Microsoft has just released 71 patches across 10 product families. A total of 17 Critical severity issues, all related to Windows, have been identified by Microsoft with a CVSS base score of 8.1 or higher. Among these, ten involve Remote Desktop Services. At the time of patch release, one of the addressed issues (CVE-2024-49138, an issue related to the Windows Common Log File system driver with Important severity) is already being exploited in the wild, with 6 additional CVEs predicted to be targeted by exploits within the next 30 days according to the company. Sophos protections can detect five of the vulnerabilities this month, and details are provided in the table below.
Besides these updates, the release also includes advisory details on two Edge CVEs (which were patched the previous week), a Defense-in-Depth update for a specific version of Microsoft Project, and information on six bulletins released by Adobe this week. Additional appendices at the end of the post list all of Microsoft’s patches sorted by severity, predicted exploitability, and product family.
Moreover, this month introduces a new appendix that categorizes each month’s Windows Server patches by the affected version. Administrators are advised to use this appendix to determine their specific exposure, especially for products that are no longer in mainstream support, as individual situations may vary.
- Total CVEs: 71
- Publicly disclosed: 1
- Exploit detected: 1
- Severity
- Critical: 17
- Important: 54
- Impact
- Remote Code Execution: 31
- Elevation of Privilege: 27
- Information Disclosure: 7
- Denial of Service: 5
- Spoofing: 1
- CVSS base score 9.0 or greater: 1
- CVSS score 8.0 or greater: 27
Figure 1: The December CVEs do not include any spoofing, denial of service, or security feature bypass issues; however, there are numerous Critical-severity RCEs to keep system administrators vigilant
Products Summary
- Windows: 59
- Office: 5
- SharePoint: 5
- 365 Apps: 4
- Access: 1
- Defender: 1
- Excel: 1
- Muzic: 1
- SCOM: 1
- Word: 1
As per our usual practice, CVEs that impact multiple product families are counted once for each affected family.
Figure 2: Out of the ten product families covered in this month’s updates, six have only one patch each. Muzic is a music-generation project available on Github (https://github.com/microsoft/muzic) originally developed by a team from Microsoft Research Asia
Highlighted Updates for December
Aside from the aforementioned issues, there are some noteworthy patches to consider.
CVE-2024-49112 — Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
This is the sole CVE this month with a CVSS base score surpassing 9.0. A Critical-severity RCE with a rating of 9.8/10, this vulnerability affects all supported versions of Windows 10 and 11, as well as all Server versions dating back to 2008. The exploit is relatively simple (requiring maliciously crafted LDAP calls) and does not need privileges or user interaction. Successful exploitation grants the attacker the ability to run arbitrary code within the LDAP service context. Microsoft advises administrators who cannot immediately apply this patch to ensure that domain controllers do not have internet access and block inbound RPC from untrusted networks.
CVE-2024-49138 — Windows Common Log File System Driver Elevation of Privilege Vulnerability
The lone CVE this month currently being exploited in the wild, this elevation of privilege issue with Important severity impacts all supported Windows client and server versions. A successful attack would result in elevated system privileges.
CVE-2024-49117 – Windows Hyper-V Remote Code Execution Vulnerability
This Critical-severity RCE, when exploited successfully, could allow a cross-VM attack, enabling the attacker to move from the originally compromised machine to other systems.
CVE-2024-49114 — Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
This Interesting-severity issue represents a potentially new vulnerability category: False File Immutability. Certain assumptions in certain Windows components may lead to untrustworthy files, defective system behaviors, or other vulnerabilities. Despite this, Microsoft categorizes this CVE as an Elevation of Privilege problem, with a higher likelihood of exploitation within the next 30 days.
12 CVEs – RDP issues
As detailed in our Active Adversary technical reports, RDP continues to be a prime target for attackers within the Microsoft ecosystem. Both client-side and server-side installations are impacted this month, with 10 of these CVEs categorized as Critical-severity by Microsoft.
Figure 3: As 2024 comes to an end, Remote Code Execution vulnerabilities maintain their top position as the most prevalent issue to be resolved, overtaking Elevation of Privilege at the end of 2023
Despite a relatively calm start, 2024 concluded with the resolution of 1015 CVEs through the Patch Tuesday process – the highest annual count since 2020’s total of 1245 patches. The year also saw the introduction of the two singlegreatest one-month number of patches, in April (147) and July (138). For those who are interested, December 2023 had the smallest count of the previous five years, with 33 patches.
