Microsoft’s December 2024 Patch Tuesday addresses 71 documented security vulnerabilities across Windows and related products.
The collection of fixes includes one zero-day vulnerability actively exploited prior to the release of official patches.
In total, Microsoft’s updates remediate 27 elevation-of-privilege weaknesses, 30 remote code execution vulnerabilities, 7 information disclosure flaws, 5 denial-of-service issues, and 1 spoofing vulnerability.
Sixteen of these vulnerabilities are classified as critical, all involving remote code execution risks.
Windows Common Log File System Driver Zero-Day
A central focus of this update cycle is a zero-day vulnerability affecting the Windows Common Log File System (CLFS) driver, which attackers had exploited before the availability of an official fix.
By manipulating the CLFS driver’s memory management routines, attackers could gain SYSTEM-level privileges, potentially bypassing security controls and executing arbitrary code at the highest privilege level. Microsoft’s documentation identifies this flaw as CVE-2024-49138.
Other Microsoft Fixes
Beyond the CLFS zero-day, the December updates resolve other remote code execution issues, including those affecting Microsoft Message Queuing (MSMQ) and Windows Remote Desktop Services. (See the complete table below)
For example, vulnerabilities in MSMQ (CVE-2024-49118, CVE-2024-49122) and Windows Remote Desktop Services (CVE-2024-49106, CVE-2024-49108, CVE-2024-49115, CVE-2024-49116, CVE-2024-49119, CVE-2024-49120, CVE-2024-49123, CVE-2024-49128, CVE-2024-49132) could allow attackers to execute malicious code remotely, potentially compromising systems if not promptly patched.
Issues affecting LDAP (Lightweight Directory Access Protocol) components in Windows present both remote code execution and denial-of-service risks.
Vulnerabilities such as CVE-2024-49112, CVE-2024-49124, and CVE-2024-49127 highlight how attackers could potentially abuse directory services to escalate privileges or halt operations.
Elevation of Privilege Vulnerabilities
The December updates also address multiple elevation of privilege vulnerabilities across various Windows components.
Examples include issues in Windows Kernel-Mode Drivers (CVE-2024-49074) and the Windows Cloud Files Mini Filter Driver (CVE-2024-49114). Exploiting these could allow attackers with limited access to gain more powerful control over targeted systems.
Additionally, vulnerabilities in Windows Wireless Wide Area Network Service (CVE-2024-49081, CVE-2024-49101, CVE-2024-49109, CVE-2024-49111, CVE-2024-49094, CVE-2024-49098, CVE-2024-49099, CVE-2024-49103) and Windows Mobile Broadband (CVE-2024-49073, CVE-2024-49077, CVE-2024-49083, CVE-2024-49092, CVE-2024-49087, CVE-2024-49110, CVE-2024-49078) emphasize the importance of securing networking services against privilege escalation attempts and information disclosure.
Additional issues cover a broad set of Microsoft products, including Microsoft Office and SharePoint. Updates fix remote code execution flaws in Microsoft Access (CVE-2024-49142), Excel (CVE-2024-49069), Word (CVE-2024-49065), Publisher (CVE-2024-49079), and SharePoint (CVE-2024-49070).
There are also information disclosure and elevation of privilege vulnerabilities in SharePoint (CVE-2024-49064, CVE-2024-49062, CVE-2024-49068) and Office as a whole (CVE-2024-49059, CVE-2024-43600).
A defense in depth update is also available for Microsoft Office (ADV240002) to enhance overall security posture.
Other addressed vulnerabilities involve Windows Hyper-V (CVE-2024-49117) and DNS (CVE-2024-49091), each capable of enabling remote code execution under particular conditions.
Updates to Windows IP Routing Management Snapin (CVE-2024-49080) and Windows Routing and Remote Access Service (CVE-2024-49085, CVE-2024-49086, CVE-2024-49089, CVE-2024-49125, CVE-2024-49104, CVE-2024-49102) mitigate potential network-level code execution pathways.
