Microsoft have released a security advisory on the 11th of December 2024 in line with their regular monthly patch schedule which includes a number of updates to address vulnerabilities in two (2) high risk and three (4) medium risk products.
These updates address vulnerabilities which may impact services through Denial of Service, Elevation of Privilege, Remote Code Execution, Information Disclosure and Spoofing.
For more information please see: Microsoft Security Update
This release consists of security updates for the following products, features and roles:
- GitHub
- Microsoft Defender for Endpoint
- Microsoft Edge (Chromium-based)
- Microsoft Office
- Microsoft Office Access
- Microsoft Office Excel
- Microsoft Office Publisher
- Microsoft Office SharePoint
- Microsoft Office Word
- Remote Desktop Client
- Role: DNS Server
- Role: Windows Hyper-V
- System Center Operations Manager
- Windows Cloud Files Mini Filter Driver
- Windows Common Log File System Driver
- Windows File Explorer
- Windows IP Routing Management Snapin
- Windows Kernel
- Windows Kernel-Mode Drivers
- Windows LDAP - Lightweight Directory Access Protocol
- Windows Local Security Authority Subsystem Service (LSASS)
- Windows Message Queuing
- Windows Mobile Broadband
- Windows PrintWorkflowUserSvc
- Windows Remote Desktop
- Windows Remote Desktop Services
- Windows Resilient File System (ReFS)
- Windows Routing and Remote Access Service (RRAS)
- Windows Task Scheduler
- Windows Virtualization-Based Security (VBS) Enclave
- Windows Wireless Wide Area Network Service
- WmsRepair Service
CVE-2024-49138 is being exploited in the wild and an attacker who successfully exploits this vulnerability could gain SYSTEM privileges.
Please contact the Matsco Solutions team on the below if you would like any further information or would like to schedule a maintenance.
support@matscosolutions.com
Beijing +86 400 120 2782
Hong Kong +852 8101 8418
London +44 (0)20 7821 4950
New York +1 866 446 9226
Singapore +65 6100 1090
Share this Post