What’s New in Microsoft’s December 2024 Patch Tuesday Update

Today part of the December 2024 patch Tuesday, Microsoft released a bunch of security updates for its products and services, to resolve various vulnerabilities and bugs. December 2024 Patch Tuesday update, addressed 72 security vulnerabilities including Sixteen critical vulnerabilities, and one actively exploited zero-day vulnerability. It also addresses a series of other bugs related to performance and usability. These updates are important and install as soon as possible to protect your device from potential attacks and exploits. Let’s look at the highlights of the Microsoft Patch Tuesday update in December 2024 for Windows 11 and Windows 10.

What is Patch Tuesday Update?

Microsoft Patch Tuesday Update, the colloquial term for Microsoft’s Update Tuesday falls on the second Tuesday of every month, and brings security updates to fix vulnerabilities or recent bugs.

A vulnerability is a weakness or flaw in a software or hardware component that an attacker could exploit to gain unauthorized access, execute malicious code, or cause damage or disruption. A bug is an error or defect in a software or hardware component that could cause it to malfunction or behave unexpectedly.

A security update is a software patch that fixes or mitigates one or more vulnerabilities or bugs.

A security update can have different ratings depending on the severity and impact of the vulnerability or bug it addresses. Microsoft uses four ratings: critical, important, moderate, and low.

• The critical update fixes a vulnerability that could allow an attacker to take complete control of a system without user interaction.
• An Important update fixes a vulnerability that could compromise data or functionality but require user interaction or specific conditions.
• Moderate update fixes a vulnerability that is unlikely to be exploited, but could still have some impact.
• A Low update fixes a vulnerability that is very unlikely to be exploited and has minimal impact.

Microsoft Patch Tuesday update December 2024

The December 2024 Patch Tuesday includes 72 security updates, including Sixteen critical Remote Code Execution vulnerabilities (As it allows privilege elevation, spoofing, or remote code execution). The critical updates affect Windows, Internet Explorer, Edge, Office, SharePoint, Exchange, and Azure DevOps Server.

As per the release notes, the December 2024 Microsoft Patch Tuesday Update fixed 27 Elevation of Privilege security issues, 30 Remote Code Execution bugs, 7 Information Disclosure vulnerabilities, 5 Denial of Service Vulnerabilities, and 1 spoofing vulnerabilities.

Also, Microsoft discloses one actively exploited zero-day vulnerability patched in part of today’s Patch Tuesday updates.

Microsoft’s December 2024 Patch Tuesday, which includes security updates for a total of 72 flaws.

One zero-day vulnerabilities Patched

CVE-2024-49138 – Windows Common Log File System Driver Elevation of Privilege Vulnerability

A critical elevation of privilege vulnerability has been identified in the Windows Common Log File System (CLFS) driver. CLFS is a versatile logging service used by both user and kernel mode software for tasks such as data management, database systems, messaging, and transactional operations like Online Transactional Processing (OLTP).

Exploiting this vulnerability allows attackers to gain SYSTEM-level privileges, posing a significant security risk.

The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-49138 to its Known Exploited Vulnerabilities Catalog and strongly advises users to apply the necessary patches by December 31, 2024, to mitigate potential exploitation.

Sixteen Critical Severity Vulnerability Patched

Microsoft’s December Patch Tuesday also resolved several critical vulnerabilities across various Windows components. 

CVE-2024-49117: Windows Hyper-V Remote Code Execution Vulnerability

Hyper-V, Microsoft’s virtualization tool, allows users to run virtual machines on a single host. An attacker who is authenticated on a guest VM could exploit this vulnerability by sending malicious file operation requests to the VM’s hardware. This could enable a cross-VM attack, potentially compromising multiple virtual machines on the host, not just the initial target.

CVE-2024-49124: Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability

LDAP is a protocol used to access and manage directories over a network. This vulnerability allows an unauthenticated attacker to send specially crafted requests to a vulnerable server, exploiting a race condition. If successful, the attacker can execute malicious code with SYSTEM-level privileges, the highest level of access on the system.

CVE-2024-49126: Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability

LSASS is responsible for enforcing Windows security policies and handling authentication. By exploiting this vulnerability through a network call, an unauthenticated attacker could cause LSASS to execute arbitrary code remotely, potentially gaining control of the system.

CVE-2024-49122 & CVE-2024-49118: Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

MSMQ ensures reliable communication between computers by queuing messages. Attackers can exploit this flaw by sending malicious MSMQ packets to an MSMQ server. Successful exploitation allows attackers to execute code remotely on the server.

CVE-2024-49112 and CVE-2024-49127 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

Two additional LDAP-related vulnerabilities were patched. Both involve sending specially crafted requests to a vulnerable server. If successful, attackers can execute arbitrary code, compromising the SYSTEM account and gaining full control.

CVE-2024-49106, CVE-2024-49108, CVE-2024-49115, CVE-2024-49116, CVE-2024-49119, CVE-2024-49120, CVE-2024-49123, CVE-2024-49128, & CVE-2024-49132: Windows Remote Desktop Services Remote Code Execution Vulnerability

Multiple vulnerabilities affecting Remote Desktop Services (RDS) were addressed. RDS enables users to connect to remote computers. Attackers could exploit these by creating a race condition, leading to a “use-after-free” scenario. If successful, attackers can execute malicious code remotely by targeting systems running the Remote Desktop Gateway role.