Additional elevation of privilege vulnerabilities are resolved in components like Windows Task Scheduler (CVE-2024-49072) and Windows PrintWorkflowUserSvc (CVE-2024-49095, CVE-2024-49097).
Critical remote code execution flaws also affect Windows Local Security Authority Subsystem Service (LSASS) (CVE-2024-49126) and Windows Hyper-V, while the Windows Resilient File System (ReFS) elevation of privilege vulnerability (CVE-2024-49093) and other components reinforce the necessity of systematic patching.
Microsoft December 2024 Patch Tuesday Fixes
Product | CVE ID | CVE Title | Severity |
---|---|---|---|
GitHub | CVE-2024-49063 | Microsoft/Muzic Remote Code Execution Vulnerability | Important |
Microsoft Defender for Endpoint | CVE-2024-49057 | Microsoft Defender for Endpoint on Android Spoofing Vulnerability | Important |
Microsoft Edge (Chromium-based) | CVE-2024-12053 | Chromium: CVE-2024-12053 Type Confusion in V8 | Unknown |
Microsoft Edge (Chromium-based) | CVE-2024-49041 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | Moderate |
Microsoft Office | ADV240002 | Microsoft Office Defense in Depth Update | Moderate |
Microsoft Office | CVE-2024-49059 | Microsoft Office Elevation of Privilege Vulnerability | Important |
Microsoft Office | CVE-2024-43600 | Microsoft Office Elevation of Privilege Vulnerability | Important |
Microsoft Office Access | CVE-2024-49142 | Microsoft Access Remote Code Execution Vulnerability | Important |
Microsoft Office Excel | CVE-2024-49069 | Microsoft Excel Remote Code Execution Vulnerability | Important |
Microsoft Office Publisher | CVE-2024-49079 | Input Method Editor (IME) Remote Code Execution Vulnerability | Important |
Microsoft Office SharePoint | CVE-2024-49064 | Microsoft SharePoint Information Disclosure Vulnerability | Important |
Microsoft Office SharePoint | CVE-2024-49062 | Microsoft SharePoint Information Disclosure Vulnerability | Important |
Microsoft Office SharePoint | CVE-2024-49068 | Microsoft SharePoint Elevation of Privilege Vulnerability | Important |
Microsoft Office SharePoint | CVE-2024-49070 | Microsoft SharePoint Remote Code Execution Vulnerability | Important |
Microsoft Office Word | CVE-2024-49065 | Microsoft Office Remote Code Execution Vulnerability | Important |
Role: DNS Server | CVE-2024-49091 | Windows Domain Name Service Remote Code Execution Vulnerability | Important |
Role: Windows Hyper-V | CVE-2024-49117 | Windows Hyper-V Remote Code Execution Vulnerability | Critical |
System Center Operations Manager | CVE-2024-43594 | System Center Operations Manager Elevation of Privilege Vulnerability | Important |
Windows Cloud Files Mini Filter Driver | CVE-2024-49114 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | Important |
Windows Common Log File System Driver | CVE-2024-49088 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important |
Windows Common Log File System Driver | CVE-2024-49138 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important |
Windows Common Log File System Driver | CVE-2024-49090 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important |
Windows File Explorer | CVE-2024-49082 | Windows File Explorer Information Disclosure Vulnerability | Important |
Windows IP Routing Management Snapin | CVE-2024-49080 | Windows IP Routing Management Snapin Remote Code Execution Vulnerability | Important |
Windows Kernel | CVE-2024-49084 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Windows Kernel-Mode Drivers | CVE-2024-49074 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | Important |
Windows LDAP – Lightweight Directory Access Protocol | CVE-2024-49121 | Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | Important |
Windows LDAP – Lightweight Directory Access Protocol | CVE-2024-49124 | Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability | Critical |
Windows LDAP – Lightweight Directory Access Protocol | CVE-2024-49112 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | Critical |
Windows LDAP – Lightweight Directory Access Protocol | CVE-2024-49113 | Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | Important |
Windows LDAP – Lightweight Directory Access Protocol | CVE-2024-49127 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | Critical |
Windows Local Security Authority Subsystem Service (LSASS) | CVE-2024-49126 | Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability | Critical |
Windows Message Queuing | CVE-2024-49118 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | Critical |
Windows Message Queuing | CVE-2024-49122 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | Critical |
Windows Message Queuing | CVE-2024-49096 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | Important |
