Microsoft released its December Patch Tuesday, addressing 73 vulnerabilities, including 16 critical and 54 important severity vulnerabilities.
Microsoft has fixed several flaws in multiple software, including Spoofing, Denial of Service (DoS), Elevation of Privilege (EoP), Information Disclosure, and Remote Code Execution (RCE).
One of the vulnerabilities patched includes a zero-day vulnerability that was known to be exploited in the wild.
The vulnerabilities Microsoft has addressed this month affects products such as Windows Hyper-V, Windows Cloud Files Mini Filter Driver, Windows Remote Desktop, Windows Message Queuing, and more.
Several critical severity vulnerabilities have been patched, among which, CVE-2024-49117, CVE-2024-49124, CVE-2024-49126, CVE-2024-49122 & CVE-2024-49118, CVE-2024-49112, CVE-2024-49127, and CVE-2024-49106, CVE-2024-49108, CVE-2024-49115, CVE-2024-49116, CVE-2024-49119, CVE-2024-49120, CVE-2024-49123.
Microsoft has addressed two vulnerabilities in Microsoft Edge (Chromium-based) in this month’s updates.
Microsoft SharePoint has a remote code execution vulnerability (CVE-2024-49070), and the Windows Resilient File System (ReFS) has an elevation of privilege vulnerability (CVE-2024-49093).
Qualys Policy Compliance provides out-of-the-box mitigation or compensatory controls that can reduce the risk of a vulnerability being exploited because the remediation (fix/Patch) cannot be done now.
The next Patch Tuesday falls on January 14th.
The Qualys Research team hosts a monthly webinar series to help our existing customers leverage the seamless integration between Qualys Vulnerability Management Detection Response (VMDR) and Qualys Patch Management.