Microsoft Monthly Updates - 20241211001

wagov · Dec 11, 2024 · 73dd63b · 73dd63b
1 parent 8873f7a
commit 73dd63b
Showing 1 changed file with 29 additions and 0 deletions.
diff --git a/docs/advisories/20241211001-Microsoft-December-Updates.md b/docs/advisories/20241211001-Microsoft-December-Updates.md
@@ -0,0 +1,29 @@
+# Microsoft Monthly Updates - 20241211001
+
+## Overview
+
+Microsoft has released security updates to address vulnerabilities in multiple products. A Cyber threat actor could leverage some of these vulnerabilities to exploit the affected system.
+
+## What is vulnerable?
+
+### Critical Vulnerabilities
+
+| Product(s) Affected    | CVE                                                               | CVSS | Severity |
+| ---------------------- | ----------------------------------------------------------------- | ---- | -------- |
+| Windows Lightweight Directory | [CVE-2024-49112](https://nvd.nist.gov/vuln/detail/CVE-2024-49112) | 9.8  | Critical |
+
+### Known Exploitation
+
+| Product(s) Affected    | Version(s)                                                        | CVE | CVSS |
+| ---------------------- | ----------------------------------------------------------------- | --- | ---- |
+| Windows Common Log File System | [CVE-2024-49138](https://nvd.nist.gov/vuln/detail/CVE-2024-49138) | 7.8 | High |
+
+## What has been observed?
+
+There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48 hours...* (refer [Patch Management](../guidelines/patch-management.md)):
+
+- Microsoft December 2024 Security Updates: <https://msrc.microsoft.com/update-guide/releaseNote/2024-Dec>