V Remote Code Execution Vulnerability | Critical | 8.8 | No | No | Less Likely | No | Scope = Changed, Jump Point = True This vulnerability would require an authenticated attacker on a guest VM to send specially crafted file operation requests on the VM to hardware resources on the VM which could result in remote code execution on the host server. |
Remote Code Execution |
| CVE-2024-49080 | Windows IP Routing Management Snapin Remote Code Execution Vulnerability | Important | 8.8 | No | No | Less Likely | No | Remote Code Execution | |
| CVE-2024-49093 | Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability | Important | 8.8 | No | No | Less Likely | No | Scope = Changed, Jump Point = True A successful attack could be performed from a low privilege AppContainer. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment. |
Elevation of Privilege |
| CVE-2024-49085 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important | 8.8 | No | No | Less Likely | No | Remote Code Execution | |
| CVE-2024-49086 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important | 8.8 | No | No | Less Likely | No | Remote Code Execution | |
| CVE-2024-49102 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important | 8.8 | No | No | Less Likely | No | Remote Code Execution | |
| CVE-2024-49104 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important | 8.8 | No | No | Less Likely | No | Remote Code Execution | |
| CVE-2024-49125 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important | 8.8 | No | No | Less Likely | No | Remote Code Execution | |
| CVE-2024-49063 | Microsoft/Muzic Remote Code Execution Vulnerability | Important | 8.4 | No | No | Less Likely | No | Remote Code Execution | |
| CVE-2024-49068 | Microsoft SharePoint Elevation of Privilege Vulnerability | Important | 8.2 | No | No | Less Likely | No | Elevation of Privilege | |
| CVE-2024-49124 | Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability | Critical | 8.1 | No | No | Less Likely | No | Remote Code Execution | |
| CVE-2024-49118 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | Critical | 8.1 | No | No | Less Likely | No | Remote Code Execution | |
| CVE-2024-49122 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | Critical | 8.1 | No | No | More Likely | No | Remote Code Execution | |
| CVE-2024-49127 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | Critical | 8.1 | No | No | Less Likely | Ensure that domain controllers are configured either to not access the internet or to not allow inbound RPC from untrusted networks. While either mitigation will protect your system from this vulnerability, applying both configurations provides an effective defense-in-depth against this vulnerability. | An unauthenticated attacker could send a specially crafted request to a vulnerable server. Successful exploitation could result in the attacker’s code running in the context of the SYSTEM account. | Remote Code Execution |
| CVE-2024-49126 | Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability | Critical | 8.1 | No | No | Less Likely | No | Successful exploitation of this vulnerability requires an attacker to win a race condition. | Remote Code Execution |
| CVE-2024-49106 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Critical | 8.1 | No | No | Less Likely | No | An attacker could successfully exploit this vulnerability by connecting to a system with the Remote Desktop Gateway role, triggering the race condition to create a use-after-free scenario, and then leveraging this to execute arbitrary code. | Remote Code Execution |
| CVE-2024-49108 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Critical | 8.1 | No | No | Less Likely | No | An attacker could successfully exploit this vulnerability by connecting to a system with the Remote Desktop Gateway role, triggering the race condition to create a use-after-free scenario, and then leveraging this to execute arbitrary code. | Remote Code Execution |
| CVE-2024-49115 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Critical | 8.1 | No | No | Less Likely | No | An attacker could successfully exploit this vulnerability by connecting to a system with the Remote Desktop Gateway role, triggering the race condition to create a use-after-free scenario, and then leveraging this to execute arbitrary code. | Remote Code Execution |
| CVE-2024-49116 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Critical | 8.1 | No | No | Less Likely | No | An attacker could successfully exploit this vulnerability by connecting to a system with the Remote Desktop Gateway role, triggering the race condition to create a use-after-free scenario, and then leveraging this to execute arbitrary code. | Remote Code Execution |
| CVE-2024-49119 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Critical | 8.1 | No | No | Less Likely | No | An attacker could successfully exploit this vulnerability by connecting to a system with the Remote Desktop Gateway role, triggering the race condition to create a use-after-free scenario, and then leveraging this to execute arbitrary code. | Remote Code Execution |
