Microsoft's December 2024 Patch Tuesday updates addressed 72 vulnerabilities.
Published: Dec 11, 2024
Key Takeaways:
Microsoft has released the December 2024 Patch Tuesday Updates for all supported versions of Windows 11 and Windows 10. This month, the company rolled out 72 patches to address several vulnerabilities in Windows, SharePoint Server, Hyper-V, Defender for Endpoint, and System Center Operations Manager, and other components.
Microsoft addressed more vulnerabilities in December 2024 than in any December since 2017. On the quality and experiences update front, the company has rolled out several improvements for Windows 11 versions 23H2 and 22H2 and Windows 10.
In December, Microsoft fixed a total of 72 vulnerabilities, 16 of which were deemed “Critical.” Additionally, there are 54 security flaws rated as “Important” and one is rated “Moderate” in terms of severity. Here’s a list of the most notable vulnerabilities Microsoft addressed in December:
You can find the full list of CVEs addressed in the December 2024 Patch Tuesday Updates below:
Product | Platform | Max Severity | Article | Details |
Windows App Client for Windows Desktop | Critical | Release Notes | CVE-2024-49105 | |
Windows Server 2012 R2 (Server Core installation) | Critical | 5048735 | CVE-2024-49105 | |
Windows Server 2012 R2 | Critical | 5048735 | CVE-2024-49105 | |
Windows Server 2012 (Server Core installation) | Critical | 5048699 | CVE-2024-49105 | |
Windows Server 2012 | Critical | 5048699 | CVE-2024-49105 | |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | Critical | 5048695 | CVE-2024-49105 | |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | Critical | 5048676 | CVE-2024-49105 | |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | Critical | 5048695 | CVE-2024-49105 | |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | Critical | 5048676 | CVE-2024-49105 | |
Windows Server 2016 (Server Core installation) | Critical | 5048671 | CVE-2024-49105 | |
Windows Server 2016 | Critical | 5048671 | CVE-2024-49105 | |
Windows 10 Version 1607 for x64-based Systems | Critical | 5048671 | CVE-2024-49105 | |
Windows 10 Version 1607 for 32-bit Systems | Critical | 5048671 | CVE-2024-49105 | |
Windows 10 for x64-based Systems | Critical | 5048703 | CVE-2024-49105 | |
Windows 10 for 32-bit Systems | Critical | 5048703 | CVE-2024-49105 | |
Windows Server 2025 | Critical | 5048667 | CVE-2024-49105 | |
Windows Server 2025 | Critical | 5048794 | CVE-2024-49105 | |
Windows 11 Version 24H2 for x64-based Systems | Critical | 5048667 | CVE-2024-49105 | |
Windows 11 Version 24H2 for x64-based Systems | Critical | 5048794 | CVE-2024-49105 | |
Windows 11 Version 24H2 for ARM64-based Systems | Critical | 5048667 | CVE-2024-49105 | |
Windows 11 Version 24H2 for ARM64-based Systems | Critical | 5048794 | CVE-2024-49105 | |
Windows Server 2022, 23H2 Edition (Server Core installation) | Critical | 5048653 | CVE-2024-49105 | |
Windows 11 Version 23H2 for x64-based Systems | Critical | 5048685 | CVE-2024-49105 | |
Windows 11 Version 23H2 for ARM64-based Systems | Critical | 5048685 | CVE-2024-49105 | |
Windows Server 2025 (Server Core installation) | Critical | 5048667 | CVE-2024-49105 | |
Windows Server 2025 (Server Core installation) | Critical | 5048794 | CVE-2024-49105 | |
Windows 10 Version 22H2 for 32-bit Systems | Critical | 5048652 | CVE-2024-49105 | |
Windows 10 Version 22H2 for ARM64-based Systems | Critical | 5048652 | CVE-2024-49105 | |
Windows 10 Version 22H2 for x64-based Systems | Critical | 5048652 | CVE-2024-49105 | |
Windows 11 Version 22H2 for x64-based Systems | Critical | 5048685 | CVE-2024-49105 | |
Windows 11 Version 22H2 for ARM64-based Systems | Critical | 5048685 | CVE-2024-49105 | |
Windows 10 Version 21H2 for x64-based Systems | Critical | 5048652 | CVE-2024-49105 | |
Windows 10 Version 21H2 for ARM64-based Systems | Critical | 5048652 | CVE-2024-49105 | |
Windows 10 Version 21H2 for 32-bit Systems | Critical | 5048652 | CVE-2024-49105 | |
Windows Server 2022 (Server Core installation) | Critical | 5048654 | CVE-2024-49105 | |
Windows Server 2022 (Server Core installation) | Critical | 5048800 | CVE-2024-49105 | |
Windows Server 2022 | Critical | 5048654 | CVE-2024-49105 | |
Windows Server 2022 | Critical | 5048800 | CVE-2024-49105 | |
Remote Desktop client for Windows Desktop | Critical | Release Notes | CVE-2024-49105 | |
Windows Server 2019 (Server Core installation) | Critical | 5048661 | CVE-2024-49105 | |
Windows Server 2019 | Critical | 5048661 | CVE-2024-49105 | |
Windows 10 Version 1809 for x64-based Systems | Critical | 5048661 | CVE-2024-49105 | |
Windows 10 Version 1809 for 32-bit Systems | Critical | 5048661 | CVE-2024-49105 | |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | Important | 5048710 | CVE-2024-49088 | |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | Important | 5048744 | CVE-2024-49088 | |
Microsoft Office 2016 (32-bit edition) | Important | 5002661 | CVE-2024-43600 | |
Microsoft Office 2016 (32-bit edition) | Important | 2920716 | CVE-2024-43600 | |
