Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws
2024-12-11 02:45:19 Author: www.bleepingcomputer.com(查看原文) 阅读量:2 收藏
2024-12-11 02:45:19 Author: www.bleepingcomputer.com(查看原文) 阅读量:2 收藏
Today is Microsoft's December 2024 Patch Tuesday, which includes security updates for 71 flaws, including one actively exploited zero-day vulnerability.
This Patch Tuesday fixed sixteen critical vulnerabilities, all of which are remote code execution flaws.
The number of bugs in each vulnerability category is listed below:
- 27 Elevation of Privilege Vulnerabilities
- 30 Remote Code Execution Vulnerabilities
- 7 Information Disclosure Vulnerabilities
- 5 Denial of Service Vulnerabilities
- 1 Spoofing Vulnerabilities
This count does not include two Edge flaws that were previously fixed on December 5 and 6th.
To learn more about the non-security updates released today, you can review our dedicated articles on the Windows 11 KB5048667 & KB5048685 cumulative updates and the Windows 10 KB5048652 cumulative update.
One actively exploited zero-day disclosed
This month's Patch Tuesday fixes one actively exploited, publicly disclosed zero-day vulnerability.
Microsoft classifies a zero-day flaw as one that is publicly disclosed or actively exploited while no official fix is available.
The actively exploited zero-day vulnerability in today's updates are:
CVE-2024-49138 - Windows Common Log File System Driver Elevation of Privilege Vulnerability
Microsoft has fixed an actively exploited zero-day that allows attackers to gain SYSTEM privileges on Windows devices.
No information has been released as to how the flaw was exploited in attacks.
However, as it was discovered by the Advanced Research Team with CrowdStrike, we will likely see a report about its exploitation in the future.
BleepingComputer contacted CrowdStrike for more information but has not yet received a response.
Recent updates from other companies
Other vendors who released updates or advisories in December 2024 include:
- Adobe released security updates for numerous products, including Photoshop, Commerce, Illustrator, InDesign, After Effects, Bridge, and more.
- CISA released advisories on industrial control system vulnerabilities in MOBATIME, Schneider Electric, National Instruments, Horner Automation, Rockwell Automation, and Ruijie.
- Cleo security file transfer is impacted by an actively exploited zero-day used in data theft attacks.
- Cisco releases security updates for multiple products, including Cisco NX-OS and Cisco ASA.
- IO-Data zero-day router flaws exploited in attacks to take over devices.
- 0patch released an unofficial patch for a Windows zero-day vulnerability that allows attackers to capture NTLM credentials.
- OpenWrt releases security updates for a Sysupgrade flaw that allowed attackers to distribute malicious firmware images.
- SAP releases security updates for multiple products as part of December Patch Day.
- Veeam released security updates for a critical RCE bug in Service Provider Console.
The December 2024 Patch Tuesday Security Updates
Below is the complete list of resolved vulnerabilities in the December 2024 Patch Tuesday updates.
To access the full description of each vulnerability and the systems it affects, you can view the full report here.
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| GitHub | CVE-2024-49063 | Microsoft/Muzic Remote Code Execution Vulnerability | Important |
| Microsoft Defender for Endpoint | CVE-2024-49057 | Microsoft Defender for Endpoint on Android Spoofing Vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2024-12053 | Chromium: CVE-2024-12053 Type Confusion in V8 | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2024-49041 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | Moderate |
| Microsoft Office | ADV240002 | Microsoft Office Defense in Depth Update | Moderate |
| Microsoft Office | CVE-2024-49059 | Microsoft Office Elevation of Privilege Vulnerability | Important |
| Microsoft Office | CVE-2024-43600 | Microsoft Office Elevation of Privilege Vulnerability | Important |
| Microsoft Office Access | CVE-2024-49142 | Microsoft Access Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2024-49069 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Publisher | CVE-2024-49079 | Input Method Editor (IME) Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2024-49064 | Microsoft SharePoint Information Disclosure Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2024-49062 | Microsoft SharePoint Information Disclosure Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2024-49068 | Microsoft SharePoint Elevation of Privilege Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2024-49070 | Microsoft SharePoint Remote Code Execution Vulnerability | Important |
| Microsoft Office Word | CVE-2024-49065 | Microsoft Office Remote Code Execution Vulnerability | Important |
| Role: DNS Server | CVE-2024-49091 | Windows Domain Name Service Remote Code Execution Vulnerability | Important |
| Role: Windows Hyper-V | CVE-2024-49117 | Windows Hyper-V Remote Code Execution Vulnerability | Critical |
| System Center Operations Manager | CVE-2024-43594 | System Center Operations Manager Elevation of Privilege Vulnerability | Important |
| Windows Cloud Files Mini Filter Driver | CVE-2024-49114 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | Important |
| Windows Common Log File System Driver | CVE-2024-49088 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important |
| Windows Common Log File System Driver | CVE-2024-49138 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important |
| Windows Common Log File System Driver | CVE-2024-49090 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important |
| Windows File Explorer | CVE-2024-49082 | Windows File Explorer Information Disclosure Vulnerability | Important |
| Windows IP Routing Management Snapin | CVE-2024-49080 | Windows IP Routing Management Snapin Remote Code Execution Vulnerability | Important |