| CVE-2024-49120 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Critical | 8.1 | No | No | Less Likely | No | An attacker could successfully exploit this vulnerability by connecting to a system with the Remote Desktop Gateway role, triggering the race condition to create a use-after-free scenario, and then leveraging this to execute arbitrary code. | Remote Code Execution |
| CVE-2024-49123 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Critical | 8.1 | No | No | Less Likely | No | An attacker could successfully exploit this vulnerability by connecting to a system with the Remote Desktop Gateway role, triggering the race condition to create a use-after-free scenario, and then leveraging this to execute arbitrary code. | Remote Code Execution |
| CVE-2024-49128 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Critical | 8.1 | No | No | Less Likely | No | An attacker could successfully exploit this vulnerability by connecting to a system with the Remote Desktop Gateway role, triggering the race condition to create a use-after-free scenario, and then leveraging this to execute arbitrary code. | Remote Code Execution |
| CVE-2024-49132 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Critical | 8.1 | No | No | Less Likely | No | An attacker could successfully exploit this vulnerability by connecting to a system with the Remote Desktop Gateway role, triggering the race condition to create a use-after-free scenario, and then leveraging this to execute arbitrary code. | Remote Code Execution |
| CVE-2024-49057 | Microsoft Defender for Endpoint on Android Spoofing Vulnerability | Important | 8.1 | No | No | Less Likely | No | Spoofing | |
| CVE-2024-49079 | Input Method Editor (IME) Remote Code Execution Vulnerability | Important | 7.8 | No | No | Less Likely | No | Remote Code Execution | |
| CVE-2024-49142 | Microsoft Access Remote Code Execution Vulnerability | Important | 7.8 | No | No | Less Likely | No | The Preview Pane is not an attack vector. | Remote Code Execution |
| CVE-2024-49069 | Microsoft Excel Remote Code Execution Vulnerability | Important | 7.8 | No | No | Less Likely | No | The Preview Pane is not an attack vector. | Remote Code Execution |
| CVE-2024-43600 | Microsoft Office Elevation of Privilege Vulnerability | Important | 7.8 | No | No | Less Likely | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege |
| CVE-2024-49114 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | Important | 7.8 | No | No | More Likely | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege |
| CVE-2024-49088 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important | 7.8 | No | No | More Likely | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege |
| CVE-2024-49090 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important | 7.8 | No | No | More Likely | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege |
| CVE-2024-49074 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | Important | 7.8 | No | No | Less Likely | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege |
| CVE-2024-49072 | Windows Task Scheduler Elevation of Privilege Vulnerability | Important | 7.8 | No | No | Less Likely | No | Elevation of Privilege | |
| CVE-2024-49076 | Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability | Important | 7.8 | No | No | Less Likely | No | Elevation of Privilege | |
| CVE-2024-49096 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | Important | 7.5 | No | No | Less Likely | No | Denial of Service | |
| CVE-2024-49113 | Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | Important | 7.5 | No | No | Less Likely | No | Denial of Service | |
| CVE-2024-49121 | Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | Important | 7.5 | No | No | Less Likely | No | Denial of Service | |
| CVE-2024-49129 | Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability | Important | 7.5 | No | No | Less Likely | No | Denial of Service | |
| CVE-2024-49075 | Windows Remote Desktop Services Denial of Service Vulnerability | Important | 7.5 | No | No | Less Likely | No | Denial of Service | |
| CVE-2024-49070 † | Microsoft SharePoint Remote Code Execution Vulnerability | Important | 7.4 | No | No | More Likely | No | Remote Code Execution | |
| CVE-2024-43594 | System Center Operations Manager Elevation of Privilege Vulnerability | Important | 7.3 | No | No | Less Likely | No | Elevation of Privilege | |
| CVE-2024-49107 | WmsRepair Service Elevation of Privilege Vulnerability | Important | 7.3 | No | No | Less Likely | No | An attacker would be able to delete any system files. | Elevation of Privilege |
| CVE-2024-49091 | Windows Domain Name Service Remote Code Execution Vulnerability | Important | 7.2 | No | No | Less Likely | No | Remote Code Execution | |
| CVE-2024-49089 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important | 7.2 | No | No | Less Likely | No | Remote Code Execution | |
