Severity Level: Critical
Title:
Security Updates – Microsoft
Summary:
Microsoft has released its December 2024 security updates, addressing a total of 72 vulnerabilities,
including a high-severity, actively exploited zero-day vulnerability.
Zero-Day Vulnerability:
CVE-2024-49138 - Windows Common Log File System Driver Elevation of Privilege Vulnerability
• CVSS Score: 7.8 (High)
• Actively exploited in the wild
• Allows attackers to gain SYSTEM privileges on Windows devices
• Affects all supported versions of Windows OS and Windows Server
Critical Vulnerability:
CVE-2024-49112 - Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution
Vulnerability
• CVSS Score: 9.8 (Critical)
• Allows remote, unauthenticated attackers to exploit affected Domain Controllers
• Execution occurs at the elevated LDAP service level
Other Important Vulnerabilities:
• CVE-2024-49117 - Windows Hyper-V Remote Code Execution Vulnerability
o Allows authenticated attackers on guest VMs to execute code on the host OS
o Potential for cross-VM attacks
o Requires only basic authentication
• Windows LDAP (CVE-2024-49124, CVE-2024-49127)
• Windows Local Security Authority Subsystem Service (LSASS) (CVE-2024-49126)
• Windows Message Queuing (CVE-2024-49118, CVE-2024-49122)
• Windows Remote Desktop Services (CVE-2024-49132, CVE-2024-49115, CVE-2024- 49116, CVE-2024-
49123, CVE-2024-49128, CVE-2024-49106, CVE-2024-49108, CVE-2024-49119, CVE-2024-49120)
Recommendations:
We have recommended s applying the security updates recently released by Microsoft.
References:
click here