⚡ TL;DR | Go Straight to the December 2024 Patch Tuesday Audit Report
Patch Tuesday is once again upon us. As always, our team has put together the monthly Patch Tuesday Report to help you manage your update progress. The audit report gives you a quick and clear overview of your Windows machines and their patching status. The December 2024 edition of Patch Tuesday brings us 71 new fixes, with 16 rated as critical and 1 exploited. We’ve listed the most important changes below.
Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2024-49138, is the only exploited vulnerability this month. With a CVSS base score of 7.8, its not the highest scoring vulnerability of this month, but with an already active exploitation it gets some extra attention.
The only information shared by Microsoft is that if an attacker successfully exploits this vulnerability, they can gain SYSTEM privileges. As per usual, Microsoft doesn’t provide too much information to prevent further exploitation.
Windows Remote Desktop Services Remote Code Execution Vulnerability
9 out of the 16 critical vulnerabilities are in the Windows Remote Desktop Services. All of the vulnerabilities have a CVSS base score of 8.1, and even though Microsoft lists exploitation as „Less Likely“ due to its higher complexity to exploit, this many critical vulnerabilities means that there is significant risk there to be highlighted.
- CVE-2024-49132
- CVE-2024-49128
- CVE-2024-49123
- CVE-2024-49120
- CVE-2024-49119
- CVE-2024-49116
- CVE-2024-49115
- CVE-2024-49108
- CVE-2024-49106
MSMQ Remote Code Execution Vulnerability
The last highlight of this month is CVE-2024-49122. This vulnerability has not yet been actively exploited, but Microsoft does list it as „more likely“ to be exploited. To exploit this vulnerability, an attacker needs to send specially crafted malicious MSMQ packet to a MSMQ server.
Because of the condition to exploit, only devices with the Message Queuing and Message Queuing Services feature are vulnerable. You can easily find out which devices meet that condition using the Windows Server MSMQ Server Feature Audit.
Run the Patch Tuesday December 2024 Audit
To help manage your update progress, we’ve created the Patch Tuesday Audit that checks if the assets in your network are on the latest patch updates. The report has been color-coded to see which machines are up-to-date and which ones still need to be updated. As always, system administrators are urged to update their environment as soon as possible to ensure all endpoints are secured.
The Lansweeper Patch Tuesday report is automatically added to your Lansweeper Site. Lansweeper Sites is included in all our licenses without any additional cost and allows you to federate all your installations into one single view so all you need to do is look at one report, automatically added every patch Tuesday!
Patch Tuesday December 2024 CVE Codes & Titles
| CVE Number | CVE Title |
| CVE-2024-49142 | Microsoft Access Remote Code Execution Vulnerability |
| CVE-2024-49138 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| CVE-2024-49132 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
| CVE-2024-49129 | Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability |
| CVE-2024-49128 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
| CVE-2024-49127 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability |
| CVE-2024-49126 | Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability |
| CVE-2024-49125 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2024-49124 | Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability |
| CVE-2024-49123 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
| CVE-2024-49122 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability |
| CVE-2024-49121 | Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability |
| CVE-2024-49120 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
| CVE-2024-49119 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
| CVE-2024-49118 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability |
| CVE-2024-49117 | Windows Hyper-V Remote Code Execution Vulnerability |
| CVE-2024-49116 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
| CVE-2024-49115 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
| CVE-2024-49114 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
| CVE-2024-49113 | Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability |
| CVE-2024-49112 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability |
| CVE-2024-49111 | Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability |
| CVE-2024-49110 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability |
| CVE-2024-49109 | Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability |
| CVE-2024-49108 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
| CVE-2024-49107 | WmsRepair Service Elevation of Privilege Vulnerability |
| CVE-2024-49106 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
| CVE-2024-49104 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2024-49103 | Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability |
| CVE-2024-49102 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2024-49101 | Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability |
| CVE-2024-49099 | Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability |
| CVE-2024-49098 | Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability |
| CVE-2024-49097 | Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability |
| CVE-2024-49096 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
| CVE-2024-49095 | Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability |
| CVE-2024-49094 | Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability |
| CVE-2024-49093 | Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability |
| CVE-2024-49092 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability |
| CVE-2024-49091 | Windows Domain Name Service Remote Code Execution Vulnerability |
| CVE-2024-49090 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| CVE-2024-49089 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2024-49088 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| CVE-2024-49087 | Windows Mobile Broadband Driver Information Disclosure Vulnerability |
| CVE-2024-49086 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2024-49085 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2024-49084 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2024-49083 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability |
| CVE-2024-49082 | Windows File Explorer Information Disclosure Vulnerability |
| CVE-2024-49081 | Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability |
| CVE-2024-49080 | Windows IP Routing Management Snapin Remote Code Execution Vulnerability |
| CVE-2024-49079 | Input Method Editor (IME) Remote Code Execution Vulnerability |
| CVE-2024-49078 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability |
| CVE-2024-49077 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability |
| CVE-2024-49076 | Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability |
| CVE-2024-49075 | Windows Remote Desktop Services Denial of Service Vulnerability |
| CVE-2024-49074 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability |
| CVE-2024-49073 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability |
| CVE-2024-49072 | Windows Task Scheduler Elevation of Privilege Vulnerability |
| CVE-2024-49070 | Microsoft SharePoint Remote Code Execution Vulnerability |
| CVE-2024-49069 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2024-49068 | Microsoft SharePoint Elevation of Privilege Vulnerability |
| CVE-2024-49065 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2024-49064 | Microsoft SharePoint Information Disclosure Vulnerability |
| CVE-2024-49063 | Microsoft/Muzic Remote Code Execution Vulnerability |
| CVE-2024-49062 | Microsoft SharePoint Information Disclosure Vulnerability |
| CVE-2024-49059 | Microsoft Office Elevation of Privilege Vulnerability |
| CVE-2024-49057 | Microsoft Defender for Endpoint on Android Spoofing Vulnerability |
| CVE-2024-43600 | Microsoft Office Elevation of Privilege Vulnerability |
| CVE-2024-43594 | System Center Operations Manager Elevation of Privilege Vulnerability |