Microsoft December 2024 Patch Tuesday addressed actively exploited zero-day
						
Microsoft December 2024 Patch Tuesday security updates addressed 71 vulnerabilities including an actively exploited zero-day.
Microsoft December 2024 Patch Tuesday security updates addressed 71 vulnerabilities in Windows and Windows Components, Office and Office Components, SharePoint Server, Hyper-V, Defender for Endpoint, and System Center Operations Manager.
16 vulnerabilities are rated Critical, 54 are rated Important, and one is rated Moderate in severity. The experts noticed that this is the largest number of vulnerabilities addressed by the IT giant in December since at least 2017.
One of the issues addressed by Microsoft, tracked as CVE-2024-49138 (CVSS score of 7.8), is actively exploited in the wild. Microsoft did not disclose information about the attack exploiting this vulnerability.
The flaw is a Windows Common Log File System Driver Elevation of Privilege Vulnerability, an attacker can trigger it to gain SYSTEM privileges.
The most severe flaw addressed by Microsoft is a Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability tracked as CVE-2024-49112 (CVSS score of 9.8).
A remote, unauthenticated attacker could exploit the flaw by sending a specially crafted set of LDAP calls.
“An unauthenticated attacker who successfully exploited this vulnerability could gain code execution through a specially crafted set of LDAP calls to execute arbitrary code within the context of the LDAP service.” reads the advisory published by Microsoft.
Another interesting issue fixed by the IT giant is a critical Windows Hyper-V vulnerability, tracked as CVE-2024-49117, enabling authenticated guest VM users to execute code on the host OS or perform cross-VM attacks.
The full list of vulnerabilities addressed by Microsoft for December 2024 is available here.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, Microsoft December 2024 Patch Tuesday)