Figure 4: If you thought 2020 was a chaotic year for Microsoft patches, you’re absolutely correct. While 2024 witnessed several exceptional months, 2020 stood out as the most burdensome patch period in four years for many administrators
Security measures by Sophos
| CVE | Sophos Intercept X/Endpoint IPS | Sophos XGS Firewall |
| CVE-2024-49088 | Exp/2449088-A | Exp/2449088-A |
| CVE-2024-49090 | Exp/2449090-A | Exp/2449090-A |
| CVE-2024-49093 | Exp/2449093-A | Exp/2449093-A |
| CVE-2024-49122 | sid:2310400 | sid:2310400 |
| CVE-2024-49138 | Exp/2449138-A | Exp/2449138-A |
Each month, you have the option to proactively download Microsoft’s updates from the Windows Update Catalog website if you prefer not to wait for your system to automatically retrieve them. Use the winver.exe tool to identify the Windows 10 or 11 version you’re using, then obtain the Cumulative Update package tailored to your specific system architecture and build number.
Appendix A: Severity and Impact of Vulnerabilities
This compilation features December’s patches organized by their impact and further categorized by severity. Furthermore, each list is sorted according to CVE.
Remote Code Execution (31 CVEs)
| Considerable severity | |
| CVE-2024-49105 | Remote Desktop Client Remote Code Execution Vulnerability |
| CVE-2024-49106 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
| CVE-2024-49108 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
| CVE-2024-49112 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability |
| CVE-2024-49115 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
| CVE-2024-49116 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
| CVE-2024-49117 | Windows Hyper-V Remote Code Execution Vulnerability |
| CVE-2024-49118 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability |
| CVE-2024-49119 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
| CVE-2024-49120 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
| CVE-2024-49122 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability |
| CVE-2024-49123 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
| CVE-2024-49124 | Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability |
| CVE-2024-49126 | Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability |
| CVE-2024-49127 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability |
| CVE-2024-49128 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
| CVE-2024-49132 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
| Significant severity | |
| CVE-2024-49063 | Microsoft/Muzic Remote Code Execution Vulnerability |
| CVE-2024-49065 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2024-49069 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2024-49070 | Microsoft SharePoint Remote Code Execution Vulnerability |
| CVE-2024-49079 | Input Method Editor (IME) Remote Code Execution Vulnerability |
| CVE-2024-49080 | Windows IP Routing Management Snapin Remote Code Execution Vulnerability |
| CVE-2024-49085 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2024-49086 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2024-49089 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2024-49091 | Windows Domain Name Service Remote Code Execution Vulnerability |
| CVE-2024-49102 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2024-49104 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2024-49125 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2024-49142 | Microsoft Access Remote Code Execution Vulnerability |
| CVE-2024-49063 | Microsoft/Muzic Remote Code Execution Vulnerability |
| CVE-2024-49065 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2024-49069 | Microsoft Excel Remote Code Execution Vulnerability |
Privilege Elevation (27 CVEs)
| Significant severity | |
| CVE-2024-43594 | System Center Operations Manager Elevation of Privilege Vulnerability |
| CVE-2024-43600 | Microsoft Office Elevation of Privilege Vulnerability |
| CVE-2024-49059 | Vulnerability related to Elevation of Privileges in Microsoft Office Suite |
| CVE-2024-49068 | Elevation of Privilege Vulnerability in Microsoft SharePoint |
| CVE-2024-49072 | Windows Task Scheduler Vulnerability for Escalation of Privileges |
| CVE-2024-49073 | Elevation of Privilege Vulnerability in Windows Mobile Broadband Driver |
| CVE-2024-49074 | Elevation of Privilege Vulnerability in Windows Kernel-Mode Driver |
| CVE-2024-49076 | Vulnerability for Elevation of Privileges in Windows Virtualization-Based Security (VBS) Enclave |
| CVE-2024-49077 | Elevation of Privilege Vulnerability in Windows Mobile Broadband Driver |
