December Microsoft Patch Tuesday. 89 CVEs, of which 18 were added since November MSPT. 1 vulnerability with signs of exploitation in the wild:
π» EoP - Windows Common Log File System Driver (CVE-2024-49138). There are no details about this vulnerability yet.
Strictly speaking, there was another vulnerability that was exploited in the wild: EoP - Microsoft Partner Network (CVE-2024-49035). But this is an already fixed vulnerability in the Microsoft website and I'm not even sure that it was worth creating a CVE. π€
For the remaining vulnerabilities, there are no signs of exploitation in the wild, nor exploits (even private ones).
I can highlight:
πΉ RCE - Windows LDAP (CVE-2024-49112, CVE-2024-49127)
πΉ RCE - Windows LSASS (CVE-2024-49126)
πΉ RCE - Windows Remote Desktop Services (CVE-2024-49106 ΠΈ Π΅ΡΡ 8 CVE)
πΉ RCE - Microsoft MSMQ (CVE-2024-49122, CVE-2024-49118)
πΉ RCE - Microsoft SharePoint (CVE-2024-49070)
π Full Vulristics report
ΠΠ° ΡΡΡΡΠΊΠΎΠΌ
@avleonovcom #Vulristics #PatchTuesday #Microsoft #Windows
π» EoP - Windows Common Log File System Driver (CVE-2024-49138). There are no details about this vulnerability yet.
Strictly speaking, there was another vulnerability that was exploited in the wild: EoP - Microsoft Partner Network (CVE-2024-49035). But this is an already fixed vulnerability in the Microsoft website and I'm not even sure that it was worth creating a CVE. π€
For the remaining vulnerabilities, there are no signs of exploitation in the wild, nor exploits (even private ones).
I can highlight:
πΉ RCE - Windows LDAP (CVE-2024-49112, CVE-2024-49127)
πΉ RCE - Windows LSASS (CVE-2024-49126)
πΉ RCE - Windows Remote Desktop Services (CVE-2024-49106 ΠΈ Π΅ΡΡ 8 CVE)
πΉ RCE - Microsoft MSMQ (CVE-2024-49122, CVE-2024-49118)
πΉ RCE - Microsoft SharePoint (CVE-2024-49070)
π Full Vulristics report
ΠΠ° ΡΡΡΡΠΊΠΎΠΌ
@avleonovcom #Vulristics #PatchTuesday #Microsoft #Windows