Serial number: AV24-701
Date: December 11, 2024
xOn December 10, 2024, Microsoft published security advisories to address vulnerabilities in multiple products. Included were updates for the following products:
- Microsoft 365 Apps for Enterprise – multiple versions and platforms;
- Microsoft Access 2016
- Microsoft Defender for Endpoint
- Microsoft Edge
- Microsoft Excel 2016
- Microsoft/Muzic
- Microsoft Office – multiple versions and platforms
- Microsoft Project 2016 – multiple versions and platforms
- Microsoft SharePoint Enterprise Server 2016
- Microsoft SharePoint Server Subscription Edition
- Microsoft SharePoint Server 2019
- Microsoft Word 2016
- System Center Operations Manager 2019, 2022 and 2025
- Windows 10 – multiple versions and platforms
- Windows 11 – multiple versions and platforms
- Windows Server – multiple versions and platforms
Microsoft has indicated that CVE-2024-49138 and CVE-2023-44487* have been exploited.
Microsoft has also published a blog post about defending against NTLM relay exploits associated with CVE-2024-21413, CVE-2023-23397, and CVE-2023-36563.
The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.