Security News Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws

Gandalf_The_Grey

Gandalf_The_Grey

Level 84
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,415
Content source
https://www.bleepingcomputer.com/news/microsoft/microsoft-december-2024-patch-tuesday-fixes-1-exploited-zero-day-71-flaws/
Today is Microsoft's December 2024 Patch Tuesday, which includes security updates for 71 flaws, including one actively exploited zero-day vulnerability.

This Patch Tuesday fixed sixteen critical vulnerabilities, all of which are remote code execution flaws.

The number of bugs in each vulnerability category is listed below:
  • 27 Elevation of Privilege Vulnerabilities
  • 30 Remote Code Execution Vulnerabilities
  • 7 Information Disclosure Vulnerabilities
  • 5 Denial of Service Vulnerabilities
  • 1 Spoofing Vulnerabilities
This count does not include two Edge flaws that were previously fixed on December 5 and 6th.

To learn more about the non-security updates released today, you can review our dedicated articles on the Windows 11 KB5048667 & KB5048685 cumulative updates and the Windows 10 KB5048652 cumulative update.
Click to expand...
www.bleepingcomputer.com

Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws

Today is Microsoft's December 2024 Patch Tuesday, which includes security updates for 71 flaws, including one actively exploited zero-day vulnerability.
www.bleepingcomputer.com www.bleepingcomputer.com
 
Last edited:
  • Like
  • +Reputation
Reactions: Neno, silversurfer and harlan4096
Gandalf_The_Grey

Gandalf_The_Grey

Level 84
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,415
ZDI: The December 20024 Security Update Review
We have made it to the end of the year and the final Patch Tuesday of 2024. As expected, Microsoft and Adobe have released what (hopefully) will be their last patches of the year. Take a break from your holiday preparations and join us as we review the details of their latest security alerts. If you’d rather watch the full video recap covering the entire release, you can check out the Patch Report webcast on our YouTube channel. It should be posted within a couple of hours after the release.
Click to expand...
Adobe Patches for December 2024

For December, Adobe released a monstrous 16 patches addressing a whopping 167 CVEs in Adobe Experience Manager, Acrobat and Reader, Media Encoder, Illustrator, After Effects, Animate, InDesign, Adobe PDFL Software Development Kit (SDK), Connect, Substance 3D Sampler, Photoshop, Substance 3D Modeler, Bridge, Premiere Pro, Substance 3D Painter, and FrameMaker. The largest of these by far is the patch for Experience Manager with 91 CVEs. However, most of these are simple cross-site scripting (XSS) bugs, but there is one critical code execution bug thrown in for good measure. The update for Connect is also large with 22 CVEs fixed, and again, most of these are XSS. The patch for Acrobat also contains a couple of code execution bugs. The Animate fixes may be the most severe, as they address 13 Critical-rated code execution bugs.

The fixes for InDesign and Substance 3D Modeler both address nine different bugs. The Media Encoder patch corrects four bugs. The Substance 3D Sampler update fixes three. The Illustrator and Substance 3D Painter fixes each address two bugs. In all of these, the worst of the bugs could allow code execution, usually by opening a specially crafted file. The remaining patches each address only a single CVE.

None of the bugs fixed by Adobe this month are listed as publicly known or under active attack at the time of release. Adobe categorizes these updates as a deployment priority rating of 3.
Click to expand...
Microsoft Patches for December 2024

This month, Microsoft released 71 new CVEs in Windows and Windows Components, Office and Office Components, SharePoint Server, Hyper-V, Defender for Endpoint, and System Center Operations Manager. Two of these bugs came through the ZDI program. With the addition of the third-party CVEs, the entire release tops out at 72 CVEs.

Of the patches released today, 16 are rated Critical, 54 are rated Important, and one is rated Moderate in severity. This is the largest number of CVEs addressed in December since at least 2017, putting the total number of CVEs from the Redmond giant at 1,020 for 2024. That’s second only to 2020’s total of 1,250 fixes. It will be intriguing to see what 2025 brings, especially as Microsoft ramps up its Secure Focus Initiative.

One of these bugs is listed as publicly known and under active attack at the time of release.
Click to expand...
Looking Ahead

The first Patch Tuesday of 2025 will be on January 14. I’ll be in Tokyo for Pwn2Own Automotive, but I’ll still ensure I complete my patch analysis while on the road. Until then, merry christmahanakwanzika, stay safe, happy patching, and may all your reboots be smooth and clean!
Click to expand...
www.zerodayinitiative.com

Zero Day Initiative — The December 2024 Security Update Review

We have made it to the end of the year and the final Patch Tuesday of 2024. As expected, Microsoft and Adobe have released what (hopefully) will be their last patches of the year. Take a break from your holiday preparations and join us as we review the details of their latest security alerts. If you
www.zerodayinitiative.com www.zerodayinitiative.com
 
  • Hundred Points
  • Like
Reactions: silversurfer and harlan4096
Gandalf_The_Grey

Gandalf_The_Grey

Level 84
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,415
Ghacks: Microsoft releases the December 2024 security updates for Windows
You may download the following Excel spreadsheet to get a list of released updates. Click on the following link to download the archive to the local device: Windows Security Updates December 2024

Executive Summary
  • Microsoft released a total of 72 security updates for various Microsoft products and 1 security update for non-Microsoft issues (e.g. Chromium).
  • Windows clients with issues are:
    • Windows 11 version 22H2, 23H2, and 24H2
  • Windows Server clients with issues:
    • Windows Server 2008
    • Windows Server 2025
  • Windows 11, version 22H2, Home and Pro, have reached end of support. Microsoft will force upgrade devices to newer Windows versions.
Click to expand...
www.ghacks.net

Microsoft releases the December 2024 security updates for Windows - gHacks Tech News

Microsoft has released security updates for Windows on the December 2024 Patch Day. Our guide puts information about the updates right in your hands.
www.ghacks.net www.ghacks.net
 
  • Like
Reactions: Andy Ful, silversurfer, oldschool and 1 other person

Similar threads

Gandalf_The_Grey
    • Like
    • +Reputation
Security News Microsoft September 2024 Patch Tuesday fixes 4 zero-days, 79 flaws
Replies
2
Views
1,452
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Like
    • +Reputation
Security News Microsoft August 2024 Patch Tuesday fixes 9 zero-days, 6 exploited
Replies
3
Views
2,219
Security News
Brahman
Brahman
Gandalf_The_Grey
    • Like
    • +Reputation
    • Applause
Security News Microsoft July 2024 Patch Tuesday fixes 142 flaws, 4 zero-days
Replies
2
Views
3,164
Security News
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top