Microsoft Patch Tuesday December 2024

Microsoft released a security as part of the December Patch Tuesday that addressed 72 vulnerabilities, including 30 classified as critical Remote Code Execution (RCE) vulnerabilities.

These fixes are crucial for securing Windows operating systems and related software against potential exploitation.

Key Highlights of December 2024 Patch Tuesday Updates:

A recent security update has addressed a total of 71 vulnerabilities across various platforms,, including 30 remote code execution vulnerabilities and 28 elevation of privilege vulnerabilities, which represent critical risks to system security.

Additionally, it resolves 4 denial of service vulnerabilities, 1 spoofing vulnerability, and 7 information disclosure vulnerabilities. The update also includes 1 defense-in-depth improvement, further enhancing overall system protection.

Additionally, the update resolved other issues, such as the elevation of privilege vulnerabilities, security feature bypasses, and more.

The affected platforms include a wide range of Windows versions, from modern systems like Windows 11 and Windows 10 to older systems such as Windows Server 2008 and various Windows Server variants.

Leveraging 2024 MITRE ATT&CK Results for SME & MSP Cybersecurity Leaders – Attend Free Webinar

Zero-day Vulnerability Exploited

CVE-2024-49138 is a zero-day vulnerability that was actively exploited before being patched in Microsoft’s December 2024 Patch Tuesday update. This critical security flaw affects the Windows Common Log File System Driver and is classified as an Elevation of Privilege vulnerability.

The vulnerability was discovered by the Advanced Research Team at CrowdStrike. It allows attackers to gain SYSTEM privileges on Windows devices, potentially giving them full control over the affected system.

While it’s confirmed that the vulnerability was actively exploited in the wild, specific details about the exploitation methods have not been disclosed.

The December 2024 Patch Tuesday update includes a fix for this vulnerability, and users are strongly advised to apply the patch immediately.

Critical Remote Code Execution Vulnerabilities

This month’s patch includes fixes for CVE-2024-49116, a highly critical RCE vulnerability impacting multiple versions of Windows Server. Exploiting this flaw could allow attackers to execute arbitrary code remotely, potentially granting full system control.

Here are some of the products affected by CVE-2024-49116:

  • Windows Server 2025 (Server Core Installation)
  • Windows Server 2022, 23H2 Edition (Server Core installation)
  • Windows Server 2022
  • Windows Server 2019
  • Windows Server 2012 R2

Additionally, an RCE vulnerability with CVE-2024-49112 impacts Windows 10 Version 1809 for both x64 and 32-bit systems.

Elevation of Privilege Vulnerabilities

Microsoft also addressed multiple Elevation of Privilege (EoP) vulnerabilities, which are critical in preventing attackers from gaining unauthorized access to higher system privileges.

Key Elevation of Privilege updates include:

  • CVE-2024-49138: Affects Windows 11 Version 22H2 and Windows 10 Version 21H2 across various architectures.
  • CVE-2024-49110: A significant EoP vulnerability affecting Windows Server 2025, Windows 11 Version 24H2, and other platforms.
  • CVE-2024-49077: Impacts Windows Server 2022 23H2 Edition, as well as Windows 11 Version 23H2 systems.

For Windows 11, Version 22H2 addressed CVE-2024-49138 and CVE-2024-49081, targeting Elevation of Privilege risks. Version 23H2 resolved CVE-2024-49077, also related to Privilege Elevation. Additionally, Version 24H2 tackled CVE-2024-49110, a key Elevation of Privilege vulnerability.

In Windows 10, Version 22H2 fixed CVE-2024-49081, addressing Elevation of Privilege flaws. Version 21H2 resolved both CVE-2024-49081 and CVE-2024-49138 to mitigate privilege escalation threats.

For Windows Server, critical vulnerabilities were addressed in multiple versions.

  • Windows Server 2025 patched CVE-2024-49116 (Remote Code Execution) and CVE-2024-49077 (Elevation of Privilege).
  • Windows Server 2022 resolved both RCE and EoP vulnerabilities, including CVE-2024-49116 and CVE-2024-49081.
  • Windows Server 2012 and 2012 R2 fixed CVE-2024-49088 (Elevation of Privilege) and CVE-2024-49080 (Remote Code Execution)
  • Windows Server 2008 and 2008 R2 addressed critical Privilege Escalation vulnerabilities such as CVE-2024-49088.

With many vulnerabilities marked as Important or Critical, these updates are essential to prevent potential exploitation. Organizations and individuals are urged to apply these updates promptly through Windows Update or other tools to safeguard against security threats.

Microsoft’s December 2024 Patch Tuesday emphasizes consistently updating systems to mitigate vulnerabilities. With cyberattacks’ growing sophistication, addressing critical issues like Remote Code execution vulnerabilities and Elevation of Privilege flaws is paramount.

Apply these patches immediately through Windows Update or other deployment tools to ensure your systems are up to date. For more details, refer to Microsoft’s official security update documentation.

