Microsoft Releases December 2024 Patch Tuesday Updates

Microsoft’s December 2024 Patch Tuesday updates addressed 72 vulnerabilities.

72 vulnerabilities fixed in the December 2024 Patch Tuesday updates

In December, Microsoft fixed a total of 72 vulnerabilities, 16 of which were deemed “Critical.” Additionally, there are 54 security flaws rated as “Important” and one is rated “Moderate” in terms of severity. Here’s a list of the most notable vulnerabilities Microsoft addressed in December:

• CVE-2024-49138: This is a moderate-level security flaw in the Windows Common Log File System Driver that could enable hackers to launch privilege escalation attacks. This technique can be used to gain system-level privileges on Windows Server machines.
• CVE-2024-49112: This is a critical security vulnerability with a CVSS score of 9.8. It’s an unauthenticated RCE issue in the Windows Lightweight Directory Access Protocol (LDAP). Cybercriminals could exploit this flaw to compromise Windows 10 systems and Domain Controllers by sending custom LDAP calls.
• CVE-2024-49117: This critical RCE vulnerability in Windows Hyper-V allows threat actors on a guest virtual machine (VM) to execute code on the underlying host OS and perform a cross-VM attack.
• CVE-2024-49093: This is an EoP vulnerability in the Windows Resilient File System (ReFS). It’s a file system designed to offer enhanced scalability and fault tolerance for virtualization environments, databases, and backups.
• CVE-2024-49070: This vulnerability could enable an attacker to execute arbitrary code on the SharePoint server. However, it requires the hacker to have local access to the system.

You can find the full list of CVEs addressed in the December 2024 Patch Tuesday Updates below:

Quality and experience updates

Microsoft released the KB5048667 and KB5048685 updates for PCs running Windows 11 versions 24H2 and 23H2. This release allows users to share content to an Android device from the context menu in File Explorer and on the desktop. However, this feature requires users to install and configure the Phone Link app.

Additionally, Microsoft has added new options to enhance user control over mouse settings. Users can now turn off enhanced mouse pointer precision and change the direction in which the mouse scrolls. This capability is only available in Windows 11 version 23H2/22H2.

The KB5048652 update brings a couple of bug fixes for Windows 10 PCs. Specifically, Microsoft has addressed a bug that affected how files were handled when dragged and dropped from a cloud files provider folder. Previously, when users dragged and dropped files from these cloud folders, the files were moved to the new location instead of being copied. With the update, the default action now ensures that files are copied rather than moved, preserving the original files in the cloud folder.

Windows Update testing and best practices

Microsoft advises organizations to perform thorough testing to confirm that updates do not compromise the stability of their production systems. However, it is crucial to deploy Patch Tuesday updates to proactively address potential threats.

Additionally, IT administrators must prioritize backing up their systems before applying updates, utilizing the built-in backup features of Windows and Windows Server. These features allow for the restoration of specific files and folders or entire systems as required.

Last but not least, organizations should consistently monitor their systems for anomalies or unexpected behaviors. Regular monitoring is essential for staying vigilant against emerging risks and adopting appropriate security measures.