Tech News
Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes
This month saw the release of Microsoft’s final scheduled updates. In the December 2024 Patch Tuesday update bundle, Microsoft addressed 71 security issues across various products. It is crucial for users to update their devices promptly to ensure a safe and secure holiday season.
Bunch Of Critical Vulnerabilities And A Zero-Day Got Patched
Microsoft recently patched a zero-day vulnerability affecting its Windows Common Log File System Driver. Known as CVE-2024-49138, this vulnerability posed a privilege escalation risk, enabling an unauthorized attacker to gain SYSTEM privileges.
Microsoft confirmed active exploitation of this vulnerability, which had been publicly disclosed prior to the fix. However, the company did not disclose details about the nature of these exploits. This vulnerability was rated as important and received a CVSS score of 7.8.
In addition, Microsoft addressed 16 critical vulnerabilities, all of which allowed remote code execution. Among these, 9 critical flaws (CVSS 8.1) affected Windows Remote Desktop Services, 2 impacted Windows Lightweight Directory Access Protocol (LDAP), and 2 others affected Microsoft Message Queuing (MSMQ). Furthermore, Microsoft patched a single critical vulnerability in Lightweight Directory Access Protocol (LDAP) Client, Windows Hyper-V, and Windows Local Security Authority Subsystem Service (LSASS).
The most severe of these vulnerabilities is CVE-2024-49112 (CVSS 9.8), affecting both LDAP clients and servers running vulnerable Windows versions. Exploiting this flaw requires an unauthenticated, remote attacker to send maliciously crafted RPC calls to the target LDAP server domain controller, or deceive the victim user into performing a domain lookup for the attacker’s domain or connecting to a malicious LDAP server to target an LDAP client. Once successful, the attacker could execute arbitrary code within the LDAP service context.
Other Important Patch Tuesday December Updates From Microsoft
In addition to the aforementioned vulnerabilities, Microsoft also addressed 54 other security flaws affecting various products. These include 14 remote code execution vulnerabilities, 26 privilege escalation issues, 5 denial of service flaws, 7 information disclosure issues, and 2 spoofing vulnerabilities.
The products that received the most security fixes include Microsoft Office, Microsoft SharePoint, Windows Mobile Broadband Driver, Windows Routing and Remote Access Service (RRAS), Windows Wireless Wide Area Network Service (WwanSvc), and Wireless Wide Area Network Service (WwanSvc).
While Microsoft ensures automatic patching for all eligible systems, users are advised to manually check their systems for updates to receive all security fixes in a timely manner.
We would love to hear your thoughts in the comments.
-
Destination3 months ago
Singapore Airlines CEO set to join board of Air India, BA News, BA
-
Tech News7 months ago
Bangladeshi police agents accused of selling citizens’ personal information on Telegram
-
Motivation6 months ago
The Top 20 Motivational Instagram Accounts to Follow (2024)
-
Guides & Tips5 months ago
Have Unlimited Korean Food at MANY Unlimited Topokki!
-
Guides & Tips5 months ago
Satisfy Your Meat and BBQ Cravings While in Texas
-
Gaming4 months ago
The Criterion Collection announces November 2024 releases, Seven Samurai 4K and more
-
Self Development7 months ago
Don’t Waste Your Time in Anger, Regrets, Worries and Grudges
-
Toys6 months ago
15 of the Best Trike & Tricycles Mums Recommend