72 Vulnerabilities Fixed in Microsoft Patch Tuesday, December 2024

CVEAffected SystemsSeverity
CVE-2024-49117Windows Hyper-V Remote Code Execution VulnerabilityCritical
CVE-2024-49124Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution VulnerabilityCritical
CVE-2024-49112Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution VulnerabilityCritical
CVE-2024-49127Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution VulnerabilityCritical
CVE-2024-49126Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution VulnerabilityCritical
CVE-2024-49118Microsoft Message Queuing (MSMQ) Remote Code Execution VulnerabilityCritical
CVE-2024-49122Microsoft Message Queuing (MSMQ) Remote Code Execution VulnerabilityCritical
CVE-2024-49132Windows Remote Desktop Services Remote Code Execution VulnerabilityCritical
CVE-2024-49115Windows Remote Desktop Services Remote Code Execution VulnerabilityCritical
CVE-2024-49116Windows Remote Desktop Services Remote Code Execution VulnerabilityCritical
CVE-2024-49123Windows Remote Desktop Services Remote Code Execution VulnerabilityCritical
CVE-2024-49128Windows Remote Desktop Services Remote Code Execution VulnerabilityCritical
CVE-2024-49106Windows Remote Desktop Services Remote Code Execution VulnerabilityCritical
CVE-2024-49108Windows Remote Desktop Services Remote Code Execution VulnerabilityCritical
CVE-2024-49119Windows Remote Desktop Services Remote Code Execution VulnerabilityCritical
CVE-2024-49120Windows Remote Desktop Services Remote Code Execution VulnerabilityCritical
CVE-2024-49063Microsoft/Muzic Remote Code Execution VulnerabilityImportant
CVE-2024-49057Microsoft Defender for Endpoint on Android Spoofing VulnerabilityImportant
CVE-2024-49059Microsoft Office Elevation of Privilege VulnerabilityImportant
CVE-2024-43600Microsoft Office Elevation of Privilege VulnerabilityImportant
CVE-2024-49142Microsoft Access Remote Code Execution VulnerabilityImportant
CVE-2024-49069Microsoft Excel Remote Code Execution VulnerabilityImportant
CVE-2024-49079Input Method Editor (IME) Remote Code Execution VulnerabilityImportant
CVE-2024-49064Microsoft SharePoint Information Disclosure VulnerabilityImportant
CVE-2024-49062Microsoft SharePoint Information Disclosure VulnerabilityImportant
CVE-2024-49068Microsoft SharePoint Elevation of Privilege VulnerabilityImportant
CVE-2024-49070Microsoft SharePoint Remote Code Execution VulnerabilityImportant
CVE-2024-49065Microsoft Office Remote Code Execution VulnerabilityImportant
CVE-2024-49091Windows Domain Name Service Remote Code Execution VulnerabilityImportant
CVE-2024-43594System Center Operations Manager Elevation of Privilege VulnerabilityImportant
CVE-2024-49114Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityImportant
CVE-2024-49088Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
CVE-2024-49138Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
CVE-2024-49090Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
CVE-2024-49082Windows File Explorer Information Disclosure VulnerabilityImportant
CVE-2024-49080Windows IP Routing Management Snapin Remote Code Execution VulnerabilityImportant
CVE-2024-49084Windows Kernel Elevation of Privilege VulnerabilityImportant
CVE-2024-49074Windows Kernel-Mode Driver Elevation of Privilege VulnerabilityImportant
CVE-2024-49121Windows Lightweight Directory Access Protocol (LDAP) Denial of Service VulnerabilityImportant
CVE-2024-49113Windows Lightweight Directory Access Protocol (LDAP) Denial of Service VulnerabilityImportant
CVE-2024-49096Microsoft Message Queuing (MSMQ) Denial of Service VulnerabilityImportant
CVE-2024-49073Windows Mobile Broadband Driver Elevation of Privilege VulnerabilityImportant
CVE-2024-49077Windows Mobile Broadband Driver Elevation of Privilege VulnerabilityImportant
CVE-2024-49083Windows Mobile Broadband Driver Elevation of Privilege VulnerabilityImportant
CVE-2024-49092Windows Mobile Broadband Driver Elevation of Privilege VulnerabilityImportant
CVE-2024-49087Windows Mobile Broadband Driver Information Disclosure VulnerabilityImportant
CVE-2024-49110Windows Mobile Broadband Driver Elevation of Privilege VulnerabilityImportant
CVE-2024-49078Windows Mobile Broadband Driver Elevation of Privilege VulnerabilityImportant
CVE-2024-49095Windows PrintWorkflowUserSvc Elevation of Privilege VulnerabilityImportant
CVE-2024-49097Windows PrintWorkflowUserSvc Elevation of Privilege VulnerabilityImportant
CVE-2024-49129Windows Remote Desktop Gateway (RD Gateway) Denial of Service VulnerabilityImportant
CVE-2024-49075Windows Remote Desktop Services Denial of Service VulnerabilityImportant
CVE-2024-49093Windows Resilient File System (ReFS) Elevation of Privilege VulnerabilityImportant
CVE-2024-49085Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
CVE-2024-49086Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
CVE-2024-49089Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
CVE-2024-49125Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
CVE-2024-49104Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
CVE-2024-49102Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
CVE-2024-49072Windows Task Scheduler Elevation of Privilege VulnerabilityImportant
CVE-2024-49076Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege VulnerabilityImportant
CVE-2024-49081Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege VulnerabilityImportant
CVE-2024-49103Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure VulnerabilityImportant
CVE-2024-49111Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege VulnerabilityImportant
CVE-2024-49109Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege VulnerabilityImportant
CVE-2024-49101Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege VulnerabilityImportant
CVE-2024-49094Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege VulnerabilityImportant
CVE-2024-49098Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure VulnerabilityImportant
CVE-2024-49099Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure VulnerabilityImportant
CVE-2024-49107WmsRepair Service Elevation of Privilege VulnerabilityImportant
CVE-2024-49041Microsoft Edge (Chromium-based) Spoofing VulnerabilityModerate
ADV240002Microsoft Office Defense in Depth UpdateModerate
CVE-2024-12053Chromium: CVE-2024-12053 Type Confusion in V8Unknown

Microsoft has published a complete list of patched vulnerabilities, which provides detailed information about the exploitation methods, vulnerability descriptions, and other information. 

All users should update their products to the latest version to prevent threat actors from exploiting these vulnerabilities.

Balaji N
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.