December 2024 patches are out

Topic

New Reply

It’s that time of the month again that we hunker down and start testing and reviewing what side effects we can live with and those we can’t. It’s Patc
[See the full post at: December 2024 patches are out]

Susan Bradley Patch Lady/Prudent patcher

8 users thanked author for this post.

deuce120, deuxbits, jburk07, ChrisAVWood, abbodi86, lmacri, Alex5723, creem

Reply | Quote

Replies

AKB 2000003 has been updated for Group B Win7 and Win8.1 on Dec 10, 2024.

See #2724428 and #2724429 for information on Win7 and Win8.1 updates (Logged in Member access required).

4 users thanked author for this post.

jburk07, SueW, abbodi86, Microfix

Reply | Quote

ZDI Blog is out Zero Day Initiative — The December 2024 Security Update Review

2 users thanked author for this post.

deuxbits, Alex5723

Reply | Quote

Hardened Windows user:

KB5048685 Cumulative Update for Windows 11 Version 23H2 for x64-based Systems
No hiccups.

Now running Windows 11 Pro Version 23H2 (OS Build 22631.4602). I’ll wait for the push on my NAS and E5420.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

2 users thanked author for this post.

SteveIT, fernlady

Reply | Quote

Hardened Windows user:
B side updates:

KB5048667 Cumulative Update for Windows 11 Version 24H2 for x64-based Systems
No hiccups.

Now running Windows 11 Pro Version 24H2 (OS Build 26100.2605).

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

Reply | Quote

W10 Pro 22H2 …. KB5048652 … Dec CU … This KB is ALL I see even in Con Panel History (No MSRT/SSU). About an 18 Min process. Will Dbl-Chk later for anything else.

[Microsoft has released the KB5048652 cumulative update for Windows 10 22H2, which contains six fixes, including a fix that prevented Windows 10 from activating when you change a device’s motherboard.

The Windows 10 KB5048652 update is mandatory as it contains Microsoft’s December 2024 Patch Tuesday … security updates.]

W10 Pro 22H2 / Hm-Stdnt Ofce '16 C2R / Macrium Pd vX / GP=2 + FtrU=Semi-Annual + Feature Defer = 1 + QU = 0

2 users thanked author for this post.

deuxbits, lmacri

Reply | Quote

2024-12 Cumulative Update for Windows 11 Version 24H2 for x64-based Systems (KB5048667)

Win 11 Pro 24H2 26100.2605

3 Not Supported, 1 Supported, all successful.

(Ironically, I had to retry the Supported machine that failed first try, but it installed successfully after that.

Reply | Quote

https://www.ghacks.net/2024/12/10/microsoft-releases-the-december-2024-security-updates-for-windows/

Windows 10 version 22H2: 44 vulnerabilities, 8 critical, 36 important

Windows 11 version 22H2 and 23H2: 44 vulnerabilities, 9 critical, 35 important

Windows 11 version 24H2: 45 vulnerabilities, 9 critical, 46 important

Windows Server 2008 R2 (extended support only): 22 vulnerabilities: 6 critical, 16 important

Windows Server 2016: 33 vulnerabilities: 13 critical, 20 important

Windows Server 2019: 56 vulnerabilities: 15 critical, 41 important

Windows Server 2022: 41 vulnerabilities: 16 critical, 25 important

Windows Server 2025: 57 vulnerabilities: 16 critical, 41 important..

Reply | Quote

Windows 10 22H2 – KB5048652 installed with no problems detected.

HTH, Dana:))

2 users thanked author for this post.

deuxbits, lmacri

Reply | Quote

KB5048685 Cumulative Update for Windows 11 Pro Version 23H2  accomplished slowly but with no second reboot. No changes noted, especially to the time format in the taskbar, unless I’m missing something.

Mark

 

Reply | Quote

Mark wrote:

No changes noted, especially to the time format in the taskbar, unless I’m missing something.

I actually had my time format change to the shortened version BEFORE the Dec update on one of my Win11 Pro 24H2 systems. When it happened, I honestly thought I might have had a virus since it “dropped the years and the AM/PM” per Susan’s OP.

“Windows 11 23H2 – KB5048685 –  This has the gradual change in the time and date in the corner – so if you suddenly see that change it’s not you, Microsoft changed it to drop the years and the AM/PM.”

Funny thing is, there was a setting to restore the setting, which I toggled, and now after the current 24H2 update, I no longer see a setting at all under the clock settings. Very Strange! ☺️

ETA: Directions on how to change the time format:

1 user thanked author for this post.

deuxbits

Reply | Quote

PL1 wrote:

Funny thing is, there was a setting to restore the setting, which I toggled, and now after the current 24H2 update, I no longer see a setting at all under the clock settings. Very Strange! ☺️

That’s because you restored the previous setting and the long and short “time format settings” are actually under Time & Language > Language & region > Regional format; not Time & Language > Date & Time!