| CVE-2024-49059 | Microsoft Office Elevation of Privilege Vulnerability | Important | 7 | No | No | Less Likely | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege |
| CVE-2024-49084 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7 | No | No | Less Likely | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege |
| CVE-2024-49095 | Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability | Important | 7 | No | No | Less Likely | No | Elevation of Privilege | |
| CVE-2024-49097 | Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability | Important | 7 | No | No | Less Likely | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege |
| CVE-2024-49082 | Windows File Explorer Information Disclosurermation Disclosure Vulnerability | Important | 6.8 | No | No | Less Likely | No | Information Disclosure | |
| CVE-2024-49073 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability | Important | 6.8 | No | No | Less Likely | No | An attacker needs physical access to the target computer to plug in a malicious USB drive. | Elevation of Privilege |
| CVE-2024-49077 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability | Important | 6.8 | No | No | Less Likely | No | An attacker needs physical access to the target computer to plug in a malicious USB drive. | Elevation of Privilege |
| CVE-2024-49078 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability | Important | 6.8 | No | No | Less Likely | No | An attacker needs physical access to the target computer to plug in a malicious USB drive. | Elevation of Privilege |
| CVE-2024-49083 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability | Important | 6.8 | No | No | Less Likely | No | An attacker needs physical access to the target computer to plug in a malicious USB drive. | Elevation of Privilege |
| CVE-2024-49092 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability | Important | 6.8 | No | No | Less Likely | No | An attacker needs physical access to the target computer to plug in a malicious USB drive. | Elevation of Privilege |
| CVE-2024-49110 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability | Important | 6.8 | No | No | Less Likely | No | An attacker needs physical access to the target computer to plug in a malicious USB drive. | Elevation of Privilege |
| CVE-2024-49081 | Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability | Important | 6.6 | No | No | Less Likely | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege |
| CVE-2024-49094 | Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability | Important | 6.6 | No | No | Less Likely | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege |
| CVE-2024-49101 | Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability | Important | 6.6 | No | No | Less Likely | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege |
| CVE-2024-49109 | Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability | Important | 6.6 | No | No | Less Likely | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege |
| CVE-2024-49111 | Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability | Important | 6.6 | No | No | Less Likely | No | To exploit this vulnerability, an attacker needs physical access to the victim’s machine. | Elevation of Privilege |
| CVE-2024-49062 † | Microsoft SharePoint Information Disclosurermation Disclosure Vulnerability | Important | 6.5 | No | No | Less Likely | No | Information Disclosure | |
| CVE-2024-49064 † | Microsoft SharePoint Information Disclosurermation Disclosure Vulnerability | Important | 6.5 | No | No | Less Likely | No | Information Disclosure | |
| CVE-2024-49065 | Microsoft Office Remote Code Execution Vulnerability | Important | 5.5 | No | No | Less Likely | No | The attachment Preview Pane that is accessed when a user clicks to preview an attached file is an attack vector; however, the email Preview Pane itself is not. | Remote Code Execution |
| CVE-2024-49087 | Windows Mobile Broadband Driver Information Disclosurermation Disclosure Vulnerability | Important | 4.6 | No | No | Less Likely | No | An attacker needs physical access to the target computer to plug in a malicious USB drive. | Information Disclosure |
| CVE-2024-49098 | Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosurermation Disclosure Vulnerability | Important | 4.3 | No | No | Less Likely | No | An attacker needs physical access to the target computer to plug in a malicious USB drive. | Information Disclosure |
| CVE-2024-49099 | Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosurermation Disclosure Vulnerability | Important | 4.3 | No | No | Less Likely | No | An attacker needs physical access to the target computer to plug in a malicious USB drive. | Information Disclosure |
| CVE-2024-49103 | Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosurermation Disclosure Vulnerability | Important | 4.3 | No | No | Less Likely | No | Information Disclosure |
Do you need help keeping up patches? Syxsense’s automated patch management capabilities helps enterprises patch faster and more accurately. Schedule a consultation with us to learn how we can help you.
