Patch Tuesday Update - December 2024

By Mieng Lim

FVM will include the Microsoft Patch Tuesday checks in the NIRV 4.56.0 and FVM Agent 2.17.

  • Microsoft addressed 70 vulnerabilities this release, including 16 rated as Critical.
  • CVE-2024-49138 - Microsoft has disclosed an actively exploited vulnerability that allows attackers to gain SYSTEM privileges on Windows devices. No further information is provided from Microsoft on how the security vulnerability was exploited in attacks at this moment.
CVE/Advisory Title Tag Microsoft Severity Rating Base Score Microsoft Impact Exploited Publicly Disclosed
CVE-2024-43594 System Center Operations Manager Elevation of Privilege Vulnerability System Center Operations Manager Important 7.3 Elevation of Privilege No No
CVE-2024-49057 Microsoft Defender for Endpoint on Android Spoofing Vulnerability Microsoft Defender for Endpoint Important 8.1 Spoofing No No
CVE-2024-49059 Microsoft Office Elevation of Privilege Vulnerability Microsoft Office Important 7 Elevation of Privilege No No
CVE-2024-49064 Microsoft SharePoint Information Disclosure Vulnerability Microsoft Office SharePoint Important 6.5 Information Disclosure No No
CVE-2024-49068 Microsoft SharePoint Elevation of Privilege Vulnerability Microsoft Office SharePoint Important 8.2 Elevation of Privilege No No
CVE-2024-49069 Microsoft Excel Remote Code Execution Vulnerability Microsoft Office Excel Important 7.8 Remote Code Execution No No
CVE-2024-49070 Microsoft SharePoint Remote Code Execution Vulnerability Microsoft Office SharePoint Important 7.4 Remote Code Execution No No
CVE-2024-49073 Windows Mobile Broadband Driver Elevation of Privilege Vulnerability Windows Mobile Broadband Important 6.8 Elevation of Privilege No No
CVE-2024-49074 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Windows Kernel-Mode Drivers Important 7.8 Elevation of Privilege No No
CVE-2024-49084 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Important 7 Elevation of Privilege No No
CVE-2024-49085 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Important 8.8 Remote Code Execution No No
CVE-2024-49086 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Important 8.8 Remote Code Execution No No
CVE-2024-49087 Windows Mobile Broadband Driver Information Disclosure Vulnerability Windows Mobile Broadband Important 4.6 Information Disclosure No No
CVE-2024-49089 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Important 7.2 Remote Code Execution No No
CVE-2024-49091 Windows  Domain Name Service Remote Code Execution Vulnerability Role: DNS Server Important 7.2 Remote Code Execution No No
CVE-2024-49092 Windows Mobile Broadband Driver Elevation of Privilege Vulnerability Windows Mobile Broadband Important 6.8 Elevation of Privilege No No
CVE-2024-49093 Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability Windows Resilient File System (ReFS) Important 8.8 Elevation of Privilege No No
CVE-2024-49094 Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability Windows Wireless Wide Area Network Service Important 6.6 Elevation of Privilege No No
CVE-2024-49096 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability Windows Message Queuing Important 7.5 Denial of Service No No
CVE-2024-49097 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability Windows PrintWorkflowUserSvc Important 7 Elevation of Privilege No No
CVE-2024-49098 Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability Windows Wireless Wide Area Network Service Important 4.3 Information Disclosure No No
CVE-2024-49099 Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability Windows Wireless Wide Area Network Service Important 4.3 Information Disclosure No No
CVE-2024-49101 Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability Windows Wireless Wide Area Network Service Important 6.6 Elevation of Privilege No No
CVE-2024-49102 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Important 8.8 Remote Code Execution No No
CVE-2024-49103 Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability Windows Wireless Wide Area Network Service Important 4.3 Information Disclosure No No
CVE-2024-49104 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Important 8.8 Remote Code Execution No No
CVE-2024-49106 Windows Remote Desktop Services Remote Code Execution Vulnerability Windows Remote Desktop Services Critical 8.1 Remote Code Execution No No
CVE-2024-49107 WmsRepair Service Elevation of Privilege Vulnerability WmsRepair Service Important 7.3 Elevation of Privilege No No
CVE-2024-49108 Windows Remote Desktop Services Remote Code Execution Vulnerability Windows Remote Desktop Services Critical 8.1 Remote Code Execution No No
CVE-2024-49111 Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability Windows Wireless Wide Area Network Service Important 6.6 Elevation of Privilege No No
CVE-2024-49115 Windows Remote Desktop Services Remote Code Execution Vulnerability Windows Remote Desktop Services Critical 8.1 Remote Code Execution No No
CVE-2024-49117 Windows Hyper-V Remote Code Execution Vulnerability Role: Windows Hyper-V Critical 8.8 Remote Code Execution No No
CVE-2024-49119 Windows Remote Desktop Services Remote Code Execution Vulnerability Windows Remote Desktop Services Critical 8.1 Remote Code Execution No No
CVE-2024-49120 Windows Remote Desktop Services Remote Code Execution Vulnerability Windows Remote Desktop Services Critical 8.1 Remote Code Execution No No