4 users thanked author for this post.

KWGuy, deuxbits, jburk07, PL1

Reply | Quote

n0ads wrote:

That’s because you restored the previous setting and the long and short “time format settings” are actually under Time & Language > Language & region > Region format; not Time & Language > Date & Time!

Thanks for that. I see there is a “Related Links” item I could have tried. 😎

 

Reply | Quote

Microsoft has confirmed a zero-day security vulnerability that can open up Windows devices to full system compromise is under active exploitation. The cyberattack has also been confirmed by the U.S. Cybersecurity and Infrastructure Security Agency, part of the Department of Homeland Security, which has added the security issue to the Known Exploited Vulnerability Catalog, and advised it “poses significant risks” with a recommendation for all users to take appropriate remediation measures and update now. Here’s what you need to know about CVE-2024-49138.
..
Not much is known about the vulnerability itself, as is often the case with such zero-day issues this detail is held back until as many users as possible have had the opportunity to patch against the exploit. However, what we do know is that it’s a heap-based buffer overflow vulnerability, a memory security issue, in the Microsoft Windows Common Log File System driver. We also know that it is a very widespread vulnerability impacting millions of Windows users.

“The vulnerability affects all Windows OS editions back to Server 2008,”
…
CISA also sees this as being a top priority, having added it to the KEV catalog along with stating that it “CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation” of the critical issue.

The Ransomware Risk Posed By CVE-2024-49138 To Windows Users
…
Why is this important? Because Windows Common Log File System exploits are a favorite among cybercriminals, especially those participating in the ransomware sector.

New Windows 0Day Attack Confirmed — Homeland Security Says Update Now

6 users thanked author for this post.

deuxbits, jburk07, Alex5723, lmacri, PL1, RetiredGeek

Reply | Quote

b wrote:

Microsoft has confirmed a zero-day security vulnerability that can open up Windows devices to full system compromise is under active exploitation.

So what do we do to protect our devices against it??

Reply | Quote

AFAICT, the exploit needs a user to run a malicious app.

The best protection is “do NOT download / run apps from unknown sources”.
Hmm, where have I heard that before?

cheers, Paul

3 users thanked author for this post.

deuxbits, WCHS, jburk07

Reply | Quote

WCHS wrote:

So what do we do to protect our devices against it??

Follow @Paul-T ‘s sage advice in his post above, and wait for Susan to give the all-clear to install this month’s patch(es).

Since Susan is computer-industry certified in computer security and forensics, she’s got a good insight into just what this type of bug entails. If she feels the risk level is low enough for most folks to avoid unwanted nasty side effects, she may very well give the all clear earlier than she normally does, given that the vulnerability is a zero-day that’s currently being actively exploited.

2 users thanked author for this post.

deuxbits, WCHS

Reply | Quote

Don’t panic.  For one thing this is a local attack not remote.  So they have to phish there way onto your systems first.  This is a business, not consumer concern.

Zero day attacks these days are targeted to businesses.

Known Exploited Vulnerabilities Catalog | CISA

CISA’s recommended “install by date” for this vulnerability is 12-31-2024.  Bottom line folks, this is another of the PR vulns that have more impact to businesses than consumers but it still doesn’t negate the need to test and ensure there are no major side effects.

Susan Bradley Patch Lady/Prudent patcher

1 user thanked author for this post.

deuxbits

Reply | Quote

Actually they didn’t say update now, they recommend installing by 12/31.

Also refer to Zerodayinitiative blog

“This bug is listed as publicly known and under active attack, but Microsoft provides no information regarding where it was disclosed or how widespread the attacks may be. Since it is a privilege escalation, it is likely being paired with a code execution bug to take over a system. These tactics are often seen in ransomware attacks and in targeted phishing campaigns.”

Zero Day Initiative — The December 2024 Security Update Review

The key is “targeted” and not widespread.

Watch that phishing. Don’t click on emails saying a package is late or that your address or credit card need updating. The usual stuff.

While I’m not seeing anything trending in my testing at this time, I still don’t see this as a “OMG we need to patch right now” sort of event.

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

KB5048667 Cumulative Update for Windows 11 Version 24H2 for x64-based Systems

Installed without issues.

Now running Windows 11 Pro Version 24H2 (OS Build 26100.2605)

--Joe

Reply | Quote

WCHS wrote:

So what do we do to protect our devices against it??

Install Dec.10 updates.

