December 10, 2024 at 06:09PM
Microsoft’s December 2024 Patch Tuesday introduces a significant security update addressing a Windows zero-day vulnerability (CVE-2024-49138) and 71 patches, bringing the year’s total to 1,020. Critical issues involve exploits in LDAP, Hyper-V, and RDP services, necessitating immediate action from security administrators to mitigate risks.
### Meeting Takeaways – December 2024 Microsoft Security Update
**Overview:**
– Microsoft released a substantial security update for December 2024, addressing a total of **71 vulnerabilities** (CVEs) across various products, notably including Windows, Office, SharePoint, and Hyper-V.
– The cumulative number of patches for the year now totals **1,020**, making it the second-highest total since 2020.
**Key Vulnerabilities:**
1. **Critical Vulnerabilities Overview:**
– **CVE-2024-49112** (LDAP RCE, CVSS 9.8): Allows unauthenticated remote code execution on Domain Controllers. Recommended mitigation includes disconnecting from the Internet and quickly deploying the patch.
– **CVE-2024-49117** (Hyper-V RCE, CVSS 8.8): Let’s an authenticated user execute code on the host OS from a guest VM. Patching is crucial, as basic authentication suffices for exploitation.
– **Remote Desktop Services (RDS)**:
– Nine critical vulnerabilities in RDS identified, including **CVE-2024-49132** (Use After Free, CVSS 8.1), which can allow RCE if exploited under specific conditions. Other critical bugs also emphasize poor memory management and operational handling in RDP components.
2. **Zero-Day Vulnerabilities:**
– **CVE-2024-49138** (CLFS Privilege Escalation, CVSS 7.8): An actively exploited zero-day that could enable system-level privileges. Highlighted as a potential target for ransomware operators.
3. **Additional Vulnerabilities:**
– **CVE-2024-49093** (EoP in ReFS, CVSS 8.8): Allows privilege escalation from a low-privilege app container to broader system access, posing risks for lateral movement across environments.
– **CVE-2024-49063** (RCE in Musik, CVSS not specified): Involves a deserialization vulnerability that could allow code execution.
**Recommendations:**
– Organizations are urged to prioritize patching the critical vulnerabilities, especially those concerning LDAP, RDP, and Hyper-V.
– Security controls should be robust, particularly regarding RDP service exposure to the Internet.
– Continuous monitoring for signs of exploitation, particularly with the highlighted zero-day vulnerabilities, is recommended.
### Conclusion:
The December 2024 Patch Tuesday reflects significant security challenges, particularly for Windows and related services. Immediate action on patching and mitigation strategies is essential for maintaining network security.