I’M UNDER A CYBER ATTACK

Alert

December 2024 Security Updates

Alert 2024-21 Multiple critical vulnerabilities in Windows

Product(s) affected:

  • Multiples products Microsoft products

Description

his month, Microsoft released a patch that fixes 90 new vulnerabilities affecting various products, including Windows and its components, Office and Office Components, .NET and Visual Studio, Azure, Co-Pilot, Microsoft Dynamics, Teams and Secure Boot.

Of the published updates, seven are classified as critical, 79 as important and one as moderate in severity, some of them with active exploitation.

You can consult the complete list of CVEs published by Microsoft at the following link: https://msrc.microsoft.com/update-guide/releaseNote/2024-Aug. ).

Some of the most relevant vulnerabilities are highlighted below:

  • CVE-2024-38063Remote code execution on Windows TCP/IP.

This is a critical RCE vulnerability with a CVSSv3 score of 9.8, classified as “Most Likely Exploit”. An attacker could exploit it remotely by sending specially crafted IPv6 packets to a host.

  • CVE-2024-38140Remote code execution in Windows Reliable Multicast Transport Driver (RMCAST).

Another critical RCE vulnerability, with a CVSSv3 score of 9.8. An unauthenticated attacker could exploit it by sending crafted packets to a Windows Pragmatic General Multicast (PGM) socket, without requiring user interaction.

Download PDF

WE’RE HERE TO HELP

Are you under a cyber attack?

Report it here

get the latest alerts in your inbox

Subscribe to our newsletter

We are a a group of highly trained professionals based in R&D with advanced technical knowledge and experience in the detection, analysis, containment, and recovery of security incidents.

We are a CSIRT, we are Cybolt.

I’M UNDER A CYBER ATTACK

Explore

Services

Stay updated

© 2024. Beacon Lab CSIRT, Privacy Policy

This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.