Service Notices
Microsoft Releases December 2024 Security Updates
Dec 12, 2024 GMT+08:00
I. Overview
Microsoft has released its December 2024 Security Updates. A total of 71 security vulnerabilities have been disclosed, among which 17 are marked as important vulnerabilities. Attackers can leverage these vulnerabilities to execute remote code, escalate privileges, and leak information. The following applications are affected: Microsoft Windows, Microsoft Office, Microsoft Defender and System Center.
For details, visit the Microsoft official website:
https://msrc.microsoft.com/update-guide/releaseNote/2024-Dec
The following vulnerabilities require close scrutiny as their details have been disclosed or they have already been exploited by attackers:
Windows Common Log File System Driver Elevation of Privilege Vulnerability (CVE-2024-49138): 0-day vulnerability. An attacker who successfully exploited this vulnerability could obtain system privileges. This vulnerability has been exploited in the wild, and the risk is high.
6 vulnerabilities (such as CVE-2024-49122, CVE-2024-49114, and CVE-2024-49093) are marked as Exploitation More Likely. For details, see the official announcement. Please perform security self-check and security hardening in a timely manner to reduce attack risks.
II. Severity
Severity: important
(Severity: low, moderate, important, and critical)
III. Affected Products
Microsoft Windows, Microsoft Office, Microsoft Defender and System Center.
IV. Vulnerability Details
|
CVE ID |
Vulnerability |
Severity |
Description |
|
CVE-2024-49105 |
Remote Desktop Client Remote Code Execution Vulnerability |
Important |
An authenticated attacker could exploit the vulnerability by triggering remote code execution (RCE) on the server via a Remote Desktop connection. An attacker who successfully exploited the vulnerability could execute arbitrary code on the target server. |
|
CVE-2024-49124 |
Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability |
Important |
An unauthenticated attacker could send a specially crafted request to a vulnerable server. Successful exploitation of this vulnerability could lead to remote code execution on the target server. |
|
CVE-2024-49127 |
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability |
Important |
An unauthenticated attacker could send a specially crafted request to a vulnerable server. Successful exploitation of this vulnerability could lead to remote code execution on the target server. |
|
CVE-2024-49118 CVE-2024-49122 |
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability |
Important |
A remote attacker can trigger the vulnerability by crafting malicious MSMQ packets and sending them to the MSMQ server. Successful exploitation of this vulnerability could lead to remote code execution on the target server. |
|
CVE-2024-49123 CVE-2024-49116 CVE-2024-49132 CVE-2024-49120 CVE-2024-49119 CVE-2024-49108 CVE-2024-49128 CVE-2024-49106 CVE-2024-49115 |
Windows Remote Desktop Services Remote Code Execution Vulnerability |
Important |
An attacker could successfully exploit this vulnerability by connecting to a system with the Remote Desktop Gateway role, triggering the race condition to create a use-after-free scenario, and then leveraging this to execute arbitrary code. |
|
CVE-2024-49112 |
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability |
Important |
An unauthenticated attacker who successfully exploited this vulnerability could gain code execution through a specially crafted set of LDAP calls to execute arbitrary code within the context of the LDAP service. |
|
CVE-2024-49126 |
Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability |
Important |
Successful exploitation of this vulnerability allows remote attackers to execute arbitrary code on the target system to fully control the system. |
|
CVE-2024-49117 |
Windows Hyper-V Remote Code Execution Vulnerability |
Important |
An authenticated attacker could trigger the vulnerability by sending specially crafted file operation requests to hardware resources on the VM. Successful exploitation of this vulnerability could lead to arbitrary code execution on the target server. |
(Note: Vulnerabilities listed above are important ones. For more information, refer to the official website of Microsoft.)
V. Security Recommendations
1. Use Windows Update or download patches from the following address to fix the vulnerabilities:
https://msrc.microsoft.com/update-guide
2. Back up data remotely to protect your data.
Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.