Microsoft on December 10, 2024, released patches addressing over 70 security flaws, including an actively exploited zero-day vulnerability in the Windows Common Log File System (CLFS). The patches aim to enhance security across various components of its operating system amid rising cyber threats.
Microsoft releases patches for over 70 security flaws, including zero-day vulnerability
The zero-day vulnerability, identified as CVE-2024-49138, has a CVSS severity score of 7.8 out of 10. Discovered by CrowdStrike, it allows attackers to escalate their privileges to SYSTEM through a heap-based buffer overflow, requiring minimal privileges and zero user interaction for exploitation. Microsoft, however, did not provide indicators of compromise or telemetry to aid in identifying affected systems.
The software giant reported that at least 25 vulnerabilities in CLFS have been documented over the last five years. Earlier this year, Microsoft announced plans to bolster security for the CLFS with Hash-based Message Authentication Codes (HMAC) to protect against unauthorized changes to log files, a target for advanced persistent threats (APTs) and ransomware exploits.
Among the December patches, Microsoft also highlighted crucial fixes related to the HTTP/2 Rapid Reset Attack, tagged as CVE-2023-44487, which had been exploited in widespread denial-of-service campaigns. Originally patched in October 2024, users are urged to install the available updates to secure their systems.
The update addressed at least 16 critical-severity vulnerabilities across various Windows components. Particularly, Microsoft has recommended immediate action on the Windows LDAP remote code execution vulnerability (CVE-2024-49112), which poses a critical risk with a CVSS score of 9.8. This vulnerability allows unauthenticated attackers to execute arbitrary code through specially crafted LDAP calls. Microsoft advises temporarily disconnecting Domain Controllers from the internet as a mitigation strategy.
Other significant vulnerabilities in the December release include guest-to-host remote code execution flaws in Windows Hyper-V and critical RCE vulnerabilities affecting Windows Remote Desktop Services. Additionally, two major issues in the Microsoft Message Queuing (MSMQ) service and a critical RCE flaw in the Microsoft/Muzic AI project were addressed.
According to Zero Day Initiative (ZDI), Microsoft has issued patches for a total of 1,020 vulnerabilities in 2024 to date, with 27 of those documented as zero-day attacks targeting Microsoft’s Windows ecosystem this year.
The security landscape remains tense, with ongoing investigations into various vulnerabilities, including the Centralized Logging feature. As the situation develops, the urgency for users to stay updated with Microsoft’s patches is underscored by the ongoing exploitation of several flaws in the wild.
Patching vulnerable Windows components
The December 2024 Patch Tuesday event signifies a critical effort by Microsoft to address numerous vulnerabilities that may leave systems exposed. Notably, the series of updates includes fixes for various Windows services and applications that are heavily utilized across organizations.
The patches tackled security flaws in applications such as Microsoft Office and Microsoft Edge, alongside core OS vulnerabilities. For instance, CVE-2024-49063 involves a remote code execution vulnerability in the Microsoft/Muzic platform and CVE-2024-49057 affects Microsoft Defender for Endpoint on Android.
Other notable vulnerabilities include multiple flaws linked to the Windows Lightweight Directory Access Protocol (CVE-2024-49112, CVE-2024-49121, CVE-2024-49124), each carrying critical severity ratings. These vulnerabilities allow potential remote code execution or denial-of-service scenarios that could severely affect network operations.
Additionally, various components like Windows Mobile Broadband and PrintWorkflowUserSvc also faced vulnerabilities fixed in this batch of updates, emphasizing the extensive range of issues Microsoft must continuously monitor and patch.
Featured image credit: Microsoft 365/Unsplash
