Microsoft’s December 2024 Patch Tuesday includes security updates addressing 71 vulnerabilities, including 16 critical remote code execution flaws and one actively exploited zero-day vulnerability. The actively exploited zero-day vulnerability, CVE-2024-49138, allows attackers to gain SYSTEM privileges on Windows devices.
Microsoft December 2024 Patch Tuesday Technical Overview
Key Vulnerabilities
CVE-2024-49138: Windows Common Log File System Driver Elevation of Privilege Vulnerability
- Severity: Critical
- Impact: Enables attackers to escalate privileges to SYSTEM level.
- Exploitation: Actively exploited in the wild, allowing threat actors to take full control of affected devices.
- Resolution: Patched as part of this month’s updates.
Other Vulnerabilities Addressed:
- 27 Elevation of Privilege Vulnerabilities
- 30 Remote Code Execution Vulnerabilities
- 7 Information Disclosure Vulnerabilities
- 5 Denial of Service Vulnerabilities
- 1 Spoofing Vulnerability
What We Suggest for Microsoft December 2024 Patch Tuesday
- Update Systems Immediately:
- Apply the December 2024 updates to protect against CVE-2024-49138 and other vulnerabilities.
- Ensure that Windows 11 and Windows 10 systems receive the latest cumulative updates (KB5048667, KB5048685, and KB5048652).
- Monitor for Suspicious Activity:
- Implement endpoint detection and response (EDR) tools to identify exploitation attempts targeting the Common Log File System Driver.
- Strengthen Access Controls:
- Limit privileges for user accounts and applications to reduce potential exposure to privilege escalation vulnerabilities.
DIFEND WITH CONFIDENCE