| Windows Kernel | CVE-2024-49084 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel-Mode Drivers | CVE-2024-49074 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | Important |
| Windows LDAP - Lightweight Directory Access Protocol | CVE-2024-49121 | Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | Important |
| Windows LDAP - Lightweight Directory Access Protocol | CVE-2024-49124 | Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability | Critical |
| Windows LDAP - Lightweight Directory Access Protocol | CVE-2024-49112 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | Critical |
| Windows LDAP - Lightweight Directory Access Protocol | CVE-2024-49113 | Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | Important |
| Windows LDAP - Lightweight Directory Access Protocol | CVE-2024-49127 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | Critical |
| Windows Local Security Authority Subsystem Service (LSASS) | CVE-2024-49126 | Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability | Critical |
| Windows Message Queuing | CVE-2024-49118 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | Critical |
| Windows Message Queuing | CVE-2024-49122 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | Critical |
| Windows Message Queuing | CVE-2024-49096 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | Important |
| Windows Mobile Broadband | CVE-2024-49073 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability | Important |
| Windows Mobile Broadband | CVE-2024-49077 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability | Important |
| Windows Mobile Broadband | CVE-2024-49083 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability | Important |
| Windows Mobile Broadband | CVE-2024-49092 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability | Important |
| Windows Mobile Broadband | CVE-2024-49087 | Windows Mobile Broadband Driver Information Disclosure Vulnerability | Important |
| Windows Mobile Broadband | CVE-2024-49110 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability | Important |
| Windows Mobile Broadband | CVE-2024-49078 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability | Important |
| Windows PrintWorkflowUserSvc | CVE-2024-49095 | Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability | Important |
| Windows PrintWorkflowUserSvc | CVE-2024-49097 | Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability | Important |
| Windows Remote Desktop | CVE-2024-49132 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Critical |
| Windows Remote Desktop Services | CVE-2024-49115 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Critical |
| Windows Remote Desktop Services | CVE-2024-49116 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Critical |
| Windows Remote Desktop Services | CVE-2024-49123 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Critical |
| Windows Remote Desktop Services | CVE-2024-49129 | Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability | Important |
| Windows Remote Desktop Services | CVE-2024-49075 | Windows Remote Desktop Services Denial of Service Vulnerability | Important |
| Windows Remote Desktop Services | CVE-2024-49128 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Critical |
| Windows Remote Desktop Services | CVE-2024-49106 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Critical |
| Windows Remote Desktop Services | CVE-2024-49108 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Critical |
| Windows Remote Desktop Services | CVE-2024-49119 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Critical |
| Windows Remote Desktop Services | CVE-2024-49120 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Critical |
| Windows Resilient File System (ReFS) | CVE-2024-49093 | Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2024-49085 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2024-49086 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2024-49089 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2024-49125 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2024-49104 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2024-49102 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Task Scheduler | CVE-2024-49072 | Windows Task Scheduler Elevation of Privilege Vulnerability | Important |
| Windows Virtualization-Based Security (VBS) Enclave | CVE-2024-49076 | Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability | Important |
| Windows Wireless Wide Area Network Service | CVE-2024-49081 | Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability | Important |
| Windows Wireless Wide Area Network Service | CVE-2024-49103 | Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability | Important |
| Windows Wireless Wide Area Network Service | CVE-2024-49111 | Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability | Important |
| Windows Wireless Wide Area Network Service | CVE-2024-49109 | Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability | Important |
| Windows Wireless Wide Area Network Service | CVE-2024-49101 | Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability | Important |
| Windows Wireless Wide Area Network Service | CVE-2024-49094 | Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability | Important |
| Windows Wireless Wide Area Network Service | CVE-2024-49098 | Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability | Important |
| Windows Wireless Wide Area Network Service | CVE-2024-49099 | Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability | Important |
| WmsRepair Service | CVE-2024-49107 | WmsRepair Service Elevation of Privilege Vulnerability | Important |
文章来源: https://www.bleepingcomputer.com/news/microsoft/microsoft-december-2024-patch-tuesday-fixes-1-exploited-zero-day-71-flaws/
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh