Skip to content
BLOG

Patch Tuesday December 2024

Brock Bingham candid headshot
Brock Bingham|December 11, 2024
PatchTuesday lightBlue
PatchTuesday lightBlue
Sections

It's December 2024, and time for another Patch Tuesday recap! I have a theory: The number of patches released in December reflects the collective behavior of sysadmins. If we've been "nice" — patching often and quickly resetting passwords — December’s updates are light. But if we've been "naughty" — restarting devices mid-workday and ignoring printer issues — December brings a flood of CVEs. Let’s see how we fared! 

  • Total exploits patched: 71 

  • Critical patches: 16 

  • Already known or exploited: 1 

Some highlights (or lowlights) 

  • CVE-2024-49112: Our highest rated CVE for the month is CVE-2024-49112. This critical vulnerability affects pretty much anyone with a domain controller. This vulnerability allows an attacker to gain remote code execution with some specially crafted LDAP calls. While this is an official fix, Microsoft also encourages you to not allow internet access to domain controllers and to deny inbound RPCs from untrusted networks. Good luck implementing those recommendations. 

  • CVE-2024-49117: Did you recently switch to Hyper-V because of VMware’s crazy price hike? If you did, lucky you! You’ve got some patching to do. CVE-2024-49117 is a remote code execution vulnerability impacting Windows Hyper-V. Successful exploitation of this CVE could give an attacker the ability to execute a cross-VM attack. The good news is that the attacker has be authenticated to initiate the exploit, but they don’t require elevated privileges. While the attack vector is listed as local, the attackers themselves don’t have to be local. Which, you know, makes sense since it’s a virtual machine. 

  • CVE-2024-49138: Our last highlight for the month is CVE-2024-49138. This elevation of privilege vulnerability affects the Windows Common Log File System driver and is going to impact pretty much all your Windows devices. What’s worse is that this vulnerability is already being exploited in the wild. So before you get all settled in for the holidays, maybe get this patch deployed first. 

Happy patching and happy holidays 

If my theory is accurate, it seems like we’ve been engaged in a little too much “full contact IT” this year. Regardless of the outcome, I wanted to give every IT professional out there a special treat. Enjoy this ChatGPT rendition of ‘Twas the Night Before Patch Tuesday

'Twas the night before Patch Tuesday, when all through IT,
Not a server was stirring, not even remotely.
The patches were queued in the update repository,
In hopes that deployment would soon make things worry-free.

The endpoints were nestled all snug in their nets,
While visions of bug fixes danced in their sets.
And sysadmins in hoodies, and I in my cap,
Had just settled down for a pre-patching nap.

When out in the log files there arose such a clatter,
I sprang from my desk to see what was the matter.
Away to the console I flew like a flash,
Scanned through the alerts, praying nothing would crash.

The glow of the monitor, so eerie and bright,
Gave the luster of updates to process that night.
When what to my wondering eyes should appear,
But a zero-day exploit, our worst patching fear.

With a little old vendor, so quick with their code,
I knew in a moment it must be the load.
More rapid than gigabytes, the fixes they came,
And they whistled and shouted and called them by name:

"Now Windows! Now Linux! Now iOS and Mac!
On Chrome and on Firefox, there's no looking back!
To the top of the stack! To the edge of the wall!
Deploy away! Deploy away! Deploy them all!"

As packets that before the wild firewall fly,
When they meet with an obstacle, route to the sky.
So up to the data center, updates they flew,
With servers full of patches — and reboot schedules too.

And then, in a twinkling, I heard on the LAN,
The pinging and syncing of each IT plan.
As I drew in my breath, and was spinning around,
Down came a backlog, oh, updates profound!

They were packaged and bundled, from kernel to core,
And they promised to patch what had plagued us before.
A heap of new drivers they flung on the heap,
And the changelog read, “Resolved issues deep.”

Their fixes — how thorough! Their notes, oh, how clear!
Their KB articles made the process less drear.
Each vulnerability patched, each gap made secure,
For another few weeks, we'd be safe, we were sure.

With a wink of the script and a twist of the key,
Our deployment was done, and oh, error-free!
And I sighed with relief as I shut down the log,
For Patch Tuesday had passed without clogging the bog.

But I heard them exclaim, ere they vanished from sight,
“Happy patching to all, and to all a secure night!”

Live more, patch less 

Automated patch management with PDQ Connect means less time in the office, and more time with family and friends.

Start a free trial

Loading...

Brock Bingham candid headshot
Brock Bingham

Born in the '80s and raised by his NES, Brock quickly fell in love with everything tech. With over 15 years of IT experience, Brock now enjoys the life of luxury as a renowned tech blogger and receiver of many Dundie Awards. In his free time, Brock enjoys adventuring with his wife, kids, and dogs, while dreaming of retirement.

Related articles

How MSPs manage tenants in Connect

How MSPs manage tenants in Connect

PRODUCT

Hero image illustration of PowerShell logo with rings.

How to search files for text strings with PowerShell

POWERSHELL

Orange PDQ Deploy logo on black background.

PDQ Deploy & Inventory introduce new dashboard

PRODUCT