Microsoft has acknowledged three zero-day vulnerabilities affecting its Windows operating system, including privilege escalation and remote code execution (RCE) vulnerabilities in the Common Log File System (CLFS) driver, Lightweight Directory Access Protocol (LDAP) Client, and Hyper-V. These vulnerabilities have been privately reported to Microsoft by CrowdStrike Counter Adversary Operations and have been patched.
The most severe vulnerability, CVE-2024-49138, is a privilege escalation vulnerability with a CVSS score of 7.8. Another critical RCE vulnerability, CVE-2024-49112, affects the Windows LDAP Client and has a CVSS score of 9.8. This vulnerability could allow an unprivileged attacker to run arbitrary code on an Active Directory Server.
Three other critical vulnerabilities have been identified in Microsoft Message Queuing (MSMQ) with a CVSS score of 8.1 each. Additionally, a critical RCE vulnerability, CVE-2024-49117, affects Windows Hyper-V and has a CVSS score of 8.8.
Microsoft is recommending that users patch these vulnerabilities quickly to mitigate the risks. In some cases, mitigating measures can be taken until patches become available.
It’s worth noting that not all relevant vulnerabilities have been patched yet, and organizations should develop a response plan for how to defend their environments when no patching protocol exists. Regular review of your patching strategy is still essential, but it’s also crucial to look at your organization’s overall cybersecurity posture and improve it accordingly.
Source: https://www.crowdstrike.com/en-us/blog/patch-tuesday-analysis-december-2024