Microsoft December Patch Tuesday: Critical Zero-Day Vulnerability Fixed
With the last December 2024 Patch Tuesday, Microsoft released security updates that address 72 new vulnerabilities. Out of these 72 flaws, only one is classified as Zero-Day; the 75% of the CVEs are rated as Important (54 out of the total 72 vulnerabilities), while the remaining 25% is Critical. Only one CVE is marked as Moderate.
43% of the addressed vulnerabilities of this month are categorized as Remote Code Execution (RCE), while 38% belong to the Elevation of Privileges (EoP) flaw type.
Zero-Day Vulnerability Remediation
The December Patch Tuesday from Microsoft addressed one critical zero-day vulnerability, that is publicly disclosed and known to be exploited in the wild:
CVE-2024-49138 Windows Common Log File System Driver Elevation of Privilege Vulnerability
The CVE-2024-49138 allows an attacker to leverage an improper handling of memory in the CLFS driver in order to elevate privileges to administrator or system level and execute arbitrary code, disable security tools, steal sensitive data, or deploy ransomware to the target device. The fact the attacker requires access to the target device to exploit this vulnerability limits the overall CVSS score of this CVE to 7.8.
All the Windows versions are affected, both server and client editions.
This vulnerability was also added by the CISA to the Known Exploited Vulnerability (KEV) catalog with a due date of 31st December 2024
In HCL BigFix, we published 22 different fixlets for this particular vulnerability remediation, on each affected version of Windows, both Windows Server (like Win Server 2016, 2019, 2022 and 2025) as well as Client (Windows 10 and 11) editions.
Microsoft addressed other important vulnerabilities as part of the December Patch Tuesday. Followings are the most relevant due to their severity or to the risk of being exploited:
CVE-2024-49112 - Windows LDAP - Lightweight Directory Access Protocol
Microsoft patched CVE-2024-49112, a remote code execution vulnerability in the LDAP Service, which allows remote, unauthenticated attackers to run arbitrary code in the context of the LDAP service through a set of specially crafted calls to the affected Domain Controllers. This flaw has the highest CVSS base score among the vulnerabilities addressed by Microsoft this month (base CVSS score is 9.8).
If you are unable to immediately apply the patch, Microsoft advises you to configure your Domain Controllers to “do not access” the internet or to “not allow inbound RPC from untrusted networks.” Applying both configurations provides an effective defense-in-depth against this vulnerability, which in fact is classified as “Exploitation less likely”.
Remediation of this vulnerability is addressed in Microsoft’s Cumulative Updates. HCL BigFix has released a fixlet for each of the 22 supported versions of Windows, ensuring comprehensive support for vulnerability remediation.
CVE-2024-49070 - Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft addressed four different vulnerabilities for SharePoint during this Patch Tuesday. The CVE 2024-49070 is not the highest rated flaw among these four, but it is the only CVE that Microsoft marked as “Exploitation More Likely”. However, Microsoft suggests applying all the updates provided for the Software to increase the security level.
Despite the higher exploitation risk, the CVSS assigned to this vulnerability is 7.4. There are a couple of reasons that explain this:
- The attack complexity for this CVE is high. This means that an attacker must prepare the target device to improve the exploit's reliability.
- The attack vector is local. This means that the attacker executes code from the local machine (and not remotely, like the title of the vulnerability suggests).
We have published the following fixlets in HCL BigFix for SharePoint vulnerability remediation- :
|
500254401 |
MS24-DEC: Security Update for Microsoft SharePoint Enterprise Server 2016 Language Pack - SharePoint Server 2016 - KB5002544 (x64) |
|
500265701 |
MS24-DEC: Security Update for Microsoft SharePoint Server 2019 Core - SharePoint Server 2019 - KB5002657 (x64) |
|
500265801 |
MS24-DEC: Security Update for Microsoft SharePoint Server Subscription Edition - Microsoft SharePoint Server Subscription Edition - KB5002658 (x64) |
|
500265901 |
MS24-DEC: Security Update for Microsoft SharePoint Enterprise Server 2016 - SharePoint Server 2016 - KB5002659 (x64) |
|
500266401 |
MS24-DEC: Security Update for Microsoft SharePoint Server 2019 Language Pack - Microsoft SharePoint Server 2019 - KB5002664 (x64) |
The HCL BigFix Patching Content for December Patch Tuesday
During the December 2024 Patch Tuesday, the HCL BigFix Patch team published 37 distinct fixlets, effectively supporting vulnerability remediation for 67 out of the 72 security vulnerabilities addressed by Microsoft this month.
The remaining CVEs are eventually resolved using fixlets available in other sites or are applicable to components and products where the HCL BigFix content is not supported. The full list of fixlets for security updates released by Microsoft is available in the HCL BigFix Forum at the following link:
BigFix Patch Tuesday Content for Windows ESU
The Zero-day vulnerability resolved during this Patch Tuesday also affects Windows Server 2012 and 2012 R2 versions of Windows and Microsoft addressed the resolution of the flaw as part of the Windows Extended Security Update program. If you are entitled to Windows ESU Patching in our endpoint management platform, HCL BigFix, you will get access to the fixlets to deploy Security Monthly Quality Rollup on Windows Server 2012 and Windows Server 2012 R2 (both 32- and 64-bits versions of the OS are supported) and perform vulnerability remediation on those systems.
Start a Conversation with Us
We’re here to help you find the right solutions and support you in achieving your business goals.