Microsoft Office 2016 (32-bit edition) | Important | 4475587 | CVE-2024-43600 | |
Microsoft Project 2016 (64-bit edition) | Moderate | 5002652 | ADV240002 | |
Microsoft Project 2016 (32-bit edition) | Moderate | 5002652 | ADV240002 | |
Microsoft Access 2016 (64-bit edition) | Important | 5002641 | CVE-2024-49142 | |
Microsoft Access 2016 (32-bit edition) | Important | 5002641 | CVE-2024-49142 | |
Microsoft Office LTSC 2024 for 64-bit editions | Important | Click to Run | CVE-2024-49142 | |
Microsoft Office LTSC 2024 for 32-bit editions | Important | Click to Run | CVE-2024-49142 | |
Windows Server 2008 for x64-based Systems Service Pack 2 | Important | 5048710 | CVE-2024-49121 | |
Windows Server 2008 for x64-based Systems Service Pack 2 | Important | 5048744 | CVE-2024-49121 | |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | Important | 5048710 | CVE-2024-49138 | |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | Important | 5048744 | CVE-2024-49138 | |
Windows Server 2008 for 32-bit Systems Service Pack 2 | Important | 5048710 | CVE-2024-49138 | |
Windows Server 2008 for 32-bit Systems Service Pack 2 | Important | 5048744 | CVE-2024-49138 | |
Microsoft Word 2016 (64-bit edition) | Important | 5002661 | CVE-2024-49065 | |
Microsoft Word 2016 (32-bit edition) | Important | 5002661 | CVE-2024-49065 | |
Microsoft Office LTSC for Mac 2024 | Important | Release Notes | CVE-2024-49065 | |
Microsoft Office LTSC 2021 for 32-bit editions | Important | Click to Run | CVE-2024-49065 | |
Microsoft Office LTSC 2021 for 64-bit editions | Important | Click to Run | CVE-2024-49065 | |
Microsoft Office LTSC for Mac 2021 | Important | Release Notes | CVE-2024-49065 | |
Microsoft 365 Apps for Enterprise for 64-bit Systems | Important | Click to Run | CVE-2024-49065 | |
Microsoft 365 Apps for Enterprise for 32-bit Systems | Important | Click to Run | CVE-2024-49065 | |
Microsoft Office 2019 for 64-bit editions | Important | Click to Run | CVE-2024-49065 | |
Microsoft Office 2019 for 32-bit editions | Important | Click to Run | CVE-2024-49065 | |
Microsoft SharePoint Server 2019 | Important | 5002657 | CVE-2024-49065 | |
Microsoft SharePoint Enterprise Server 2016 | Important | 5002659 | CVE-2024-49065 | |
Microsoft/Muzic | Important | Release Notes | CVE-2024-49063 | |
Microsoft SharePoint Server Subscription Edition | Important | 5002658 | CVE-2024-49062 | |
Microsoft SharePoint Server 2019 | Important | 5002664 | CVE-2024-49062 | |
Microsoft SharePoint Enterprise Server 2016 | Important | 5002544 | CVE-2024-49062 | |
Microsoft Office 2016 (64-bit edition) | Important | 5002661 | CVE-2024-43600 | |
Microsoft Office 2016 (64-bit edition) | Important | 2920716 | CVE-2024-43600 | |
Microsoft Office 2016 (64-bit edition) | Important | 4475587 | CVE-2024-43600 | |
Microsoft Excel 2016 (64-bit edition) | Important | 5002660 | CVE-2024-49069 | |
Microsoft Excel 2016 (32-bit edition) | Important | 5002660 | CVE-2024-49069 | |
Microsoft Defender for Endpoint for Android | Important | Release Notes | CVE-2024-49057 | |
System Center Operations Manager (SCOM) 2025 | Important | Release Notes | CVE-2024-43594 | |
System Center Operations Manager (SCOM) 2022 | Important | Release Notes | CVE-2024-43594 | |
System Center Operations Manager (SCOM) 2019 | Important | Release Notes | CVE-2024-43594 |
Microsoft released the KB5048667 and KB5048685 updates for PCs running Windows 11 versions 24H2 and 23H2. This release allows users to share content to an Android device from the context menu in File Explorer and on the desktop. However, this feature requires users to install and configure the Phone Link app.
Additionally, Microsoft has added new options to enhance user control over mouse settings. Users can now turn off enhanced mouse pointer precision and change the direction in which the mouse scrolls. This capability is only available in Windows 11 version 23H2/22H2.
The KB5048652 update brings a couple of bug fixes for Windows 10 PCs. Specifically, Microsoft has addressed a bug that affected how files were handled when dragged and dropped from a cloud files provider folder. Previously, when users dragged and dropped files from these cloud folders, the files were moved to the new location instead of being copied. With the update, the default action now ensures that files are copied rather than moved, preserving the original files in the cloud folder.
Microsoft advises organizations to perform thorough testing to confirm that updates do not compromise the stability of their production systems. However, it is crucial to deploy Patch Tuesday updates to proactively address potential threats.
Additionally, IT administrators must prioritize backing up their systems before applying updates, utilizing the built-in backup features of Windows and Windows Server. These features allow for the restoration of specific files and folders or entire systems as required.
Last but not least, organizations should consistently monitor their systems for anomalies or unexpected behaviors. Regular monitoring is essential for staying vigilant against emerging risks and adopting appropriate security measures.