Security operations · 2 MIN READ · MATT JASTRAM · DEC 11, 2024 · TAGS: MDR
TL;DR
- December had less CVEs than we saw in November
- We’ve highlighted a few CVEs that you should focus on remediating ASAP
- Both CVEs can be resolved by updating your Microsoft tools based on their provided recommendations
‘Tis the season: Patch Tuesday Microsoft gifted 73 published CVEs
For December’s Patch Tuesday, our team took a look at the 73 CVEs released in December. CISA quickly added one CVE present under the tree by adding to their Known Exploited Vulnerability (KEV) database, with a three-week remediation timeline just in time for New Year’s Eve for federal agencies and companies with policies aligned with CISA.
To address risky vulnerabilities, Expel focuses 100% on CVEs with actual exploitation risk. Although we conduct a monthly review of Microsoft’s massive CVE list, we recognize only a small percentage will ever be leveraged by threat actors. Our goal is to ensure our customers’ remediation is focused, and significantly reduce their level of effort.
The one vulnerability added to the KEV today & others were our focus and provide a summary this month:
-
- Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability: If the Grinch wanted to gain system privileges to the host, they could leverage this privilege escalation vulnerability to sneak down the chimney and gain SYSTEM access to your unsuspecting hosts. Since the Grinch is already on the move, (CISA added yesterday) you’ll also want to patch the two other related CVEs: CVE-2024-49088 and CVE-2024-49090. Microsoft has only called out that ‘exploitation is more likely’ for these CVEs, but if you want to rest easy with your cozy fire and eggnog, then we recommend addressing exploit risk by patching ASAP.
- Microsoft Edge (Chromium-based) Spoofing Vulnerability: The Grinch also enjoys phishing unsuspecting clickers this time of year. Imagine a kindhearted citizen of Whoville clicking on a festive link, and then suddenly they’re browsing on a site that compromises their computer security. The Expel SOC continues to see web browsers without the latest updates become compromised by the Grinch, so take steps to remediate CVE-2024-49041 and CVE-2024-12053 by updating Chrome.
- Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability: Lightweight directory access protocol (LDAP) is a protocol that makes it possible for applications to query user information rapidly. If the Grinch was seeking remote code execution (RCE), he could specially craft a set of LDAP calls, and execute arbitrary code within the context of the LDAP service. We recommend quickly remediating this vulnerability, as it impacts 37 Windows versions.
In the spirit of the season, let’s end with a slightly modified classic carol:
Deck the halls with CVEs
Fa-la-la-la-la, la-la-la-la
‘Tis the season to patch risky vulnerabilities
Fa-la-la-la-la, la-la-la-la
Don we now our focused exploit risk remediation
Fa-la-la, la-la-la, la-la-la
Troll ancient hackers by removing risky vulnerabilities
Fa-la-la-la-la, la-la-la-la
Strike the completed patch and join the holiday chorus
Fa-la-la-la-la, la-la-la-la
Enjoy your holiday time knowing you’re secure
Fa-la-la-la-la, la-la-la-la
Happy Holidays from Expel!
That’s it for this month. If you have any questions about these specific vulnerabilities (or others on the Patch Tuesday list)—or if you’re interested in learning how Expel Vulnerability Prioritization can give you context for your own environment—get in touch.
