CVEs have been published or revised in the Security Update Guide December 6, 2024 These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide: CVE-2024-12053 · Title: Chromium: CVE-2024-12053 Type Confusion in V8 · Version: 1.0 · Reason for revision: Information published. · Originally released: December 6, 2024 · Last updated: December 6, 2024 · Aggregate CVE severity rating: · Customer action required: Yes CVE-2024-49041 · Title: Microsoft Edge (Chromium-based) Spoofing Vulnerability · Version: 1.0 · Reason for revision: Information published. · Originally released: December 5, 2024 · Last updated: December 5, 2024 · Aggregate CVE severity rating: Moderate · Customer action required: Yes https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnote-stable-channel
CVEs have been published or revised in the Security Update Guide December 12, 2024 These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide: CVE-2023-36435 · Title: Microsoft QUIC Denial of Service Vulnerability · Version: 3.0 · Reason for revision: To comprehensively address CVE-2023-36435, Microsoft has released security updates on October 24, 2023 for .NET 7.0. Microsoft recommends that customers running .NET install the updates to be fully protected from the vulnerability. · Originally released: October 10, 2023 · Last updated: December 10, 2024 · Aggregate CVE severity rating: Important · Customer action required: Yes CVE-2023-38171 · Title: Microsoft QUIC Denial of Service Vulnerability · Version: 3.0 · Reason for revision: To comprehensively address CVE-2023-38171, Microsoft released security updates on October 24, 2023 for all affected versions of .NET and Microsoft Visual Studio. Microsoft recommends that customers running any of these products install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action. · Originally released: October 10, 2023 · Last updated: December 10, 2024 · Aggregate CVE severity rating: Important · Customer action required: Yes CVE-2023-44487 · Title: MITRE: CVE-2023-44487 HTTP/2 Rapid Reset Attack · Version: 2.0 · Reason for revision: To comprehensively address CVE-2023-44487, Microsoft released security updates on October 24, 2023 for all affected versions of .NET and Microsoft Visual Studio. Microsoft recommends that customers running any of these products install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action. · Originally released: October 10, 2023 · Last updated: December 10, 2024 · Aggregate CVE severity rating: Important · Customer action required: Yes CVE-2024-38033 · Title: PowerShell Elevation of Privilege Vulnerability · Version: 2.0 · Reason for revision: To comprehensively address CVE-2024-38033, Microsoft released security updates on December 10, 2024 for all affected versions of Windows Server 2012 and Windows Server 2012 R2. Microsoft recommends that customers running any of these products install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action. · Originally released: July 9, 2024 · Last updated: December 10, 2024 · Aggregate CVE severity rating: Important · Customer action required: Yes CVE-2024-49112 · Title: Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability · Version: 1.1 · Reason for revision: Added FAQ information. This is an informational change only. · Originally released: December 10, 2024 · Last updated: December 11, 2024 · Aggregate CVE severity rating: Critical · Customer action required: Yes CVE-2024-49112 · Title: Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability · Version: 1.2 · Reason for revision: Added FAQ to provide further vulnerability details. This is an informational change only. · Originally released: December 10, 2024 · Last updated: December 11, 2024 · Aggregate CVE severity rating: Critical · Customer action required: Yes
CVEs have been published or revised in the Security Update Guide December 12, 2024 These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide: CVE-2024-12381 · Title: Chromium: CVE-2024-12381 Type Confusion in V8 · Version: 1.0 · Reason for revision: Information published. · Originally released: December 12, 2024 · Last updated: December 12, 2024 · Aggregate CVE severity rating: · Customer action required: Yes CVE-2024-12382 · Title: Chromium: CVE-2024-12382 Use after free in Translate · Version: 1.0 · Reason for revision: Information published. · Originally released: December 12, 2024 · Last updated: December 12, 2024 · Aggregate CVE severity rating: Customer action required: Yes
