Yesterday’s Patch Tuesday marked the last major update of 2024 for Microsoft, which delivered vital security fixes addressing 71 vulnerabilities across various applications and services. Of these, 16 are considered “critical,” with the rest categorized as “high risk.” Most notably, Microsoft has confirmed that one of these vulnerabilities is already being exploited in the wild, making immediate patching essential for all users.
With 1,020 vulnerabilities patched in 2024, this year stands as the second worst for Microsoft in terms of overall security issues, trailing only behind 2020, which saw 1,250 vulnerabilities fixed. While Microsoft’s Security Update Guide provides minimal details, Trend Micro’s Dustin Childs offers a much more thorough breakdown of Patch Tuesday, tailored to IT administrators overseeing corporate networks.
Windows Vulnerabilities Addressed
A large number of this month’s security fixes — 59 in total — target various versions of Windows 10, 11, and Server. As Windows 7 and 8.1 are no longer supported, those using these outdated versions should consider upgrading to Windows 10 22H2 or Windows 11 23H2 to continue receiving critical security patches. It’s worth noting that the Windows 11 24H2 update, though available, still has some issues that might warrant delaying the upgrade.
Active Exploits in the Wild
Among the vulnerabilities patched this month, CVE-2024-49138 stands out as one that’s already being actively exploited. This critical buffer overflow flaw in the driver of the shared protocol file system allows attackers to gain elevated privileges. When combined with a Remote Code Execution (RCE) vulnerability, attackers can take full control of the system, leading to severe threats such as ransomware infections.
Additional Critical Windows Flaws
Microsoft also addressed 16 critical RCE vulnerabilities across various Windows services. The Remote Desktop service alone accounts for nine of these issues. Although there haven’t been any reported in-the-wild exploits, administrators should prioritize patching these vulnerabilities. One significant issue is CVE-2024-49112, which affects the Lightweight Directory Access Protocol (LDAP). This flaw could allow attackers to execute arbitrary code with elevated privileges without requiring user login. Microsoft advises disconnecting affected domain controllers from the internet as a precaution.
Additionally, CVE-2024-49117, an RCE vulnerability in Hyper-V, allows attackers to break out from a guest system and execute malicious code on the host system with a simple user login, making it another critical vulnerability to address.
Office Security Flaws Fixed
Microsoft also addressed eight security flaws within its Office products, three of which are RCE vulnerabilities. These include issues in Excel, Access, and Outlook. Notably, the Outlook vulnerability (CVE-2024-49065) allows attackers to exploit the file attachment preview feature, though it doesn’t compromise user data directly — it only impacts the availability of the data.