This month marked the discharge of Microsoft’s final scheduled updates. With the December 2024 Patch Tuesday replace bundle, Microsoft addressed 71 safety points throughout numerous merchandise. Customers should replace their units promptly to take pleasure in peaceable holidays.
Bunch Of Important Vulnerabilities And A Zero-Day Obtained Patched
Microsoft lately patched a zero-day affecting its Home windows Widespread Log File System Driver. Recognized as CVE-2024-49138, the vulnerability is primarily a privilege escalation concern, permitting a licensed adversary to achieve SYSTEM privileges.
The Redmond large confirmed that it detected lively exploitation of this vulnerability, which was publicly disclosed earlier than the repair. Nevertheless, the agency didn’t share any particulars relating to the character of such exploits. This flaw acquired an vital severity ranking and a CVSS rating of seven.8.
Apart from, the tech large additionally addressed 16 crucial vulnerabilities, all of which allowed distant code execution. Of those, 9 crucial flaws (CVSS 8.1) affected the Home windows Distant Desktop Companies, 2 impacted the Home windows Light-weight Listing Entry Protocol (LDAP), and a pair of others affected the Microsoft Message Queuing (MSMQ). As well as, Microsoft patched a single crucial vulnerability within the Light-weight Listing Entry Protocol (LDAP) Consumer, Home windows Hyper-V, and Home windows Native Safety Authority Subsystem Service (LSASS).
Essentially the most extreme of those vulnerabilities is CVE-2024-49112 (CVSS 9.8), affecting each LDAP shoppers and servers working susceptible Home windows variations. Exploiting the flaw requires an unauthenticated, distant adversary to ship maliciously crafted RPC calls to the goal LDAP server area controller, or to trick the sufferer person into performing a site lookup for the attacker’s area or connect with a malicious LDAP server, to focus on an LDAP shopper. As soon as accomplished, the attacker may execute arbitrary codes inside the context of the LDAP service.
Different Vital Patch Tuesday December Updates From Microsoft
Alongside the vulnerabilities listed above, Microsoft additionally addressed 54 different safety flaws affecting totally different merchandise. These embrace 14 distant code execution vulnerabilities, 26 privilege escalation points, 5 denial of service flaws, 7 info disclosure points, and a pair of spoofing vulnerabilities.
The merchandise receiving probably the most safety fixes embrace Microsoft Workplace, Microsoft SharePoint, Home windows Cell Broadband Driver, Home windows Routing and Distant Entry Service (RRAS), Home windows Wi-fi Huge Space Community Service (WwanSvc) and Wi-fi Huge Space Community Service (WwanSvc).
Whereas Microsoft ensures automated patching of all eligible techniques, customers ought to test their techniques manually for updates to obtain all safety fixes in time.
Tell us your ideas within the feedback.