Source URL: https://blog.talosintelligence.com/december-patch-tuesday-release/
Source: Cisco Talos Blog
Title: Microsoft Patch Tuesday for December 2024 contains four critical vulnerabilities
Feedly Summary: The Patch Tuesday for December of 2024 includes 72 vulnerabilities, including four that Microsoft marked as “critical.” The remaining vulnerabilities listed are classified as “important.”
AI Summary and Description: Yes
**Summary:** The December 2024 Patch Tuesday by Microsoft addresses 72 vulnerabilities, highlighting four critical ones with serious implications for Windows services, including LDAP and Hyper-V. While some vulnerabilities have high CVSS scores, Microsoft assesses their exploitation likelihood as “less likely.” Cisco Talos emphasizes the urgency of several important vulnerabilities that may be more susceptible to exploitation, and they release new detection rules for these threats.
**Detailed Description:**
The December 2024 Patch Tuesday from Microsoft has significant implications for security professionals, particularly in the domains of infrastructure and software security due to the various vulnerabilities disclosed.
– **Total Vulnerabilities**: 72 vulnerabilities in total, including:
– **4 Critical Vulnerabilities**: Marked especially high due to their potential impact on security.
– **Remaining**: Classified as “important.”
**Key Vulnerabilities:**
– **CVE-2024-49112**:
– **Severity**: CVSS score of 9.8.
– **Description**: Exploitable during LDAP calls; could allow arbitrary code execution.
– **Exploitation Likelihood**: “Less likely.”
– **CVE-2024-49124 and CVE-2024-49127**:
– **Details**: Allow unauthenticated attackers to exploit race conditions in LDAP servers.
– **Potential for exploit**: High complexity despite being critical.
– **CVE-2024-49126**:
– **Focus**: Remote code execution in LSASS with network call dependencies.
– **Attempt Requirements**: Requires winning a complex race condition.
– **CVE-2024-49105**:
– **Context**: Remote desktop client vulnerability.
– **Assessment**: Critical but deemed less likely to be exploited currently.
– **CVE-2024-49117**:
– **Specificity**: Remote code execution in Windows Hyper-V necessitating authenticated access.
Other vulnerabilities, such as **CVE-2024-49070** in Microsoft SharePoint and multiple vulnerabilities in Windows Common Log File System affecting elevation of privilege, were cited as particularly important and more likely to be exploited.
**Cisco Talos Actions**:
– Cisco Talos is releasing a new Snort rule set to guard against the exploitation of many noted vulnerabilities.
– Highlights the necessity for users to keep their Snort Subscriber Rule Sets updated to address the new vulnerabilities properly.
These vulnerabilities’ comprehensive nature, coupled with differing exploitation probabilities, underlines the continuous necessity for vigilance and prompt updates in security protocols for infrastructures reliant on Microsoft’s ecosystem. The response by Cisco also emphasizes proactive defense measures essential in modern security practice.