MS Product Line December 2024 Routine Security Update Advisory
Overview
Microsoft(https://www.microsoft.com) has released a security update that fixes vulnerabilities in products it has supplied. Users of affected products are advised to update to the latest version.
Affected Products
Developer Tools Product Line
Microsoft/Muzic
ESU Product Line
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Microsoft Office Product Line
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft Access 2016 (32-bit edition)
Microsoft Access 2016 (64-bit edition)
Microsoft Excel 2016 (32-bit edition)
Microsoft Excel 2016 (64-bit edition)
Microsoft Office 2016 (32-bit edition)
Microsoft Office 2016 (64-bit edition)
Microsoft Office 2019 for 32-bit editions
Microsoft Office 2019 for 64-bit editions
Microsoft Office LTSC 2021 for 32-bit editions
Microsoft Office LTSC 2021 for 64-bit editions
Microsoft Office LTSC 2024 for 32-bit editions
Microsoft Office LTSC 2024 for 64-bit editions
Microsoft Office LTSC for Mac 2021
Microsoft Office LTSC for Mac 2024
Microsoft Project 2016 (32-bit edition)
Microsoft Project 2016 (64-bit edition)
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Server 2019
Microsoft SharePoint Server Subscription Edition
Microsoft Word 2016 (32-bit edition)
Microsoft Word 2016 (64-bit edition)
System Center Product Line
Microsoft Defender for Endpoint for Android
System Center Operations Manager (SCOM) 2019
System Center Operations Manager (SCOM) 2022
System Center Operations Manager (SCOM) 2025
Windows Product Line
Remote Desktop client for Windows Desktop
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 11 Version 23H2 for ARM64-based Systems
Windows 11 Version 23H2 for x64-based Systems
Windows 11 Version 24H2 for ARM64-based Systems
Windows 11 Version 24H2 for x64-based Systems
Windows App Client for Windows Desktop
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows Server 2022, 23H2 Edition (Server Core installation)
Windows Server 2025
Windows Server 2025 (Server Core installation)
Resolved Vulnerabilities
16 vulnerabilities rated Critical and 54 rated Important were found.
Developer Tools Product Line
Critical-rated remote code execution vulnerability in GitHub (CVE-2024-49063)
Microsoft Office Product Line
Critical remote code execution vulnerability in Microsoft Office Access (CVE-2024-49142)
Critical remote code execution vulnerability in Microsoft Office Excel (CVE-2024-49069)
Critical elevation of privilege vulnerability in Microsoft Office SharePoint (CVE-2024-49068)
Critical remote code execution vulnerability in Microsoft Office SharePoint (CVE-2024-49070)
Critical information disclosure vulnerabilities in Microsoft Office SharePoint (CVE-2024-49064, CVE-2024-49062)
Critical remote code execution vulnerability in Microsoft Office Word (CVE-2024-49065)
Moderate-grade Defense in Depth vulnerability in Microsoft Office (ADV240002)
Critical elevation of privilege vulnerabilities in Microsoft Office (CVE-2024-49059, CVE-2024-43600)
System Center Product Line
Critical spoofing vulnerability in Microsoft Defender for Endpoint (CVE-2024-49057)
Critical elevation of privilege vulnerability in System Center Operations Manager (CVE-2024-43594)
Windows Product Line
Critical remote code execution vulnerability in Microsoft Office Publisher (CVE-2024-49079)
Critical remote code execution vulnerability in Remote Desktop Client (CVE-2024-49105)
Role: Critical remote code execution vulnerability in DNS Server (CVE-2024-49091)
Role: Critical Remote Code Execution Vulnerability in Windows Hyper-V (CVE-2024-49117)
Critical elevation of privilege vulnerability in Windows Cloud Files Mini Filter Driver (CVE-2024-49114)
Critical elevation of privilege vulnerabilities in Windows Common Log File System Driver (CVE-2024-49088, CVE-2024-49090, CVE-2024-49138)
Critical information disclosure vulnerability in Windows File Explorer (CVE-2024-49082)
Critical remote code execution vulnerability in Windows IP Routing Management Snapin (CVE-2024-49080)
Critical elevation of privilege vulnerability in Windows Kernel-Mode Drivers (CVE-2024-49074)
Critical elevation of privilege vulnerability in Windows Kernel (CVE-2024-49084)
Critical remote code execution vulnerability in Windows LDAP – Lightweight Directory Access Protocol (CVE-2024-49124, CVE-2024-49127)
Critical-grade denial-of-service vulnerabilities in Windows LDAP – Lightweight Directory Access Protocol (CVE-2024-49121, CVE-2024-49113)
Critical remote code execution vulnerability in Windows Local Security Authority Subsystem Service (LSASS) (CVE-2024-49126)
Critical remote code execution vulnerability in Windows Message Queuing (CVE-2024-49122, CVE-2024-49118)
Critical-grade denial-of-service vulnerability in Windows Message Queuing (CVE-2024-49096)
Critical elevation of privilege vulnerabilities in Windows Mobile Broadband (CVE-2024-49073, CVE-2024-49092, CVE-2024-49077, CVE-2024-49078, CVE-2024-49083, CVE-2024-49110)
Critical information disclosure vulnerability in Windows Mobile Broadband (CVE-2024-49087)
Critical elevation of privilege vulnerabilities in Windows PrintWorkflowUserSvc (CVE-2024-49097, CVE-2024-49095)
Critical remote code execution vulnerabilities in Windows Remote Desktop Services (CVE-2024-49106, CVE-2024-49108, CVE-2024-49115, CVE-2024-49119, CVE-2024-49120, CVE-2024-49123, CVE-2024-49116, CVE-2024-49128)
