The December 2024 Security Update Review

Adobe and Microsoft published December 2024 security bulletins: Adobe released 16 updates fixing 167 CVEs across many products (Experience Manager accounting for 91 CVEs, mostly XSS, and Animate addressing 13 critical code-execution bugs), while Microsoft released 71 CVEs (72 including third-party) spanning Windows, Office, Hyper-V, and other components. Notable Microsoft issues include an actively exploited Windows CLFS elevation-of-privilege (CVE-2024-49138) and a 9.8 CVSS unauthenticated LDAP remote code execution that can affect Domain Controllers (CVE-2024-49112); administrators are advised to test and deploy patches promptly.