- 331/2024
- Critical
Microsoft has released its monthly patch of security updates, known as Patch Tuesday. The mentioned patch addressed one zero-day vulnerability.
Microsoft has fixed (72) vulnerabilities, with (1) classified as critical as they could allow the attacker to conduct spoofing attacks, gain elevated privileges, perform denial of service attacks, obtain sensitive information, or execute arbitrary code and gain access to the affected systems.
December’s Patch Tuesday was released to fix security flaws in several Microsoft products such as Microsoft Office, Windows Common Log File System Driver, Windows File Explorer, Windows Kernel, Microsoft Defender for Endpoint, Microsoft Edge (Chromium-based), Windows LDAP – Lightweight Directory Access Protocol, Windows Message Queuing, Windows Mobile Broadband, Windows Remote Desktop, Windows Routing and Remote Access Service (RRAS), Windows Wireless Wide Area Network Service System Center Operations Manager, and Windows Task Scheduler.
The actively exploited zero-day vulnerability in December’s Patch is:
- Windows Common Log File System Driver Elevation of Privilege Vulnerability “CVE-2024-49138” allows attackers to gain SYSTEM privileges on Windows devices.
Sample of the addressed vulnerabilities:
1. Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability (CVE-2024-49112):
- CVSS: 9.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
2. Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability (CVE-2024-49093):
- CVSS: 8.8
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Privileges
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.