Connect with us

Tech News

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

Published

on

Latest Hacking News

This month saw the release of Microsoft’s final scheduled updates. In the December 2024 Patch Tuesday update bundle, Microsoft addressed 71 security issues across various products. It is crucial for users to update their devices promptly to ensure a safe and secure holiday season.

Bunch Of Critical Vulnerabilities And A Zero-Day Got Patched

Microsoft recently patched a zero-day vulnerability affecting its Windows Common Log File System Driver. Known as CVE-2024-49138, this vulnerability posed a privilege escalation risk, enabling an unauthorized attacker to gain SYSTEM privileges.

Microsoft confirmed active exploitation of this vulnerability, which had been publicly disclosed prior to the fix. However, the company did not disclose details about the nature of these exploits. This vulnerability was rated as important and received a CVSS score of 7.8.

In addition, Microsoft addressed 16 critical vulnerabilities, all of which allowed remote code execution. Among these, 9 critical flaws (CVSS 8.1) affected Windows Remote Desktop Services, 2 impacted Windows Lightweight Directory Access Protocol (LDAP), and 2 others affected Microsoft Message Queuing (MSMQ). Furthermore, Microsoft patched a single critical vulnerability in Lightweight Directory Access Protocol (LDAP) Client, Windows Hyper-V, and Windows Local Security Authority Subsystem Service (LSASS).

The most severe of these vulnerabilities is CVE-2024-49112 (CVSS 9.8), affecting both LDAP clients and servers running vulnerable Windows versions. Exploiting this flaw requires an unauthenticated, remote attacker to send maliciously crafted RPC calls to the target LDAP server domain controller, or deceive the victim user into performing a domain lookup for the attacker’s domain or connecting to a malicious LDAP server to target an LDAP client. Once successful, the attacker could execute arbitrary code within the LDAP service context.

See also  KRAFTON acquires Tango Gameworks and HI-FI RUSH IP from Microsoft

Other Important Patch Tuesday December Updates From Microsoft

In addition to the aforementioned vulnerabilities, Microsoft also addressed 54 other security flaws affecting various products. These include 14 remote code execution vulnerabilities, 26 privilege escalation issues, 5 denial of service flaws, 7 information disclosure issues, and 2 spoofing vulnerabilities.

The products that received the most security fixes include Microsoft Office, Microsoft SharePoint, Windows Mobile Broadband Driver, Windows Routing and Remote Access Service (RRAS), Windows Wireless Wide Area Network Service (WwanSvc), and Wireless Wide Area Network Service (WwanSvc).

While Microsoft ensures automatic patching for all eligible systems, users are advised to manually check their systems for updates to receive all security fixes in a timely manner.

We would love to hear your thoughts in the comments.

Trending