| CVE-2024-49078 | Vulnerability leading to Elevation of Privileges in Windows Mobile Broadband Driver |
| CVE-2024-49081 | Elevation of Privilege Vulnerability in Wireless Wide Area Network Service (WwanSvc) |
| CVE-2024-49083 | Elevation of Privilege Vulnerability in Windows Mobile Broadband Driver |
| CVE-2024-49084 | Vulnerability related to Elevation of Privileges in Windows Kernel |
| CVE-2024-49088 | Elevation of Privilege Vulnerability in Windows Common Log File System Driver |
| CVE-2024-49090 | Elevation of Privilege Vulnerability in Windows Common Log File System Driver |
| CVE-2024-49092 | Elevation of Privilege Vulnerability in Windows Mobile Broadband Driver |
| CVE-2024-49093 | Elevation of Privilege Vulnerability in Windows Resilient File System (ReFS) |
| CVE-2024-49094 | Elevation of Privilege Vulnerability in Wireless Wide Area Network Service (WwanSvc) |
| CVE-2024-49095 | Elevation of Privilege Vulnerability in Windows PrintWorkflowUserSvc |
| CVE-2024-49097 | Elevation of Privilege Vulnerability in Windows PrintWorkflowUserSvc |
| CVE-2024-49101 | Elevation of Privilege Vulnerability in Wireless Wide Area Network Service (WwanSvc) |
| CVE-2024-49107 | Elevation of Privilege Vulnerability in WmsRepair Service |
| CVE-2024-49109 | Elevation of Privilege Vulnerability in Wireless Wide Area Network Service (WwanSvc) |
| CVE-2024-49110 | Elevation of Privilege Vulnerability in Windows Mobile Broadband Driver |
| CVE-2024-49111 | Elevation of Privilege Vulnerability in Wireless Wide Area Network Service (WwanSvc) |
| CVE-2024-49114 | Elevation of Privilege Vulnerability in Windows Cloud Files Mini Filter Driver |
| CVE-2024-49138 | Elevation of Privilege Vulnerability in Windows Common Log File System Driver |
Information Leakage (7 CVEs)
| Important severity | |
| CVE-2024-49062 | Information Disclosure Vulnerability in Microsoft SharePoint |
| CVE-2024-49064 | Information Disclosure Vulnerability in Microsoft SharePoint |
| CVE-2024-49082 | Information Disclosure Vulnerability in Windows File Explorer |
| CVE-2024-49087 | Information Disclosure Vulnerability in Windows Mobile Broadband Driver |
| CVE-2024-49098 | Information Disclosure Vulnerability in Windows Wireless Wide Area Network Service (WwanSvc) |
| CVE-2024-49099 | Information Disclosure Vulnerability in Windows Wireless Wide Area Network Service (WwanSvc) |
| CVE-2024-49103 | Information Disclosure Vulnerability in Windows Wireless Wide Area Network Service (WwanSvc) |
Service Unavailability (5 CVEs)
| Important severity | |
| CVE-2024-49075 | Denial of Service Vulnerability in Windows Remote Desktop Services |
| CVE-2024-49096 | Denial of Service Vulnerability in Microsoft Message Queuing (MSMQ) |
| CVE-2024-49113 | Denial of Service Vulnerability in Windows Lightweight Directory Access Protocol (LDAP) |
| CVE-2024-49121 | Denial of Service Vulnerability in Windows Lightweight Directory Access Protocol (LDAP) |
| CVE-2024-49129 | Denial of Service Vulnerability in Windows Remote Desktop Gateway (RD Gateway) |
Fraudulent Activity (1 CVE)
| Important severity | |
| CVE-2024-49057 | Spoofing Vulnerability in Microsoft Defender for Endpoint on Android |
Appendix B: Vulnerability Exploitation
Here is a compilation of the December CVEs rated by Microsoft to be either currently exploited in the wild or at higher risk of exploitation within the initial 30 days post-release. The list is categorized by CVE.
| Exploitation identified | |
| CVE-2024-49138 | Vulnerability for Elevation of Privileges in Windows Common Log File System Driver |
| Expected exploitation within the next 30 days | |
| CVE-2024-49070 | Remote Code Execution Vulnerability in Microsoft SharePoint |
| CVE-2024-49088 | Vulnerability for Elevation of Privileges in Windows Common Log File System Driver |
| CVE-2024-49090 | Vulnerability for Elevation of Privileges in Windows Common Log File System Driver |
| CVE-2024-49093 | Elevation of Privilege Vulnerability in Windows Resilient File System (ReFS) |
| CVE-2024-49114 | Elevation of Privilege Vulnerability in Windows Cloud Files Mini Filter Driver |
| CVE-2024-49122 | Remote Code Execution Vulnerability in Microsoft Message Queuing (MSMQ) |
Appendix C: Affected Products
In this list, December’s patches are grouped by product line and further categorized by severity. Each section is then sorted by CVE. Patches that impact multiple product families are documented multiple times, once for each of those families. Issues concerning Windows Server are additionally specified in Appendix E.
