Webinar Library
Welcome to my December Patch Tuesday newsletter. I can't believe it but it's our last Patch Tuesday newsletter of 2024. Today, Microsoft released 72 updates and 1 zero-day. In the past 30 day Microsoft released an additional 17 updates and 1 zero-day totaling 89 updates with two zero-days in the past month. The two zero-days are:
CVE-2024-49035 is an elevation of privilege rated critical with a CVSS score of 8.7/7.6. This update address a vulnerability in the MS Power Apps online version only. So there are no customer actions to take and since this was released on November 26th it is highly likely that the update has already been rolled out to affected users. CVE-2024-49138 is also an elevation of privilege but only rated important with a lower CVSS score of 7.8/6.8. MS reports that an attacker who successfully exploits this vulnerability could gain SYSTEM privileges. So this is one you want to get updated ASAP. Besides this it was a fairly slow month for updates. I would like to take a quick opportunity to thank you so much for your continued support over here at UltimateWindowsSecurity.com. It's a been a pleasure to be a valuable resource for all of you for yet another year. See you in 2025!
So, without further ado, here’s the chart of MS patches that affect Windows platforms in the past month.
Patch data provided by:
Technology
Products Affected
Severity
Reference
Workaround/ Exploited / Publicly Disclosed
Vulnerability Info
Windows
Windows 10, 11
Server 2008 SP2, 2008 R2 SP1, 2012, 2012 R2, 2016, 2019, 2022, 2025 including Server Core Installations App Client for Windows Desktop Remote Desktop Client for Windows Desktop
Critical
CVE-2024-49072 CVE-2024-49073 CVE-2024-49074 CVE-2024-49075 CVE-2024-49076 CVE-2024-49077 CVE-2024-49078 CVE-2024-49079 CVE-2024-49080 CVE-2024-49081 CVE-2024-49082 CVE-2024-49083 CVE-2024-49084 CVE-2024-49085 CVE-2024-49086 CVE-2024-49087 CVE-2024-49088 CVE-2024-49089 CVE-2024-49090 CVE-2024-49091 CVE-2024-49092 CVE-2024-49093 CVE-2024-49094 CVE-2024-49095 CVE-2024-49096 CVE-2024-49097 CVE-2024-49098 CVE-2024-49099 CVE-2024-49101 CVE-2024-49102 CVE-2024-49103 CVE-2024-49104 CVE-2024-49105 CVE-2024-49106 CVE-2024-49107 CVE-2024-49108 CVE-2024-49109 CVE-2024-49110 CVE-2024-49111 CVE-2024-49112 CVE-2024-49113 CVE-2024-49114 CVE-2024-49115 CVE-2024-49116 CVE-2024-49117 CVE-2024-49118 CVE-2024-49119 CVE-2024-49120 CVE-2024-49121 CVE-2024-49122 CVE-2024-49123 CVE-2024-49124 CVE-2024-49125 CVE-2024-49126 CVE-2024-49127 CVE-2024-49128 CVE-2024-49129 CVE-2024-49132 CVE-2024-49138*
Denial of Service
Elevation of Privilege
Information Disclosure
Remote Code Execution
Edge
Chromium-based
Important
CVE-2024-11110 CVE-2024-11111 CVE-2024-11112 CVE-2024-11113 CVE-2024-11114 CVE-2024-11115 CVE-2024-11116 CVE-2024-11117 CVE-2024-11395 CVE-2024-12053 CVE-2024-49025 CVE-2024-49041 CVE-2024-49054
Workaround: No Exploited: No Public: No
Information Disclosure Spoofing
Office
365 Apps for Enterprise Access/Excel/Project/Word 2016 Copilot Studio Office 2016, 2019 LTSC 2021, 2024 including for Mac Online Server
ADV240002 CVE-2024-43600 CVE-2024-49038 CVE-2024-49059 CVE-2024-49065 CVE-2024-49069 CVE-2024-49142
Defense in Depth Elevation of Privilege Remote Code Execution
SharePoint
Enterprise Server 2016 Server 2019 Server Subscription Edition
CVE-2024-49062 CVE-2024-49064 CVE-2024-49065 CVE-2024-49068 CVE-2024-49070
Elevation of Privilege Information Disclosure Remote Code Execution
Azure
Azure Functions MS Partner Center Azure Stack HCI 23H2
CVE-2024-49035 CVE-2024-49052 CVE-2024-49060
Workaround: No Exploited: Yes Public: No
Developer Tools
Microsoft/Muzic
CVE-2024-49063
System Center
Defender for EndPoint for Android SCOM 2019, 2022, 2025
CVE-2024-43594 CVE-2024-49057
Elevation of Privilege Spoofing
Dynamics
Sales for iOS Sales for Android
CVE-2024-49053
Spoofing