High Threat Security Alert (A24-12-07): Multiple Vulnerabilities in Microsoft Products (December 2024)


 

Published on: 11 December 2024

  
  

Description:

Microsoft has released security updates addressing multiple vulnerabilities which affect several Microsoft products or components. The list of security updates can be found at:
https://msrc.microsoft.com/update-guide/releaseNote/2024-Dec

Reports indicated that the elevation of privilege vulnerability (CVE-2024-49138) in Microsoft Windows and Server is being exploited in the wild, with its technical details publicly disclosed. In addition, multiple remote code execution vulnerabilities (CVE-2024-49112, CVE-2024-49117 and CVE-2024-49122) in Microsoft Windows and Server are also at a high risk of exploitation. System administrators and users are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.

 

Affected Systems:

  • Microsoft Windows 10, 11
  • Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016, 2019, 2022, 2022, 23H2 Edition, 2025
  • Microsoft Office 2016, 2019, LTSC 2021, LTSC 2024, LTSC for Mac 2021, LTSC for Mac 2024
  • Microsoft Excel 2016
  • Microsoft Word 2016
  • Microsoft 365 Apps for Enterprise
  • Microsoft Access 2016
  • Microsoft SharePoint Enterprise Server 2016
  • Microsoft SharePoint Server 2019, Subscription Edition
  • Microsoft Project 2016
  • Microsoft Defender for Endpoint for Android
  • Microsoft/Muzic
  • Remote Desktop client for Windows Desktop
  • System Center Operations Manager (SCOM) 2019, 2022, 2025
  • Windows App Client for Windows Desktop

 

Impact:

Successful exploitation of the vulnerabilities could lead to remote code execution, denial of service, elevation of privilege, information disclosure or spoofing on an affected system.

 

Recommendation:

Patches for affected systems are available from the Windows Update / Microsoft Update Catalog. System administrators and users of affected systems should follow the recommendations provided by the vendor and take immediate actions to mitigate the risk.

 

More Information:

  • https://msrc.microsoft.com/update-guide/releaseNote/2024-Dec
  • https://www.hkcert.org/security-bulletin/microsoft-monthly-security-update-december-2024
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43594
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43600
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49057
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49059
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49062 (to CVE-2024-49065)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49068 (to CVE-2024-49070)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49072 (to CVE-2024-49099)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49101 (to CVE-2024-49129)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49132
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49138
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49142


Tag: Microsoft , Windows , Windows Server , Microsoft Office , Excel , Word , Microsoft 365 Apps , Access , SharePoint , Project , Defender for Endpoint , Muzic , Remote Desktop client , SCOM , Windows App Client
Tags