Actively Exploited Zero-Day, Critical RCEs Lead Microsoft Patch Tuesday

Source: Dark Reading Author: Tara Seals, Managing Editor, News, Dark Reading URL: https://www.darkreading.com/application-security/microsoft-zero-day-critical-rces-patch-tuesday

1. ONE SENTENCE SUMMARY: Microsoft’s December 2024 Patch Tuesday addresses a zero-day vulnerability with 71 patches, including critical RCE flaws in various components.

2. MAIN POINTS:

3. Microsoft released 71 patches in December 2024 Patch Tuesday, addressing significant vulnerabilities.

4. This update raises the total patches for 2024 to 1,020, second-highest after 2020.

5. CVE-2024-49138 is a zero-day bug in the Windows CLFS Driver allowing privilege escalation.

6. Ransomware operators increasingly exploit zero-day vulnerabilities like the CLFS elevation of privilege flaw.

7. CVE-2024-49112 is a critical RCE vulnerability in Windows LDAP affecting Domain Controllers.

8. Windows Hyper-V has a critical RCE vulnerability (CVE-2024-49117) allowing code execution from guest VMs.

9. Nine critical bugs relate to Remote Desktop Services, including one requiring precise timing for exploitation.

10. CVE-2024-49093 is an EoP vulnerability in Windows ReFS allowing broader system-level access from constrained environments.

11. Security experts warn not to expose RDP services to the Internet due to ongoing vulnerabilities.

12. The final notable vulnerability involves RCE in an AI music project, highlighting deserialization risks.

13. TAKEAWAYS:

14. Immediate patching is crucial for reducing risks from critical vulnerabilities.

15. Cybersecurity measures must evolve as ransomware tactics become more aggressive.

16. Organizations should implement robust security practices to mitigate RDP-related risks.

17. Understanding and addressing vulnerabilities in specific components is essential for overall security posture.

18. Continuous monitoring of security advisories can prevent potential exploitation of zero-day vulnerabilities.