December 2024 Patch Tuesday: 16 Critical and One Zero-Day Among 71 Vulnerabilities

This CrowdStrike bulletin details multiple Microsoft Windows vulnerabilities—including an actively exploited zero-day (CVE-2024-49138) and numerous critical RCE flaws (notably CVE-2024-49112 targeting LDAP with CVSS 9.8)—that affect services such as Active Directory/LDAP, Hyper-V, MSMQ, LSASS, and Remote Desktop Services; the advisory describes exploitation risks, required conditions (race conditions, local VM access, network exposure), CVSS ratings, and recommends prompt patching and mitigations where applicable.