CVEs have been published or revised in the Security Update Guide December 13, 2024 These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide: CVE-2024-43451 · Title: NTLM Hash Disclosure Spoofing Vulnerability · Version: 2.0 · Reason for revision: In the Security Update table, removed Windows Server 2012 and Windows Server 2012 (Server Core installation) as these Server versions are not affected by this vulnerability. This is an informational change only · Originally released: November 12, 2024 · Last updated: December 12, 2024 · Aggregate CVE severity rating: Important · Customer action required: Yes CVE-2024-49035 · Title: Partner.Microsoft.Com Elevation of Privilege Vulnerability · Version: 1.0 · Reason for revision: Information published. · Originally released: November 26, 2024 · Last updated: November 26, 2024 · Aggregate CVE severity rating: Critical · Customer action required: No CVE-2024-49038 · Title: Microsoft Copilot Studio Elevation Of Privilege Vulnerability · Version: 1.0 · Reason for revision: Information published. · Originally released: November 26, 2024 · Last updated: November 26, 2024 · Aggregate CVE severity rating: Critical · Customer action required: No CVE-2024-49052 · Title: Microsoft Azure PolicyWatch Elevation of Privilege Vulnerability · Version: 1.0 · Reason for revision: Information published. · Originally released: November 26, 2024 · Last updated: November 26, 2024 · Aggregate CVE severity rating: Critical · Customer action required: No CVE-2024-49053 · Title: Microsoft Dynamics 365 Sales Spoofing Vulnerability · Version: 1.0 · Reason for revision: Information published. · Originally released: November 26, 2024 · Last updated: November 26, 2024 · Aggregate CVE severity rating: Important · Customer action required: Yes
CVEs have been published or revised in the Security Update Guide December 23, 2024 These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide: CVE-2024-12692 · Title: Chromium: CVE-2024-12692 Type Confusion in V8 · Version: 1.0 · Reason for revision: Information published. · Originally released: December 19, 2024 · Last updated: December 19, 2024 · Aggregate CVE severity rating: · Customer action required: Yes CVE-2024-12693 · Title: Chromium: CVE-2024-12693 Out of bounds memory access in V8 · Version: 1.0 · Reason for revision: Information published. · Originally released: December 19, 2024 · Last updated: December 19, 2024 · Aggregate CVE severity rating: · Customer action required: Yes CVE-2024-12694 · Title: Chromium: CVE-2024-12694 Use after free in Compositing · Version: 1.0 · Reason for revision: Information published. · Originally released: December 19, 2024 · Last updated: December 19, 2024 · Aggregate CVE severity rating: · Customer action required: Yes CVE-2024-12695 · Title: Chromium: CVE-2024-12695 Out of bounds write in V8 · Version: 1.0 · Reason for revision: Information published. · Originally released: December 19, 2024 · Last updated: December 19, 2024 · Aggregate CVE severity rating: · Customer action required: Yes CVE-2024-43594 · Title: Microsoft System Center Elevation of Privilege Vulnerability · Version: 2.0 · Reason for revision: Revised the Security Updates table to specify Microsoft System Center is affected by CVE-2024-43594. Customers running affected versions of Microsoft System Center must delete the existing installer setup files (.exe) and then download the latest version of their Microsoft System Center product to mitigate the vulnerability. · Originally released: December 10, 2024 · Last updated: December 19, 2024 · Aggregate CVE severity rating: Important · Customer action required: Yes CVE-2024-43600 · Title: Microsoft Office Elevation of Privilege Vulnerability · Version: 2.0 · Reason for revision: In the Security Updates Table, removed KB2920716 from the Office 2016 for 32-bit version as this update does not apply to this version. · Originally released: December 10, 2024 · Last updated: December 23, 2024 · Aggregate CVE severity rating: Important · Customer action required: Yes
CVEs have been published or revised in the Security Update Guide December 31, 2024 These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide: CVE-2024-49051 · Title: Microsoft PC Manager Elevation of Privilege Vulnerability · Version: 2.0 · Reason for revision: To comprehensively address CVE-2024-49051, Microsoft released security updates on December 10, 2024 for Microsoft PC Manager. Microsoft recommends that customers running this product install the updates to be fully protected from the vulnerability. · Originally released: November 12, 2024 · Last updated: December 31, 2024 · Aggregate CVE severity rating: Important Customer action required: Yes
