Security
Headlines
HeadlinesLatestCVEs

Headline

December Microsoft Patch Tuesday

December Microsoft Patch Tuesday. 89 CVEs, of which 18 were added since November MSPT. 1 vulnerability with signs of exploitation in the wild: 🔻 EoP – Windows Common Log File System Driver (CVE-2024-49138). There are no details about this vulnerability yet. Strictly speaking, there was another vulnerability that was exploited in the wild: EoP – […]

Alexander V. Leonov
#vulnerability#web#windows#microsoft#ldap#blog

December Microsoft Patch Tuesday. 89 CVEs, of which 18 were added since November MSPT. 1 vulnerability with signs of exploitation in the wild:

🔻 EoP – Windows Common Log File System Driver (CVE-2024-49138). There are no details about this vulnerability yet.

Strictly speaking, there was another vulnerability that was exploited in the wild: EoP – Microsoft Partner Network (CVE-2024-49035). But this is an already fixed vulnerability in the Microsoft website and I’m not even sure that it was worth creating a CVE. 🤔

For the remaining vulnerabilities, there are no signs of exploitation in the wild, nor exploits (even private ones).

I can highlight:

🔹 RCE – Windows LDAP (CVE-2024-49112, CVE-2024-49127)
🔹 RCE – Windows LSASS (CVE-2024-49126)
🔹 RCE – Windows Remote Desktop Services (CVE-2024-49106 и ещё 8 CVE)
🔹 RCE – Microsoft MSMQ (CVE-2024-49122, CVE-2024-49118)
🔹 RCE – Microsoft SharePoint (CVE-2024-49070)

🗒 Full Vulristics report

На русском

Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it more often than this site. If you haven’t used Telegram yet, give it a try. It’s great. You can discuss my posts or ask questions at @avleonovchat.

А всех русскоязычных я приглашаю в ещё один телеграмм канал @avleonovrus, первым делом теперь пишу туда.

Related news

Patch Tuesday, December 2024 Edition

Microsoft today released updates to plug at least 70 security holes in Windows and Windows software, including one vulnerability that is already being exploited in active attacks. The zero-day seeing exploitation involves CVE-2024-49138, a security weakness in the Windows Common… Read More »

Patch Tuesday, December 2024 Edition

Microsoft today released updates to plug at least 70 security holes in Windows and Windows software, including one vulnerability that is already being exploited in active attacks. The zero-day seeing exploitation involves CVE-2024-49138, a security weakness in the Windows Common… Read More »

Actively Exploited Zero-Day, Critical RCEs Lead Microsoft Patch Tuesday

The zero-day (CVE-2024-49138), plus a worryingly critical unauthenticated RCE security vulnerability (CVE-2024-49112), are unwanted gifts for security admins this season.

Actively Exploited Zero-Day, Critical RCEs Lead Microsoft Patch Tuesday

The zero-day (CVE-2024-49138), plus a worryingly critical unauthenticated RCE security vulnerability (CVE-2024-49112), are unwanted gifts for security admins this season.

Actively Exploited Zero-Day, Critical RCEs Lead Microsoft Patch Tuesday

The zero-day (CVE-2024-49138), plus a worryingly critical unauthenticated RCE security vulnerability (CVE-2024-49112), are unwanted gifts for security admins this season.

Microsoft Patch Tuesday for December 2024 contains four critical vulnerabilities

The Patch Tuesday for December of 2024 includes 72 vulnerabilities, including four that Microsoft marked as “critical.” The remaining vulnerabilities listed are classified as “important.”

Microsoft Patch Tuesday for December 2024 contains four critical vulnerabilities

The Patch Tuesday for December of 2024 includes 72 vulnerabilities, including four that Microsoft marked as “critical.” The remaining vulnerabilities listed are classified as “important.”

Microsoft Patch Tuesday for December 2024 contains four critical vulnerabilities

The Patch Tuesday for December of 2024 includes 72 vulnerabilities, including four that Microsoft marked as “critical.” The remaining vulnerabilities listed are classified as “important.”

Microsoft Patch Tuesday for December 2024 contains four critical vulnerabilities

The Patch Tuesday for December of 2024 includes 72 vulnerabilities, including four that Microsoft marked as “critical.” The remaining vulnerabilities listed are classified as “important.”

Microsoft Patch Tuesday for December 2024 contains four critical vulnerabilities

The Patch Tuesday for December of 2024 includes 72 vulnerabilities, including four that Microsoft marked as “critical.” The remaining vulnerabilities listed are classified as “important.”

Microsoft Patch Tuesday for December 2024 contains four critical vulnerabilities

The Patch Tuesday for December of 2024 includes 72 vulnerabilities, including four that Microsoft marked as “critical.” The remaining vulnerabilities listed are classified as “important.”

Microsoft Patch Tuesday for December 2024 contains four critical vulnerabilities

The Patch Tuesday for December of 2024 includes 72 vulnerabilities, including four that Microsoft marked as “critical.” The remaining vulnerabilities listed are classified as “important.”

Microsoft Patch Tuesday for December 2024 contains four critical vulnerabilities

The Patch Tuesday for December of 2024 includes 72 vulnerabilities, including four that Microsoft marked as “critical.” The remaining vulnerabilities listed are classified as “important.”

Alexander V. Leonov: Latest News

December Microsoft Patch Tuesday