Windows Mobile Broadband | CVE-2024-49073 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability | Important |
Windows Mobile Broadband | CVE-2024-49077 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability | Important |
Windows Mobile Broadband | CVE-2024-49083 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability | Important |
Windows Mobile Broadband | CVE-2024-49092 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability | Important |
Windows Mobile Broadband | CVE-2024-49087 | Windows Mobile Broadband Driver Information Disclosure Vulnerability | Important |
Windows Mobile Broadband | CVE-2024-49110 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability | Important |
Windows Mobile Broadband | CVE-2024-49078 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability | Important |
Windows PrintWorkflowUserSvc | CVE-2024-49095 | Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability | Important |
Windows PrintWorkflowUserSvc | CVE-2024-49097 | Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability | Important |
Windows Remote Desktop | CVE-2024-49132 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Critical |
Windows Remote Desktop Services | CVE-2024-49115 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Critical |
Windows Remote Desktop Services | CVE-2024-49116 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Critical |
Windows Remote Desktop Services | CVE-2024-49123 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Critical |
Windows Remote Desktop Services | CVE-2024-49129 | Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability | Important |
Windows Remote Desktop Services | CVE-2024-49075 | Windows Remote Desktop Services Denial of Service Vulnerability | Important |
Windows Remote Desktop Services | CVE-2024-49128 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Critical |
Windows Remote Desktop Services | CVE-2024-49106 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Critical |
Windows Remote Desktop Services | CVE-2024-49108 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Critical |
Windows Remote Desktop Services | CVE-2024-49119 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Critical |
Windows Remote Desktop Services | CVE-2024-49120 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Critical |
Windows Resilient File System (ReFS) | CVE-2024-49093 | Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability | Important |
Windows Routing and Remote Access Service (RRAS) | CVE-2024-49085 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
Windows Routing and Remote Access Service (RRAS) | CVE-2024-49086 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
Windows Routing and Remote Access Service (RRAS) | CVE-2024-49089 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
Windows Routing and Remote Access Service (RRAS) | CVE-2024-49125 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
Windows Routing and Remote Access Service (RRAS) | CVE-2024-49104 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
Windows Routing and Remote Access Service (RRAS) | CVE-2024-49102 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
Windows Task Scheduler | CVE-2024-49072 | Windows Task Scheduler Elevation of Privilege Vulnerability | Important |
Windows Virtualization-Based Security (VBS) Enclave | CVE-2024-49076 | Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability | Important |
Windows Wireless Wide Area Network Service | CVE-2024-49081 | Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability | Important |
Windows Wireless Wide Area Network Service | CVE-2024-49103 | Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability | Important |
Windows Wireless Wide Area Network Service | CVE-2024-49111 | Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability | Important |
Windows Wireless Wide Area Network Service | CVE-2024-49109 | Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability | Important |
Windows Wireless Wide Area Network Service | CVE-2024-49101 | Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability | Important |
Windows Wireless Wide Area Network Service | CVE-2024-49094 | Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability | Important |
Windows Wireless Wide Area Network Service | CVE-2024-49098 | Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability | Important |
Windows Wireless Wide Area Network Service | CVE-2024-49099 | Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability | Important |
WmsRepair Service | CVE-2024-49107 | WmsRepair Service Elevation of Privilege Vulnerability | Important |