Critical-grade denial-of-service vulnerabilities in Windows Remote Desktop Services (CVE-2024-49129, CVE-2024-49075)
Critical remote code execution vulnerability in Windows Remote Desktop (CVE-2024-49132)
Critical-grade privilege escalation vulnerability in Windows Resilient File System (ReFS) (CVE-2024-49093)
Critical remote code execution vulnerabilities in Windows Routing and Remote Access Service (RRAS) (CVE-2024-49085, CVE-2024-49086, CVE-2024-49089, CVE-2024-49089, CVE-2024-49102, CVE-2024-49104, CVE-2024-49125)
Critical elevation of privilege vulnerability in Windows Task Scheduler (CVE-2024-49072)
Critical elevation of privilege vulnerability in Windows Virtualization-Based Security (VBS) Enclave (CVE-2024-49076)
Critical elevation of privilege vulnerabilities in Windows Wireless Wide Area Network Service (CVE-2024-49094, CVE-2024-49101, CVE-2024-49111, CVE-2024-49081, CVE-2024-49109)
Critical information disclosure vulnerabilities in Windows Wireless Wide Area Network Service (CVE-2024-49098, CVE-2024-49099, CVE-2024-49103)
Critical elevation of privilege vulnerability in WmsRepair Service (CVE-2024-49107)
Vulnerability Patches
The following product-specific vulnerability patches were made available in the December 10, 2024 Update. Please use the Windows Update feature to automatically install, or refer to the URLs in the product information below to download and install.
Microsoft 365 Apps for Enterprise version
https://msrc.microsoft.com/update-guide/
Microsoft Access 2016 version
https://www.microsoft.com/download/details.aspx?familyid=bf18359c-61ce-4595-ba2f-045dce354ef4
Microsoft Defender for Endpoint for Android version
https://msrc.microsoft.com/update-guide/
Microsoft Excel 2016 version
https://www.microsoft.com/download/details.aspx?familyid=e5633318-19d7-4951-8ff5-cd8c17ac07a1
Microsoft Office 2016 version
https://www.microsoft.com/download/details.aspx?familyid=4dfee581-36dd-41f9-a34b-753736987f2d
https://www.microsoft.com/download/details.aspx?familyid=e4aa2894-fae7-4308-ab83-ed79d9f021cf
https://www.microsoft.com/download/details.aspx?familyid=fc23072a-6f54-4036-bc9d-7e85c5f1324e
Microsoft Office 2019 version
Microsoft Office LTSC 2021 version
Microsoft Office LTSC 2024 version
https://msrc.microsoft.com/update-guide/
Microsoft Office LTSC for Mac 2021 version
Microsoft Office LTSC for Mac 2024 version
https://msrc.microsoft.com/update-guide/
Microsoft Project 2016 version
https://www.microsoft.com/download/details.aspx?familyid=3fae2662-eabf-4fb7-93c9-08e94bccfdc0
Microsoft SharePoint Enterprise Server 2016 version
https://www.microsoft.com/download/details.aspx?familyid=789b67f7-203e-4872-a698-3bc0e01f9daa
https://www.microsoft.com/download/details.aspx?familyid=1ae6358a-3c93-4a3f-ba80-126b32822db9
Microsoft SharePoint Server 2019 version
https://www.microsoft.com/download/details.aspx?familyid=e71e3889-da21-4ab0-941e-6e9cbfbb986e
https://www.microsoft.com/download/details.aspx?familyid=5c60bcb4-ce16-464f-9e01-10ca73cab72a
Microsoft SharePoint Server Subscription Edition version
https://www.microsoft.com/download/details.aspx?familyid=b2d6c4f7-5bbb-492a-a8eb-0471c8a25b3d
Microsoft Word 2016 version
https://www.microsoft.com/download/details.aspx?familyid=e4aa2894-fae7-4308-ab83-ed79d9f021cf
Microsoft/Muzic version
Remote Desktop client for Windows Desktop version
System Center Operations Manager (SCOM) 2019 version
System Center Operations Manager (SCOM) 2022 version
System Center Operations Manager (SCOM) 2025 version
https://msrc.microsoft.com/update-guide/
Windows 10 versions
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5048703
Windows 10 1607 version
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5048671
Windows 10 1809 version
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5048661
Windows 10 21H2 version
Windows 10 22H2 version
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5048652
Windows 11 22H2 version
Windows 11 23H2 version
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5048685
Windows 11 24H2 version
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5048667
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5048794
Windows App Client for Windows Desktop version
https://msrc.microsoft.com/update-guide/
Windows Server 2008 R2 Service Pack 1 version
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5048695
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5048676
Windows Server 2008 Service Pack 2 version
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5048710
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5048744
Windows Server 2012 version
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5048699
Windows Server 2012 R2 version
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5048735
Windows Server 2016 version
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5048671
Windows Server 2019 version
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5048661
Windows Server 2022 version
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5048654
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5048800
Windows Server 2022, 23H2 version
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5048653
Windows Server 2025 version
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5048667
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5048794