
Microsoft Releases 71 Security Updates in December Patch Tuesday | Image Source: Pexels.com
REDMOND, Wash., Dec. 11, 2024 — Microsoft has issued its final Patch Tuesday update for 2024, delivering 71 patches spanning 10 product families. This latest release includes fixes for 17 Critical-severity vulnerabilities, all affecting Windows, with CVSS base scores of 8.1 or higher. Notably, 10 of these involve vulnerabilities in Remote Desktop Services, a frequent target for attackers, as per Sophos.com.
Among the patches, one vulnerability (CVE-2024-49138) is already known to be actively exploited. This issue, categorized as an Important-severity flaw, affects the Windows Common Log File System driver and can enable attackers to gain system privileges. Additionally, Microsoft has flagged six other CVEs as more likely to be exploited within the next 30 days, reflecting the urgency for administrators to apply the updates promptly.
Critical Vulnerabilities Highlighted
The December Patch Tuesday rollout emphasizes addressing critical security gaps. CVE-2024-49112, a Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution (RCE) vulnerability, stands out as the most severe, with a CVSS score of 9.8. Affecting all supported versions of Windows 10, 11, and Server editions from 2008 onward, this flaw allows attackers to execute arbitrary code via malicious LDAP calls without requiring privileges or user interaction.
Another significant concern is CVE-2024-49117, a Hyper-V RCE vulnerability that could facilitate cross-VM attacks. Attackers leveraging this flaw could compromise other virtual machines hosted on the same system. Such vulnerabilities underline the critical importance of robust virtualization security protocols.
Remote Desktop Services and Broader Impacts
Remote Desktop Services (RDS) continues to be a focal point of Microsoft’s patching efforts. December’s update addresses 12 RDS-related CVEs, 10 of which are rated as Critical-severity. These vulnerabilities impact both client and server installations, with potential consequences including unauthorized code execution and system compromise. Sophos reports that RDS remains one of the most frequently exploited Microsoft components in active adversary campaigns.
Beyond RDS, other vulnerabilities span a range of impacts, including Remote Code Execution (31 CVEs), Elevation of Privilege (27 CVEs), Information Disclosure (7 CVEs), Denial of Service (5 CVEs), and Spoofing (1 CVE). A notable emerging issue, CVE-2024-49114, involves a potential new vulnerability category called “False File Immutability,” which could disrupt system behaviors by exploiting assumptions in Windows componentry.
Other Notable Updates
Microsoft’s December release also incorporates advisory information on two Microsoft Edge CVEs addressed earlier, a Defense-in-Depth update for a specific Microsoft Project version, and six security bulletins issued by Adobe. These complement the monthly roll-up of fixes, adding depth to the overall security posture. Noteworthy Adobe CVEs include CVE-2024-49531 and CVE-2024-49530, targeting vulnerabilities like Use-After-Free and Out-of-Bounds Read in Adobe Reader.
Administrators are advised to prioritize updates based on the severity and exploitability of vulnerabilities. For instance, CVE-2024-49138 (actively exploited) and CVE-2024-49112 (highest CVSS score) should be at the top of the list. Sophos highlights that five CVEs this month are detectable by its Intercept X and XGS Firewall protections, providing additional layers of defense against emerging threats.
Year in Review: A Record-Breaking 2024
As 2024 concludes, Microsoft has addressed 1,015 CVEs through its Patch Tuesday releases, marking the highest annual count since 2020. April and July 2024 were particularly notable, with record-breaking monthly patch counts of 147 and 138, respectively. In contrast, December 2023 had the fewest patches of the past five years, with just 33 updates.
Remote Code Execution vulnerabilities maintained their lead as the most commonly addressed issue type in 2024, followed by Elevation of Privilege flaws. This trend reflects attackers’ continued focus on exploiting system weaknesses to gain unauthorized access or control. As Sophos notes, these vulnerabilities underscore the need for diligent patch management and proactive defense strategies.
To assist administrators, Microsoft has introduced a new appendix in its December release, detailing Windows Server patches by affected version. This resource is designed to help IT teams quickly assess their specific exposure and prioritize remediation efforts, especially for products nearing the end of mainstream support.
Organizations are encouraged to utilize tools like Microsoft’s Windows Update Catalog for manual patch application. Sophos further advises running diagnostic tools such as winver.exe to identify system build versions and ensure compatibility with cumulative updates. Taking these steps can significantly reduce the risk of exploitation and enhance overall system security.