Windows (59 CVEs)
| Critical severity | |
| CVE-2024-49105 | Remote Code Execution Vulnerability in Remote Desktop Client |
| CVE-2024-49106 | Denial of Service Vulnerability in Windows Remote Desktop Services |
Office (5 CVEs)
| Severity level: Important | |
| CVE-2024-43600 | Vulnerability in Microsoft Office leading to Elevation of Privilege |
| CVE-2024-49059 | Vulnerability in Microsoft Office causing Elevation of Privilege |
| CVE-2024-49065 | Remote Code Execution Vulnerability in Microsoft Office |
| CVE-2024-49069 | Remote Code Execution Vulnerability in Microsoft Excel |
| CVE-2024-49142 | Remote Code Execution Vulnerability in Microsoft Access |
SharePoint (5 CVEs)
| Severity level: Important | |
| CVE-2024-49062 | Information Disclosure Vulnerability in Microsoft SharePoint |
| CVE-2024-49064 | Information Disclosure Vulnerability in Microsoft SharePoint |
| CVE-2024-49065 | Remote Code Execution Vulnerability in Microsoft Office |
| CVE-2024-49068 | Elevation of Privilege Vulnerability in Microsoft SharePoint |
| CVE-2024-49070 | Remote Code Execution Vulnerability in Microsoft SharePoint |
365 (4 CVEs)
| Severity level: Important | |
| CVE-2024-49059 | Elevation of Privilege Vulnerability in Microsoft Office |
| CVE-2024-49065 | Remote Code Execution Vulnerability in Microsoft Office |
| CVE-2024-49069 | Remote Code Execution Vulnerability in Microsoft Excel |
| CVE-2024-49142 | Remote Code Execution Vulnerability in Microsoft Access |
Access (1 CVE)
| Severity level: Important | |
| CVE-2024-49142 | Remote Code Execution Vulnerability in Microsoft Access |
Defender (1 CVE)
| Severity level: Important | |
| CVE-2024-49057 | Spoofing Vulnerability in Microsoft Defender for Endpoint on Android |
Excel (1 CVE)
| Severity level: Important | |
| CVE-2024-49069 | Remote Code Execution Vulnerability in Microsoft Excel |
Muzic (1 CVE)
| Severity level: Important | |
| CVE-2024-49063 | Remote Code Execution Vulnerability in Microsoft/Muzic |
SCOM (1 CVE)
| Severity level: Important | |
| CVE-2024-43594 | Elevation of Privilege Vulnerability in System Center Operations Manager |
Word (1 CVE)
| Severity level: Important | |
| CVE-2024-49065 | Remote Code Execution Vulnerability in Microsoft Office |
Appendix D: Advisories and Other Products
This section provides a list of advisories and additional information on other relevant CVEs released in December.
Microsoft notifications:
| CVE / identifier | Product | Title |
| ADV240002 | Project 2016 | Defense in Depth Update for Microsoft Office |
| CVE-2024-12053 | Edge | Chromium-based Edge Vulnerability – Type Confusion in V8 (CVE-2024-12053) |
| CVE-2024-49041 | Edge | Spoofing Vulnerability in Microsoft Edge (Chromium-based) |
Adobe Reader notices:
| CVE | Bulletin | Title |
| CVE-2024-49531 | APSB24-92 | NULL Pointer Dereference Vulnerability (CWE-476) |
| CVE-2024-49530 | APSB24-92 | Use After Free Vulnerability (CWE-416) |
| CVE-2024-49532 | APSB24-92 | Out-of-bounds Read Vulnerability (CWE-125) |
| CVE-2024-49533 | APSB24-92 | Out-of-bounds Read Vulnerability (CWE-125) |
| CVE-2024-49534 | APSB24-92 | Out-of-bounds Read Vulnerability (CWE-125) |
| CVE-2024-49535 | APSB24-92 | Improper Restriction of XML External Entity Reference (‘XXE’) Vulnerability (CWE-611) |
Appendix E: Affected Windows Server versions
This table displays the CVEs in December impacting nine different versions of Windows Server spanning from 2008 to 2025. The table distinguishes between major platform versions without delving into further details (e.g., Server Core). Critical-severity problems are denoted in red; an “x” signifies that the CVE is not relevant for that particular version. Administrators are advised to use this appendix as a preliminary guide to evaluate their specific risk exposure since each reader’s circumstances, particularly concerning products beyond mainstream support, will vary.
| 2008 | 2008-R2 | 2012 | 2012-R2 | 2016 | 2019 | 2022 | 2022 23H2 | 2025 | |
| CVE-2024-49072 | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ | ■ |
| CVE-2024-49073 | × | × | × | × | × | ■ | × | ■ | ■ |
| CVE-2024-49074 | × | × | × | × | × | ■ | × | × | × |
| CVE-2024-49075 | × | × | × | × | × | ■ | ■ | ■ |
About Author
