Yesterday marked the final Patch Tuesday of 2024, bringing with it a series of crucial security updates from Microsoft. In total, 71 security vulnerabilities were addressed across various Microsoft applications and services, with 16 of these being categorized as “critical.” The company flagged all but one of the remaining issues as “high risk,” underscoring the importance of immediate patching. Notably, one of these security flaws is already being exploited in the wild, making it even more urgent to update your systems.
With 1,020 vulnerabilities patched throughout 2024, this year ranks as the second worst for Microsoft in terms of the sheer number of security issues, only surpassed by 2020, which saw 1,250 vulnerabilities. Microsoft provides limited information about these flaws through its Security Update Guide, but security expert Dustin Childs offers a clearer breakdown on the Trend Micro ZDI blog, aimed especially at IT admins managing corporate networks.
Windows Security Flaws Addressed
Of the 71 vulnerabilities fixed this month, a significant portion — 59 to be exact — affects various Windows versions (10, 11, and Server) still receiving security updates. While Windows 7 and 8.1 are no longer supported, older systems might still be vulnerable. If possible, it’s recommended to upgrade to Windows 10 22H2 or Windows 11 23H2 to continue receiving security updates. The newly available Windows 11 24H2 update, however, may still have issues, so you might want to wait before upgrading.
Security Flaws Under Attack
Microsoft has warned of active exploitation of one particular vulnerability, CVE-2024-49138, which is a buffer overflow issue in the driver of the shared protocol file system. This flaw allows attackers to elevate their privileges, gaining system access. If combined with a Remote Code Execution (RCE) vulnerability, attackers could gain complete control over the system, leading to major security threats, including ransomware attacks.
Other Critical Windows Vulnerabilities
Microsoft also identified 16 critical RCE vulnerabilities in Windows. Notably, nine of these are within the Remote Desktop service, and although no in-the-wild exploits have been reported, they should not be ignored. One particularly concerning vulnerability is CVE-2024-49112, affecting the Lightweight Directory Access Protocol (LDAP). This flaw could allow attackers to inject code without requiring a user login, gaining elevated privileges. To mitigate this, Microsoft recommends disconnecting vulnerable domain controllers from the internet.
Another critical RCE vulnerability, CVE-2024-49117, affects Hyper-V. If exploited, an attacker can break out of the guest system and execute code on the host system with just a simple user login.
Office Product Security Updates
In addition to the Windows-related patches, Microsoft has also addressed eight security vulnerabilities in its Office suite, including three RCE flaws. These include vulnerabilities in Excel, Access, and Outlook. The Outlook vulnerability (CVE-2024-49065) could allow an attacker to exploit the preview of file attachments, although it doesn’t grant access to user data, it can render the data unavailable.
