This month Microsoft released patches for 71 vulnerabilities with 16 rated “Critical” in severity.

All new patches will be approved in our patch policy.

Microsoft has released fixes for 71 vulnerabilities with one zero-day.

In total Microsoft released patches for over 1,000 CVEs in 2024!

• CVE-2024-49138 is rated as Important but is publicly known and under active attack. This zero-day vulnerability affects the Windows Common Log File System Driver (CLFS) driver which could let an authenticated attacker gain “system” level privileges.
• CVE-2024-49112 is a remote code execution flaw in the Lightweight Directory Access Protocol (LDAP) affecting all versions of Windows.
• CVE-2024-49117 is Windows Hyper-V remote code execution vulnerability.
• CVE-2024-49118 and CVE-2024-49122 are remote code execution vulnerabilities in Microsoft Message Queuing (MSMQ). Over half of the 16 critical vulnerabilities affect Windows Remote Desktop Services. One new Security Advisory ADV240002. No new stand-alone SSUs.

Disclosed: CVE-2024-49138

Exploited: CVE-2024-49138

Security Update Guide

https://msrc.microsoft.com/update-guide/en-us

Microsoft Security Advisories

ADV240002 | Microsoft Office Defense in Depth Update (Published:12/10/2024)

https://msrc.microsoft.com/update-guide/vulnerability/ADV240002

Reason for Revision: Microsoft has released an update for Microsoft Office that provides enhanced security as a defense in depth measure.

Heads Up! Server 2019/2022 upgrading to 2025

Last Month we warned about KB5044284 spontaneously upgrading 2019 and 2022 servers to 2025. Although we have not seen this issue with agents under our management Kaseya did confirm they have had reports. They were not able to provide details on the conditions they occurred but advise admins to block/suppress KB5044284. We have not seen or read of similar issues with any other patches – new or old.

FYI Microsoft no longer enforcing minimum system requirements for Windows 11 upgrades

Windows 11 on devices that don’t meet minimum system requirements

https://support.microsoft.com/en-us/windows/windows-11-on-devices-that-don-t-meet-minimum-system-requirements-0b2dc4a2-5933-4ad4-9c09-ef0a331518f1

NOTE: “Devices that don’t meet these system requirements might malfunction due to compatibility or other issues. Additionally, these devices aren’t guaranteed to receive updates, including but not limited to security updates.”

Known Issues

Microsoft is not reporting problems with this month’s releases

Microsoft continues to list unresolved older problems under the Known Issues for new patches. So if you have not yet experienced one of these issues it is unlikely it will occur now.

Good resource for known issues with Windows 10/11 patches. Find the version and click on “Known issues”.

Windows release health

https://docs.microsoft.com/en-us/windows/release-health/

Monthly Rollup/Security Only/Windows 10,11/Server 2016,2019,2022,2025 KBs

Links are https://support.microsoft.com/en-us/help/####### with the KB number only.

Security and Quality Rollup

• KB5048735 – Windows Server 2012 R2 (ESU)
• KB5048699 – Windows Server 2012 (ESU)

Cumulative Updates

Windows 10

• KB5048703 – Original release version 1507 (OS Build 10240)
• KB5048671 – Version 1607 “Anniversary Update” (OS Build 14393)
• KB5048661 – Version 1809 “October 2018 Update” (OS Build 17763)
• KB5048652 – Version 21H2 “November 2021 Update” (OS Build 19044)
• KB5048652 – Version 22H2 “November 2022 Update” (OS Build 19045)

(Versions 1511,1703,1709,1803,1903,1909,2004,20H2,21H1 are no longer under support)

Windows 11

• KB5048685 – 22H2 (OS Build 22621)
• KB5048685 – 23H2 (OS Build 22631)
• KB5048667 – 24H2 (OS Build 26100)

(Version 21H2 is no longer under support)

Windows Server

• KB5048671 – Server 2016 (same KB as Windows 10 Version 1607)
• KB5048661 – Server 2019 (same KB as Windows 10 Version 1809)
• KB5048654 – Server 2022 (OS Build 20348)
• KB5048653 – Server 23H2 (OS Build 25398)
• KB5048667 – Server 2025 (OS Build 26100)

December 2024 updates for Microsoft Office

https://support.microsoft.com/en-us/topic/december-2024-updates-for-microsoft-office-253f4042-3b99-4952-8fda-4a7e4a40e971

Notable CVEs

CVE-2024-49106 | Windows Remote Desktop Services Remote Code Execution Vulnerability (Cumulative Update)

https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-49106

Successful exploitation of this vulnerability requires an attacker to win a race condition. An attacker could successfully exploit this vulnerability by connecting to a system with the Remote Desktop Gateway role, triggering the race condition to create a use-after-free scenario, and then leveraging this to execute arbitrary code.

CVE-2024-49112 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability (Cumulative Update/Monthly Rollup)

https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-49112

This vulnerability affects both LDAP clients and servers running an affected version of Windows listed in the Security Updates table. Customers must apply the latest security update for their Windows version to be protected against this vulnerability.

CVE-2024-49117 | Windows Hyper-V Remote Code Execution Vulnerability (Cumulative Update)

https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-49117

This vulnerability would require an authenticated attacker on a guest VM to send specially crafted file operation requests on the VM to hardware resources on the VM which could result in remote code execution on the host server.

CVE-2024-49118/CVE-2024-49122 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability (Cumulative Update/Monthly Rollup)

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49118

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49122

Successful exploitation of this vulnerability requires an attacker to win a race condition during the execution of a specific operation that recurs in a low frequency on the target system. This might require an attacker to invest a significant amount of time to exploit the vulnerability if the race condition is not won.

CVE-2024-49126 | Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability (Cumulative Update/Monthly Rollup)

https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-49126

Successful exploitation of this vulnerability requires an attacker to win a race condition. The attacker for this vulnerability could target the server accounts in an arbitrary or remote code execution and attempt to trigger malicious code in the context of the server’s account through a network call. The attacker needs no privileges nor does the user need to perform any action.

CVE-2024-49138 | Windows Common Log File System Driver Elevation of Privilege Vulnerability (Cumulative Update/Monthly Rollup)

https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-49138

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.