Focus Mode
Cyber Security News

Microsoft December 2024 Patch Tuesday Fixes One Exploited Zero-Day, 71 Flaws

Cyware


### #MicrosoftSecurity #VulnerabilityManagement #RemoteCodeExecution

Summary: A series of vulnerabilities have been identified across various Microsoft products, including critical remote code execution and elevation of privilege vulnerabilities. These issues pose significant risks to users and organizations relying on these technologies.

Threat Actor: Unknown | unknown
Victim: Microsoft Products | Microsoft

Key Point :

  • Multiple vulnerabilities across Microsoft Office, Windows services, and Edge, with several rated as critical or important.
  • Remote code execution vulnerabilities could allow attackers to execute arbitrary code on affected systems.
  • Elevation of privilege vulnerabilities may enable unauthorized access to sensitive data or system controls.
  • Users are advised to apply security updates promptly to mitigate risks associated with these vulnerabilities.
Tag CVE ID CVE Title Severity GitHub CVE-2024-49063 Microsoft/Muzic Remote Code Execution Vulnerability Important Microsoft Defender for Endpoint CVE-2024-49057 Microsoft Defender for Endpoint on Android Spoofing Vulnerability Important Microsoft Edge (Chromium-based) CVE-2024-12053 Chromium: CVE-2024-12053 Type Confusion in V8 Unknown Microsoft Edge (Chromium-based) CVE-2024-49041 Microsoft Edge (Chromium-based) Spoofing Vulnerability Moderate Microsoft Office ADV240002 Microsoft Office Defense in Depth Update Moderate Microsoft Office CVE-2024-49059 Microsoft Office Elevation of Privilege Vulnerability Important Microsoft Office CVE-2024-43600 Microsoft Office Elevation of Privilege Vulnerability Important Microsoft Office Access CVE-2024-49142 Microsoft Access Remote Code Execution Vulnerability Important Microsoft Office Excel CVE-2024-49069 Microsoft Excel Remote Code Execution Vulnerability Important Microsoft Office Publisher CVE-2024-49079 Input Method Editor (IME) Remote Code Execution Vulnerability Important Microsoft Office SharePoint CVE-2024-49064 Microsoft SharePoint Information Disclosure Vulnerability Important Microsoft Office SharePoint CVE-2024-49062 Microsoft SharePoint Information Disclosure Vulnerability Important Microsoft Office SharePoint CVE-2024-49068 Microsoft SharePoint Elevation of Privilege Vulnerability Important Microsoft Office SharePoint CVE-2024-49070 Microsoft SharePoint Remote Code Execution Vulnerability Important Microsoft Office Word CVE-2024-49065 Microsoft Office Remote Code Execution Vulnerability Important Role: DNS Server CVE-2024-49091 Windows Domain Name Service Remote Code Execution Vulnerability Important Role: Windows Hyper-V CVE-2024-49117 Windows Hyper-V Remote Code Execution Vulnerability Critical System Center Operations Manager CVE-2024-43594 System Center Operations Manager Elevation of Privilege Vulnerability Important Windows Cloud Files Mini Filter Driver CVE-2024-49114 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Important Windows Common Log File System Driver CVE-2024-49088 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important Windows Common Log File System Driver CVE-2024-49138 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important Windows Common Log File System Driver CVE-2024-49090 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important Windows File Explorer CVE-2024-49082 Windows File Explorer Information Disclosure Vulnerability Important Windows IP Routing Management Snapin CVE-2024-49080 Windows IP Routing Management Snapin Remote Code Execution Vulnerability Important Windows Kernel CVE-2024-49084 Windows Kernel Elevation of Privilege Vulnerability Important Windows Kernel-Mode Drivers CVE-2024-49074 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Important Windows LDAP – Lightweight Directory Access Protocol CVE-2024-49121 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability Important Windows LDAP – Lightweight Directory Access Protocol CVE-2024-49124 Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability Critical Windows LDAP – Lightweight Directory Access Protocol CVE-2024-49112 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability Critical Windows LDAP – Lightweight Directory Access Protocol CVE-2024-49113 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability Important Windows LDAP – Lightweight Directory Access Protocol CVE-2024-49127 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability Critical Windows Local Security Authority Subsystem Service (LSASS) CVE-2024-49126 Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability Critical Windows Message Queuing CVE-2024-49118 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability Critical Windows Message Queuing CVE-2024-49122 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability Critical Windows Message Queuing CVE-2024-49096 