On Tuesday, Microsoft unveiled a comprehensive update comprising 71 patches that address vulnerabilities across ten product families. Among these, 17 vulnerabilities affecting Windows have been classified as Critical, each boasting a CVSS base score of 8.1 or higher. Notably, ten of these vulnerabilities pertain to Remote Desktop Services, highlighting a continued focus on securing remote access technologies.
Among the addressed vulnerabilities, CVE-2024-49138, which pertains to the Windows Common Log File system driver, is currently known to be exploited in the wild. Microsoft anticipates that six additional CVEs may also be targeted within the next 30 days. For organizations utilizing Sophos protections, five of this month’s vulnerabilities can be detected, with detailed information provided in the accompanying table.
Additional Insights
The release also includes advisory notes on two Edge CVEs, which were patched last week, alongside a Defense-in-Depth update for a specific version of Microsoft Project. Furthermore, six bulletins released by Adobe this week are also referenced. As part of the update, Microsoft has introduced a new appendix that categorizes Windows Server patches by affected version, enabling administrators to better assess their specific exposure based on their unique environments, particularly for products that are no longer in mainstream support.
- Total CVEs: 71
- Publicly disclosed: 1
- Exploit detected: 1
- Severity:
- Critical: 17
- Important: 54
- Impact:
- Remote Code Execution: 31
- Elevation of Privilege: 27
- Information Disclosure: 7
- Denial of Service: 5
- Spoofing: 1
- CVSS base score 9.0 or greater: 1
- CVSS score 8.0 or greater: 27
As we delve deeper into the notable updates for December, CVE-2024-49112 stands out as the only vulnerability this month with a CVSS base score exceeding 9.0, rated at 9.8. This Critical-severity RCE affects all supported versions of Windows 10 and 11, as well as all Server versions dating back to 2008. The exploit requires a maliciously crafted set of LDAP calls, and notably does not necessitate user interaction or elevated privileges. Microsoft recommends that domain controllers be configured to avoid internet access to mitigate potential risks.
Another significant vulnerability, CVE-2024-49138, is an Important-severity elevation of privilege issue that is currently under active exploitation. This vulnerability impacts all supported client and server versions of Windows, allowing an attacker to gain system privileges if successfully exploited.
Furthermore, CVE-2024-49117 presents a Critical-severity RCE that could enable cross-VM attacks, allowing an attacker to leap from a compromised machine to others within the network. In addition, CVE-2024-49114 introduces a new category of vulnerability termed False File Immutability, which could lead to untrustworthy files and other vulnerabilities.
RDP Vulnerabilities
As highlighted in recent technical reports, Remote Desktop Protocol (RDP) remains a frequent target for attackers. This month, ten of the vulnerabilities related to RDP have been classified as Critical severity, emphasizing the need for robust security measures in this area.
As 2024 draws to a close, Microsoft has addressed a total of 1,015 CVEs through its Patch Tuesday process, marking the highest annual count since 2020. This year has also witnessed two of the highest one-month patch counts on record, with April and July seeing 147 and 138 patches, respectively. In contrast, December 2023 recorded the lowest count in five years, with only 33 patches released.
For those utilizing Sophos protections, a detailed table is provided below, outlining the CVEs along with the corresponding Sophos Intercept X/Endpoint IPS and Sophos XGS Firewall detection capabilities. Additionally, for administrators who prefer immediate updates, Microsoft encourages manual downloads from the Windows Update Catalog, allowing users to select updates tailored to their specific system architecture and build number.
Sophos Protections
| CVE | Sophos Intercept X/Endpoint IPS | Sophos XGS Firewall |
| CVE-2024-49088 | Exp/2449088-A | Exp/2449088-A |
| CVE-2024-49090 | Exp/2449090-A | Exp/2449090-A |
| CVE-2024-49093 | Exp/2449093-A | Exp/2449093-A |
| CVE-2024-49122 | sid:2310400 | sid:2310400 |
| CVE-2024-49138 | Exp/2449138-A | Exp/2449138-A |