These vulnerabilities have been classified as critical due to the potential for remote code execution and privilege escalation. It’s strongly recommended to apply the December updates immediately to protect systems from exploitation.

Update for Windows client versions

December 2024 (Patch Tuesday) Windows security updates are the following:

• KB5048667 (OS Build 26100.2605) for the latest Windows 11 version 24H2
• KB5048685 (OS Build 22621.4602 and 22631.4602) for the latest Windows 11 version 23H2/22H2
• KB5048652 (OS Builds 19045.5247) for the latest Windows 10 version 22H2/21H2
• KB5048661 (OS Build 17763.6659) for the latest Windows 10 version 1809

All these updates only include minor patches and security fixes, rather than any new features.

Note: Windows 11 was released with several new features and improvements as a free upgrade for eligible Windows 10 devices. Here is how to upgrade to Windows 11 for free.

Windows 11 KB5048667, KB5048685 and Windows 10 KB5048652 address security issues for your Windows operating system, including a simplified system tray, the ability to share content with an Android device from File Explorer and the desktop, and more.

Windows now offers “Personalized offers” in place of “Tailored Experiences” in OOBE, manageable in Settings > Privacy & Security. Taskbar updates include a shorter date/time display by default, with the option to revert in Settings > Date & Time. The notification bell icon may disappear in “Do not disturb” mode but can be adjusted in Settings > System > Notifications. A taskbar search box bug has been fixed.

Start menu jump lists for pinned apps, touchscreen gesture customization in Settings > Bluetooth & Devices > Touch, and improved IME toolbar behavior in full-screen mode for Chinese and Japanese typing have been added. File Explorer now supports file sharing with Android devices via Phone Link setup and includes fixes for layout issues.

Dynamic Lighting settings now have new customization options, and jump lists support administrator shortcuts with Shift + CTRL. Improved speech-to-text tools, display fixes, mouse pointer location feature, clipboard history visibility, new Narrator scan mode functions, and better Task Manager support for dark mode and text scaling are also included. Windows Search security enhancements and various bug fixes improve overall system performance.

Windows 10 KB5044273 advances to build 19045.5011 and addresses several issues: Win32 shortcuts now properly back up to the cloud, dragging and dropping files from cloud providers correctly copies instead of moves them, fix Windows activation issue after motherboard replacements, updated mobile operator profiles for better compatibility, and fixed responsiveness issues with IPP USB printers.

Download the Microsoft Security Update

To download and install the updates, users can use Windows Update, Microsoft Update Catalog, or other tools such as Windows Server Update Services (WSUS) or System Center Configuration Manager (SCCM).

Usually, security updates are automatically downloaded and installed via Windows update. Or you can force Windows update from settings, Windows update, and check for updates to download and install the latest patch updates immediately.

Microsoft has published download links for Windows update offline installers if you prefer manual installation over Windows Update.

• Windows 11 KB5048667 (Version 24H2) offline installer Direct Download Link 64-bit.
• Windows 11 KB5048685 (Version 23H2/22H2) offline installer Direct Download Link 64-bit.
• Windows 10 KB5048652 (For versions 22H2 and 21H1) Direct Download Links: 64-bit and 32-bit (x86).

Windows 10 KB5048661 (for version 1809) Offline Download links

• KB5048661 64-bit | Download (687.0 MB)
• KB5048661 32-bit | Download (371.3 MB)

If you are Looking for Windows 10 version 22H2 ISO image, click here.

Or Check How to Upgrade to Windows 11 version 24H2 Using the media creation tool.

If you face any difficulty while installing these updates, Check the Windows 11 Update troubleshooting guide to fix the Windows 11 update KB5048667 stuck downloading, failed to install with different errors, etc.

FAQ on Patch Tuesday update

What is Patch Tuesday?

• Patch Tuesday is the colloquial term for Microsoft’s Update Tuesday which falls on the second Tuesday of every month.

When is Patch Tuesday?

• Patch Tuesday falls on the second Tuesday of each month. The upcoming Patch Tuesday is on January 14, 2024.

What is patching and why is it important?

• Patches are nothing but pieces of software code that are written to fix a bug in a software application that might lead to a vulnerability.

What kind of patch updates are released during Patch Tuesday?

• Predominantly security patch updates of varying severity like Critical, Important, Moderate and low are labelled and released.

What are CVE IDs?

• CVE ID – Common Vulnerabilities and Exposure ID is a format in which each vulnerability is disclosed and catalogued in the National Vulnerability Database (NVD).

Also Read

• Complete Review of Microsoft Windows 10 Operating system
• Solved: Microsoft Edge not working after the Windows 10 update
• can’t connect securely to this page ie11 or edge Windows 10
• Windows 10 Stuck Preparing Automatic Repair? Here is how to fix
• Everything About IP (Internet Protocol) Address – Purpose to Benefits explained