Zero Day Initiative | Blog
Follow
The December 2024 Security Update Review
In December 2024, Microsoft and Adobe released their final patches of the year, with Adobe addressing 167 CVEs in various products and Microsoft fixing 72 CVEs. Adobe's patches include fixes for critical code execution bugs in Experience Manager, Acrobat and Reader, and Media Encoder, among others. Microsoft's patches address vulnerabilities in Windows, Office, SharePoint Server, Hyper-V, Defender for Endpoint, and System Center Operations Manager. A notable bug in Microsoft's release is CVE-2024-49138, an elevation of privilege vulnerability in the Windows Common Log File System Driver that is publicly known and under active attack. Another critical bug is CVE-2024-49112, which allows remote, unauthenticated attackers to exploit affected Domain Controllers by sending a specially crafted set of LDAP calls.