CVE-2024-49121 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability Windows LDAP - Lightweight Directory Access Protocol Important 7.5 Denial of Service No No
CVE-2024-49122 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability Windows Message Queuing Critical 8.1 Remote Code Execution No No
CVE-2024-49123 Windows Remote Desktop Services Remote Code Execution Vulnerability Windows Remote Desktop Services Critical 8.1 Remote Code Execution No No
CVE-2024-49124 Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability Windows LDAP - Lightweight Directory Access Protocol Critical 8.1 Remote Code Execution No No
CVE-2024-49125 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Important 8.8 Remote Code Execution No No
CVE-2024-49126 Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability Windows Local Security Authority Subsystem Service (LSASS) Critical 8.1 Remote Code Execution No No
CVE-2024-49129 Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability Windows Remote Desktop Services Important 7.5 Denial of Service No No
CVE-2024-49132 Windows Remote Desktop Services Remote Code Execution Vulnerability Windows Remote Desktop Critical 8.1 Remote Code Execution No No
CVE-2024-49142 Microsoft Access Remote Code Execution Vulnerability Microsoft Office Access Important 7.8 Remote Code Execution No No
CVE-2024-43600 Microsoft Office Elevation of Privilege Vulnerability Microsoft Office Important 7.8 Elevation of Privilege No No
CVE-2024-49062 Microsoft SharePoint Information Disclosure Vulnerability Microsoft Office SharePoint Important 6.5 Information Disclosure No No
CVE-2024-49063 Microsoft/Muzic Remote Code Execution Vulnerability GitHub Important 8.4 Remote Code Execution No No
CVE-2024-49065 Microsoft Office Remote Code Execution Vulnerability Microsoft Office Word Important 5.5 Remote Code Execution No No
CVE-2024-49072 Windows Task Scheduler Elevation of Privilege Vulnerability Windows Task Scheduler Important 7.8 Elevation of Privilege No No
CVE-2024-49075 Windows Remote Desktop Services Denial of Service Vulnerability Windows Remote Desktop Services Important 7.5 Denial of Service No No
CVE-2024-49076 Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability Windows Virtualization-Based Security (VBS) Enclave Important 7.8 Elevation of Privilege No No
CVE-2024-49077 Windows Mobile Broadband Driver Elevation of Privilege Vulnerability Windows Mobile Broadband Important 6.8 Elevation of Privilege No No
CVE-2024-49078 Windows Mobile Broadband Driver Elevation of Privilege Vulnerability Windows Mobile Broadband Important 6.8 Elevation of Privilege No No
CVE-2024-49079 Input Method Editor (IME) Remote Code Execution Vulnerability Microsoft Office Publisher Important 7.8 Remote Code Execution No No
CVE-2024-49080 Windows IP Routing Management Snapin Remote Code Execution Vulnerability Windows IP Routing Management Snapin Important 8.8 Remote Code Execution No No
CVE-2024-49081 Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability Windows Wireless Wide Area Network Service Important 6.6 Elevation of Privilege No No
CVE-2024-49082 Windows File Explorer Information Disclosure Vulnerability Windows File Explorer Important 6.8 Information Disclosure No No
CVE-2024-49083 Windows Mobile Broadband Driver Elevation of Privilege Vulnerability Windows Mobile Broadband Important 6.8 Elevation of Privilege No No
CVE-2024-49088 Windows Common Log File System Driver Elevation of Privilege Vulnerability Windows Common Log File System Driver Important 7.8 Elevation of Privilege No No
CVE-2024-49090 Windows Common Log File System Driver Elevation of Privilege Vulnerability Windows Common Log File System Driver Important 7.8 Elevation of Privilege No No
CVE-2024-49095 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability Windows PrintWorkflowUserSvc Important 7 Elevation of Privilege No No
CVE-2024-49109 Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability Windows Wireless Wide Area Network Service Important 6.6 Elevation of Privilege No No
CVE-2024-49110 Windows Mobile Broadband Driver Elevation of Privilege Vulnerability Windows Mobile Broadband Important 6.8 Elevation of Privilege No No
CVE-2024-49112 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability Windows LDAP - Lightweight Directory Access Protocol Critical 9.8 Remote Code Execution No No
CVE-2024-49113 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability Windows LDAP - Lightweight Directory Access Protocol Important 7.5 Denial of Service No No
CVE-2024-49114 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Windows Cloud Files Mini Filter Driver Important 7.8 Elevation of Privilege No No
CVE-2024-49116 Windows Remote Desktop Services Remote Code Execution Vulnerability Windows Remote Desktop Services Critical 8.1 Remote Code Execution No No
CVE-2024-49118 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability Windows Message Queuing Critical 8.1 Remote Code Execution No No
CVE-2024-49127 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability Windows LDAP - Lightweight Directory Access Protocol Critical 8.1 Remote Code Execution No No
CVE-2024-49128 Windows Remote Desktop Services Remote Code Execution Vulnerability Windows Remote Desktop Services Critical 8.1 Remote Code Execution No No
CVE-2024-49138 Windows Common Log File System Driver Elevation of Privilege Vulnerability Windows Common Log File System Driver Important 7.8 Elevation of Privilege Yes Yes

Quickly Find and Fix Your Most At-Risk Weaknesses

Watch this demo to see how Fortra VM can help.

WATCH THE VIDEO

Share This