Microsoft December 2024 Patch Tuesday: 71 Vulnerabilities Resolved, Including Exploited Zero-Day and 30 Critical RCEs
Microsoft’s December 2024 Patch Tuesday addresses 71 vulnerabilities, including critical remote code execution flaws and a zero-day exploit affecting the Windows Common Log File System (CLFS) driver. The update is crucial for protecting systems from active threats, with several critical flaws that could allow attackers to execute arbitrary code remotely. Users and administrators are urged to apply the patches immediately.
Microsoft's December 2024 Patch Tuesday Fixes Over 70 Vulnerabilities, Including Zero-Day Exploits and Critical Flaws
Microsoft’s latest Patch Tuesday release, which rolled out on December 10, 2024, addresses 71 security vulnerabilities across Windows and related software. This month’s update includes fixes for multiple critical flaws, some of which are already being actively exploited in the wild.
Among the vulnerabilities addressed are several critical Remote Code Execution (RCE) flaws, Elevation of Privilege (EoP) vulnerabilities, and a zero-day flaw affecting the Windows Common Log File System (CLFS) driver, which was already being exploited before the patch was released.
Here is a breakdown of the key vulnerabilities that were patched in this month's update:
1. CVE-2024-49117 - Windows Hyper-V Remote Code Execution Vulnerability
- Severity: Critical
- Description: A vulnerability in Windows Hyper-V that could allow an attacker to execute arbitrary code remotely, potentially gaining control of the host system. This affects Windows Server 2025 and earlier versions.
2. CVE-2024-49124 - Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability
- Severity: Critical
- Description: This flaw affects Windows versions that utilize LDAP for directory services. An attacker could exploit this vulnerability remotely, leading to code execution with the same privileges as the calling process.
3. CVE-2024-49112 - Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
- Severity: Critical
- Description: A critical RCE vulnerability in the LDAP service affecting all Windows versions since Windows 7. Exploitation of this vulnerability allows attackers to execute arbitrary code remotely, potentially compromising domain controllers.
4. CVE-2024-49127 - Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
- Severity: Critical
- Description: Similar to CVE-2024-49112, this vulnerability also impacts the LDAP service, enabling attackers to remotely execute code on affected systems.
5. CVE-2024-49126 - Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability
- Severity: Critical
- Description: This vulnerability in the LSASS service could allow an attacker to execute arbitrary code remotely on domain controllers or other affected systems, potentially leading to a full system compromise.
6. CVE-2024-49118 - Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
- Severity: Critical
- Description: An RCE vulnerability in Microsoft Message Queuing (MSMQ) that affects multiple Windows versions. Attackers could exploit this flaw remotely to execute arbitrary code on vulnerable systems.
7. CVE-2024-49122 - Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
- Severity: Critical
- Description: A second vulnerability within the MSMQ service, which could allow remote code execution, potentially leading to a complete compromise of affected systems.
8. CVE-2024-49132 - Windows Remote Desktop Services Remote Code Execution Vulnerability
- Severity: Critical
- Description: A vulnerability in Windows Remote Desktop Services that could allow attackers to execute arbitrary code remotely. This flaw affects multiple versions of Windows and poses a significant risk to systems exposed to external networks.
9. CVE-2024-49115 - Windows Remote Desktop Services Remote Code Execution Vulnerability
- Severity: Critical
- Description: Another critical flaw in Remote Desktop Services, allowing remote attackers to execute code and potentially take control of vulnerable systems.
10. CVE-2024-49116 - Windows Remote Desktop Services Remote Code Execution Vulnerability
- Severity: Critical
- Description: A similar vulnerability to CVE-2024-49115, affecting Remote Desktop Services and allowing remote code execution with the potential to fully compromise vulnerable systems.
11. CVE-2024-49123 - Windows Remote Desktop Services Remote Code Execution Vulnerability
- Severity: Critical
- Description: Yet another RCE vulnerability in Remote Desktop Services that could allow attackers to execute arbitrary code and control affected systems remotely.
12. CVE-2024-49128 - Windows Remote Desktop Services Remote Code Execution Vulnerability
- Severity: Critical
- Description: This vulnerability could allow attackers to exploit Remote Desktop Services for remote code execution, posing a critical risk to Windows systems connected to external networks.
13. CVE-2024-49106 - Windows Remote Desktop Services Remote Code Execution Vulnerability
- Severity: Critical
- Description: An RCE flaw in Remote Desktop Services that allows attackers to remotely execute arbitrary code, potentially gaining full access to affected systems.
14. CVE-2024-49108 - Windows Remote Desktop Services Remote Code Execution Vulnerability
- Severity: Critical
- Description: Another critical flaw in Remote Desktop Services, enabling remote attackers to execute arbitrary code on affected systems.
15. CVE-2024-49119 - Windows Remote Desktop Services Remote Code Execution Vulnerability
- Severity: Critical
- Description: A vulnerability in Windows Remote Desktop Services that could be exploited to execute remote code and gain full control over vulnerable systems.
16. CVE-2024-49120 - Windows Remote Desktop Services Remote Code Execution Vulnerability
- Severity: Critical
- Description: A similar vulnerability affecting Remote Desktop Services, allowing remote code execution and a potential full system compromise.
Additional Vulnerabilities and Fixes
In addition to the critical RCE flaws, Microsoft’s December update also addresses multiple Elevation of Privilege (EoP) vulnerabilities, Denial of Service (DoS) flaws, Information Disclosure vulnerabilities, and various Security Feature Bypasses:
- CVE-2024-49142 – Microsoft Access Remote Code Execution Vulnerability (Important)
- CVE-2024-49064 – Microsoft SharePoint Information Disclosure Vulnerability (Important)
- CVE-2024-49062 – Microsoft SharePoint Information Disclosure Vulnerability (Important)
- CVE-2024-49070 – Microsoft SharePoint Remote Code Execution Vulnerability (Important)
- CVE-2024-49082 – Windows File Explorer Information Disclosure Vulnerability (Important)
- CVE-2024-49080 – Windows IP Routing Management Snapin Remote Code Execution Vulnerability (Important)
- CVE-2024-49092 – Windows Mobile Broadband Driver Elevation of Privilege Vulnerability (Important)
- CVE-2024-49095 – Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability (Important)
Microsoft also addressed vulnerabilities in legacy products, including Windows Server 2008 and Windows Server 2012. Additionally, various Denial of Service (DoS) vulnerabilities were patched in services like Remote Desktop Services and LDAP
Zero-Day Vulnerability (CVE-2024-49138)
One of the most pressing fixes in the December update is for the zero-day vulnerability CVE-2024-49138, which is being actively exploited in the wild. This Elevation of Privilege (EoP) flaw affects the Windows Common Log File System (CLFS) driver, potentially allowing an authenticated attacker to gain SYSTEM level privileges on the target device. This vulnerability was discovered by CrowdStrike’s Advanced Research Team, and its exploitation could allow attackers to execute arbitrary code with elevated privileges.
Conclusion
With 71 vulnerabilities fixed, including several critical RCE vulnerabilities and the active zero-day exploit in CLFS, Microsoft’s December Patch Tuesday highlights the ongoing importance of keeping Windows systems up-to-date. Users and system administrators are urged to apply these patches immediately to protect against potential exploits.
For detailed patching instructions, users can visit Microsoft’s official security update page.