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability Important Windows Mobile Broadband CVE-2024-49073 Windows Mobile Broadband Driver Elevation of Privilege Vulnerability Important Windows Mobile Broadband CVE-2024-49077 Windows Mobile Broadband Driver Elevation of Privilege Vulnerability Important Windows Mobile Broadband CVE-2024-49083 Windows Mobile Broadband Driver Elevation of Privilege Vulnerability Important Windows Mobile Broadband CVE-2024-49092 Windows Mobile Broadband Driver Elevation of Privilege Vulnerability Important Windows Mobile Broadband CVE-2024-49087 Windows Mobile Broadband Driver Information Disclosure Vulnerability Important Windows Mobile Broadband CVE-2024-49110 Windows Mobile Broadband Driver Elevation of Privilege Vulnerability Important Windows Mobile Broadband CVE-2024-49078 Windows Mobile Broadband Driver Elevation of Privilege Vulnerability Important Windows PrintWorkflowUserSvc CVE-2024-49095 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability Important Windows PrintWorkflowUserSvc CVE-2024-49097 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability Important Windows Remote Desktop CVE-2024-49132 Windows Remote Desktop Services Remote Code Execution Vulnerability Critical Windows Remote Desktop Services CVE-2024-49115 Windows Remote Desktop Services Remote Code Execution Vulnerability Critical Windows Remote Desktop Services CVE-2024-49116 Windows Remote Desktop Services Remote Code Execution Vulnerability Critical Windows Remote Desktop Services CVE-2024-49123 Windows Remote Desktop Services Remote Code Execution Vulnerability Critical Windows Remote Desktop Services CVE-2024-49129 Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability Important Windows Remote Desktop Services CVE-2024-49075 Windows Remote Desktop Services Denial of Service Vulnerability Important Windows Remote Desktop Services CVE-2024-49128 Windows Remote Desktop Services Remote Code Execution Vulnerability Critical Windows Remote Desktop Services CVE-2024-49106 Windows Remote Desktop Services Remote Code Execution Vulnerability Critical Windows Remote Desktop Services CVE-2024-49108 Windows Remote Desktop Services Remote Code Execution Vulnerability Critical Windows Remote Desktop Services CVE-2024-49119 Windows Remote Desktop Services Remote Code Execution Vulnerability Critical Windows Remote Desktop Services CVE-2024-49120 Windows Remote Desktop Services Remote Code Execution Vulnerability Critical Windows Resilient File System (ReFS) CVE-2024-49093 Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability Important Windows Routing and Remote Access Service (RRAS) CVE-2024-49085 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important Windows Routing and Remote Access Service (RRAS) CVE-2024-49086 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important Windows Routing and Remote Access Service (RRAS) CVE-2024-49089 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important Windows Routing and Remote Access Service (RRAS) CVE-2024-49125 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important Windows Routing and Remote Access Service (RRAS) CVE-2024-49104 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important Windows Routing and Remote Access Service (RRAS) CVE-2024-49102 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important Windows Task Scheduler CVE-2024-49072 Windows Task Scheduler Elevation of Privilege Vulnerability Important Windows Virtualization-Based Security (VBS) Enclave CVE-2024-49076 Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability Important Windows Wireless Wide Area Network Service CVE-2024-49081 Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability Important Windows Wireless Wide Area Network Service CVE-2024-49103 Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability Important Windows Wireless Wide Area Network Service CVE-2024-49111 Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability Important Windows Wireless Wide Area Network Service CVE-2024-49109 Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability Important Windows Wireless Wide Area Network Service CVE-2024-49101 Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability Important Windows Wireless Wide Area Network Service CVE-2024-49094 Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability Important Windows Wireless Wide Area Network Service CVE-2024-49098 Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability Important Windows Wireless Wide Area Network Service CVE-2024-49099 Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability Important WmsRepair Service CVE-2024-49107 WmsRepair Service Elevation of Privilege Vulnerability Important

Source: https://www.bleepingcomputer.com/news/microsoft/microsoft-december-2024-patch-tuesday-fixes-1-exploited-zero-day-71-flaws

Tags: DNS, WINDOWS, MOBILE, ANDROID, SPOOFING, CLOUD, PRIVILEGE, VULNERABILITY