Important Notice: Security vulnerabilities of Microsoft (updated at 11 December 2024)
關於 Microsoft 的安全漏洞通告 (更新於 2024年12月11日)

資訊安全警示 Information Security Alert
To: All Users
As informed by the Cybersecurity Incident Alert and Response Centre (CARIC), Microsoft have recently released its December security update notice, there is 72 vulnerability updates this time.
The updates this time mainly cover the following components: Microsoft Defender for Endpoint, Windows Hyper-V、 Windows Cloud Files Mini Filter Driver、 Windows Remote Desktop、Windows Message Queuing、Windows Mobile Broadband、Windows KernelMode Drivers products vulnerabilities.
Details of the vulnerabilities:
- Windows Common Log File System Driver Elevation of Privilege Vulnerability
For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49088
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49138
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49090
- Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49122
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49118
- Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability
For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49124
- Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49127
- Windows Remote Desktop Services Remote Code Execution Vulnerability
For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49123
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49105
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49116
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49132
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49120
For more details about Microsoft December Updates, please refer to: https://msrc.microsoft.com/update-guide/releaseNote/2024-Dec
If the relevant affected products are used, please install the security updates released by Microsoft as soon as possible.
Reference
- How to download and install software in a secure manner?
- Basic Knowledge of Online Safety and Security
- Other Information Security Tips
Should you have any enquiries, please feel free to contact ICTO Help Desk.
ICTO Help Desk
Location : Room 2085, 2/F, Central Teaching Building (E5), eMap
Telephone : 8822 8600
email : icto.helpdesk@um.edu.mo
Information and Communication Technology Office
各位用戶:
資訊及通訊科技部接獲網絡安全事故預警及應急中心的通知,Microsoft 近日發布了 12 月安全更新通告,此次包含了 72個漏洞更新。
此次釋出的更新主要涵蓋了以下組件: Microsoft Defender for Endpoint, Windows Hyper-V、 Windows Cloud Files Mini Filter Driver、 Windows Remote Desktop、Windows Message Queuing、Windows Mobile Broadband、Windows KernelMode Drivers 等產品的漏洞。
漏洞詳情:
- Windows 通用日誌檔案系統驅動程式許可權提升漏洞
有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49088
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49138
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49090
- Microsoft 訊息佇列(MSMQ)遠端代碼執行漏洞
有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49122
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49118
- 羽量級目錄訪問協定(LDAP)用戶端遠端代碼執行漏洞
有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49124
- Windows 羽量級目錄訪問協定(LDAP)遠端代碼執行漏洞
有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49127
- Windows 遠端桌面服務遠端代碼執行漏洞
有關詳情可參考: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49123
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49105
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49116
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49132
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49120
Microsoft 12 月更新有關詳情可參考: https://msrc.microsoft.com/update-guide/releaseNote/2024-Dec
倘有使用相關受影響產品,須盡快安裝由微軟公司釋出的安全更新。
參考資料
如有任何疑問,請聯絡資訊及通訊科技部服務中心。
服 務 中 心
位置 : 中央教學樓東5座(E5)二樓2085室 (電子地圖)
電話 : 8822 8600
電郵 : icto.helpdesk@um.edu.mo
資訊及通訊科技部