【漏洞详情】
微软于本周发布了2024年12月安全补丁,微软共发布了71个漏洞的补丁程序,其中Windows Remote Desktop等产品中的16个漏洞被微软官方标记为Critical。
Critical漏洞清单如下:
序号 CVE 编号 CVE 标题 严重程度
1 CVE-2024-49124 Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability Critical
2 CVE-2024-49118 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability Critical
3 CVE-2024-49122 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability Critical
4 CVE-2024-49117 Windows Hyper-V Remote Code Execution Vulnerability Critical
5 CVE-2024-49112 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability Critical
6 CVE-2024-49127 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability Critical
7 CVE-2024-49126 Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability Critical
8 CVE-2024-49106 Windows Remote Desktop Services Remote Code Execution Vulnerability Critical
9 CVE-2024-49108 Windows Remote Desktop Services Remote Code Execution Vulnerability Critical
10 CVE-2024-49115 Windows Remote Desktop Services Remote Code Execution Vulnerability Critical
11 CVE-2024-49116 Windows Remote Desktop Services Remote Code Execution Vulnerability Critical
12 CVE-2024-49119 Windows Remote Desktop Services Remote Code Execution Vulnerability Critical
13 CVE-2024-49120 Windows Remote Desktop Services Remote Code Execution Vulnerability Critical
14 CVE-2024-49123 Windows Remote Desktop Services Remote Code Execution Vulnerability Critical
15 CVE-2024-49128 Windows Remote Desktop Services Remote Code Execution Vulnerability Critical
16 CVE-2024-49132 Windows Remote Desktop Services Remote Code Execution Vulnerability Critical
【风险评级】
高危
【影响范围】
l Windows系统及相关产品
【修复建议】
建议受影响的用户结合实际业务评估漏洞风险影响,可通过如下方案避免安全风险:
修复方法:打开Windows Update更新功能,点击“检查更新”按钮,依据业务需求下载安装相关安全补丁,安装完毕后重启系统,并检查系统运行情况。
【参考链接】
https://msrc.microsoft.com/update-guide/releaseNote/2024-Dec
特别提醒:修复漏洞前请进行充分测试,并务必做好数据备份和快照
平安金融云
2024年12月12日
