High Threat Security Alert (A24-12-07): Multiple Vulnerabilities in Microsoft Products (December 2024)

Description:

Microsoft has released security updates addressing multiple vulnerabilities which affect several Microsoft products or components. The list of security updates can be found at:
This link will open in a new windowhttps://msrc.microsoft.com/update-guide/releaseNote/2024-Dec

Reports indicated that the elevation of privilege vulnerability (CVE-2024-49138) in Microsoft Windows and Server is being exploited in the wild, with its technical details publicly disclosed. In addition, multiple remote code execution vulnerabilities (CVE-2024-49112, CVE-2024-49117 and CVE-2024-49122) in Microsoft Windows and Server are also at a high risk of exploitation. System administrators and users are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.

Affected Systems:

• Microsoft Windows 10, 11
• Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016, 2019, 2022, 2022, 23H2 Edition, 2025
• Microsoft Office 2016, 2019, LTSC 2021, LTSC 2024, LTSC for Mac 2021, LTSC for Mac 2024
• Microsoft Excel 2016
• Microsoft Word 2016
• Microsoft 365 Apps for Enterprise
• Microsoft Access 2016
• Microsoft SharePoint Enterprise Server 2016
• Microsoft SharePoint Server 2019, Subscription Edition
• Microsoft Project 2016
• Microsoft Defender for Endpoint for Android
• Microsoft/Muzic
• Remote Desktop client for Windows Desktop
• System Center Operations Manager (SCOM) 2019, 2022, 2025
• Windows App Client for Windows Desktop

Impact:

Successful exploitation of the vulnerabilities could lead to remote code execution, denial of service, elevation of privilege, information disclosure or spoofing on an affected system.

Recommendation:

Patches for affected systems are available from the Windows Update / Microsoft Update Catalog. System administrators and users of affected systems should follow the recommendations provided by the vendor and take immediate actions to mitigate the risk.

More Information:

• This link will open in a new windowhttps://msrc.microsoft.com/update-guide/releaseNote/2024-Dec
• This link will open in a new windowhttps://www.hkcert.org/security-bulletin/microsoft-monthly-security-update-december-2024
• This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43594
• This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43600
• This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49057
• This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49059
• This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49062 (to CVE-2024-49065)
• This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49068 (to CVE-2024-49070)
• This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49072 (to CVE-2024-49099)
• This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49101 (to CVE-2024-49129)
• This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49132
• This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49138
• This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49142