Personal Information Security

Microsoft Patch Tuesday: December 2024, (Tue, Dec 10th)

Microsoft today released patches for 71 vulnerabilities. 16 of these vulnerabilities are considered critical. One vulnerability (CVE-2024-49138) has already been exploited, and details were made public before today’s patch release.

Significant Vulnerabilities

CVE-2024-49138: This vulnerability affects the Windows Common Log File System Driver, a subsystem affected by similar privilege escalation vulnerabilities in the past. The only reason I consider this “significant” is that it is already being exploited.

Windows Remote Desktop Services: 9 of the 16 critical vulnerabilities affect Windows Remote Desktop Services. Exploitation may lead to remote code execution. Microsoft considers the exploitation of these vulnerabilities less likely. Even without considering these vulnerabilities, Windows Remote Desktop Service should not be exposed to the internet.

LDAP: Remote code execution vulnerabilities in the LDAP service are always “interesting” given the importance of LDAP as part of Active Directory. Two critical vulnerabilities are patched for LDAP. One with a CVSS score of 9.8. A third critical vulnerability affects the LDAP client.

CVE-2024-49126: LSASS vulnerabilities always make me reminisce of the “Blaster” worm and the related vulnerability back in the day. This one does involve a race condition, which will make exploitation more difficult. It could become an interesting lateral movement vulnerability if a reliable exploit materializes.

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
Input Method Editor (IME) Remote Code Execution Vulnerability
%%cve:2024-49079%% No No Important 7.8 6.8
Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability
%%cve:2024-49124%% No No Critical 8.1 7.1
Microsoft Access Remote Code Execution Vulnerability
%%cve:2024-49142%% No No Important 7.8 6.8
Microsoft Defender for Endpoint on Android Spoofing Vulnerability
%%cve:2024-49057%% No No Important 8.1 7.1
Microsoft Edge (Chromium-based) Spoofing Vulnerability
%%cve:2024-49041%% No No Less Likely Less Likely Moderate 4.3 3.8
Microsoft Excel Remote Code Execution Vulnerability
%%cve:2024-49069%% No No Important 7.8 6.8
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
%%cve:2024-49096%% No No Important 7.5 6.5
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
%%cve:2024-49122%% No No Critical 8.1 7.1
%%cve:2024-49118%% No No Critical 8.1 7.1
Microsoft Office Defense in Depth Update
ADV240002 No No Moderate    
Microsoft Office Elevation of Privilege Vulnerability
%%cve:2024-49059%% No No Important 7.0 6.1
%%cve:2024-43600%% No No Important 7.8 6.8
Microsoft Office Remote Code Execution Vulnerability
%%cve:2024-49065%% No No Important 5.5 4.8
Microsoft SharePoint Elevation of Privilege Vulnerability
%%cve:2024-49068%% No No Important 8.2 7.1
Microsoft SharePoint Information Disclosure Vulnerability
%%cve:2024-49064%% No No Important 6.5 5.7
%%cve:2024-49062%% No No Important 6.5 5.7
Microsoft SharePoint Remote Code Execution Vulnerability
%%cve:2024-49070%% No No Important 7.4 6.4
Microsoft/Muzic Remote Code Execution Vulnerability
%%cve:2024-49063%% No No Important 8.4 7.3
System Center Operations Manager Elevation of Privilege Vulnerability
%%cve:2024-43594%% No No Important 7.3 6.4
Windows Domain Name Service Remote Code Execution Vulnerability
%%cve:2024-49091%% No No Important 7.2 6.3
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
%%cve:2024-49114%% No No Important 7.8 6.8
Windows Common Log File System Driver Elevation of Privilege Vulnerability
%%cve:2024-49088%% No No Important 7.8 6.8
%%cve:2024-49090%% No No Important 7.8 6.8
%%cve:2024-49138%% Yes Yes Important 7.8 6.8
Windows File Explorer Information Disclosure Vulnerability
%%cve:2024-49082%% No No Important 6.8 5.9
Windows Hyper-V Remote Code Execution Vulnerability
%%cve:2024-49117%% No No Critical 8.8 7.7
Windows IP Routing Management Snapin Remote Code Execution Vulnerability
%%cve:2024-49080%% No No Important 8.8 7.7
Windows Kernel Elevation of Privilege Vulnerability
%%cve:2024-49084%% No No Important 7.0 6.1
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
%%cve:2024-49074%% No No Important 7.8 6.8
Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
%%cve:2024-49121%% No No Important 7.5 6.5
%%cve:2024-49113%% No No Important 7.5 6.5
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
%%cve:2024-49112%% No No Critical 9.8 8.5
%%cve:2024-49127%% No No Critical 8.1 7.1
Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability
%%cve:2024-49126%% No No Critical 8.1 7.1
Windows Mobile Broadband Driver Elevation of Privilege Vulnerability
%%cve:2024-49073%% No No Important 6.8 5.9
%%cve:2024-49092%% No No Important 6.8 5.9
%%cve:2024-49077%% No No Important 6.8 5.9
%%cve:2024-49078%% No No Important 6.8 5.9
%%cve:2024-49083%% No No Important 6.8 5.9
%%cve:2024-49110%% No No Important 6.8 5.9
Windows Mobile Broadband Driver Information Disclosure Vulnerability
%%cve:2024-49087%% No No Important 4.6 4.0
Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability
%%cve:2024-49097%% No No Important 7.0 6.1
%%cve:2024-49095%% No No Important 7.0 6.1
Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
%%cve:2024-49129%% No No Important 7.5 6.5
Windows Remote Desktop Services Remote Code Execution Vulnerability
%%cve:2024-49106%% No No Critical 8.1 7.1
%%cve:2024-49108%% No No Critical 8.1 7.1
%%cve:2024-49115%% No No Critical 8.1 7.1
%%cve:2024-49119%% No No Critical 8.1 7.1
%%cve:2024-49120%% No No Critical 8.1 7.1
%%cve:2024-49123%% No No Critical 8.1 7.1
%%cve:2024-49132%% No No Critical 8.1 7.1
%%cve:2024-49116%% No No Critical 8.1 7.1
%%cve:2024-49128%% No No Critical 8.1 7.1
Windows Remote Desktop Services Denial of Service Vulnerability
%%cve:2024-49075%% No No Important 7.5 6.5
Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability
%%cve:2024-49093%% No No Important 8.8 7.7
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
%%cve:2024-49085%% No No Important 8.8 7.7
%%cve:2024-49086%% No No Important 8.8 7.7
%%cve:2024-49089%% No No Important 7.2 6.3
%%cve:2024-49102%% No No Important 8.8 7.7
%%cve:2024-49104%% No No Important 8.8 7.7
%%cve:2024-49125%% No No Important 8.8 7.7
Windows Task Scheduler Elevation of Privilege Vulnerability
%%cve:2024-49072%% No No Important 7.8 6.8
Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability
%%cve:2024-49076%% No No Important 7.8 6.8
Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability
%%cve:2024-49098%% No No Important 4.3 3.8
%%cve:2024-49099%% No No Important 4.3 3.8
%%cve:2024-49103%% No No Important 4.3 3.8
Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability
%%cve:2024-49094%% No No Important 6.6 5.8
%%cve:2024-49101%% No No Important 6.6 5.8
%%cve:2024-49111%% No No Important 6.6 5.8
%%cve:2024-49081%% No No Important 6.6 5.8
%%cve:2024-49109%% No No Important 6.6 5.8
WmsRepair Service Elevation of Privilege Vulnerability
%%cve:2024-49107%% No No Important 7.3 6.4


Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.