The December round of Patch Tuesday vulnerability fixes has been released by Microsoft, and among the 72 vulnerabilities this month is one that needs your full attention right now: CVE-2024-49138.

Reply | Quote

WCHS wrote:

WCHS wrote:

So what do we do to protect our devices against it?? [/quote

Alex5723 wrote:

Install Dec.10 updates.

In other words, don’t wait for MS-Def Con 3+ ??

Reply | Quote

Usually install 0-day in the wild fixes as soon as possible.

Reply | Quote

No.  Only if you think you are at risk.  Unless the vulnerability is wormable or we see enough honeypots reporting that it’s being actively (and not targeted) there is no reason to freak out and not wait for feedback.

Zero days just mean someone has seen it, not that you and your community of users have been targeted.

Susan Bradley Patch Lady/Prudent patcher

3 users thanked author for this post.

deuxbits, deuce120, WCHS

Reply | Quote

I updated 2024-12 Cumulative Update for Windows 11 Version 23H2 for x64-based Systems (KB5048685) and don’t see any problems but when I first clicked on download it only went to 7% and I had to click on download and install again. Never had that happen in the past.

Windows 11 Pro
Version 23H2
OS build 22631.4890

1 user thanked author for this post.

deuxbits

Reply | Quote

Scratch that last post. I uninstalled that update. I went to Task manager, app history had a lot of cpu running. After the uninstalled  cpu is back to normal.

I’ll wait for Susan to give the go ahead.

 

Windows 11 Pro
Version 23H2
OS build 22631.4890

1 user thanked author for this post.

deuxbits

Reply | Quote

I accidentally forgot to pause updates on a near production Win 10 Pro x64 22H2 machine (a laptop). The machine updated with KB5048652 yesterday without issues. I have run my few critical production type tests and I have not seen any issues yet. Yay!

Based on this experience and what others have reported here, I will be updating my other test machines today, then my production machine last. I will report on the more complete results tomorrow.

 

Basic research is what I am doing when I don't know what I am doing - Werner Von Braun

1 user thanked author for this post.

Bob99

Reply | Quote

And the results for the remaining 5 Windows 10 Pro x64 test machines was KB5048652 installs without issues. Several basic tests on another production developer machine also show no issues so far. Therefore unleashed the KB5048652 update for the rest of the crew. No reports of issues so far.

One person reported an additional Microsoft supplied driver update for nVidia video display card to <!–StartFragment –>32.0.15.5612 reportedly from June of 2024 – no issues reported.

 

<!–EndFragment –>

Basic research is what I am doing when I don't know what I am doing - Werner Von Braun

1 user thanked author for this post.

lmacri

Reply | Quote

Updated x3 Windows 11 Pro 23H2:
Two installations of Win11 Pro on ARM in Parallels 20 VMs on Apple Silicon Macs, one Win11 Pro hardware install on a low-end HP desktop.

2024-12 CU KB5048685 for Win11 23H2
Defender updates

Observations:
+ All three updates proceeded without problems.

***************

Updated x3 Windows 10 Pro 22H2:
Win10 Pro in Parallels 20 VM on 2017 iMac4K (Intel Haswell i7)
Win10 Pro in Parallels 18 VM on 2012 MacBook Pro (Intel Ivy Bridge i7)
Win10 Pro hardware install on old Dell Studio XPS 1340 laptop

2024-12 CU KB5048652 for Win10 22H2
Defender updates

Observations:
+ The updates installed on all machines. None experienced a second restart during the installation.
+ Edge has been removed from all installations using AveYO’s script. At the same time, WebView2 Runtime was also removed from all machines, but was later reinstalled as an individual App on the iMac4K Win10 VM as required by a third-party app (see #2717550). As of this updating, the WebView2 Runtime has disappeared from Programs & Features and the Apps listing in the Settings App. But the third-party app that required it still works.
+ The background on all three installations was changed from “Picture” to “Spotlight.” Also, “Weather” was added to the lockscreens. I didn’t ask for these “improvements”(?), Microsoft. (This happened unasked for on one of my Win11 installs last month)
+ The WinRE partitions on all three machines remained on Build 19041.5125.

2 users thanked author for this post.

deuxbits, SteveIT

Reply | Quote

Windows 10 Pro 22H2 – KB5048652.
All is well

3 users thanked author for this post.

deuxbits, CAS, lmacri

Reply | Quote

PKCano wrote:

As of this updating, the WebView2 Runtime has disappeared from Programs & Features and the Apps listing in the Settings App.

Microsoft quietly changed things.  According to Release Notes for the WebView2 SDK —

“The Microsoft Edge WebView2 Runtime is no longer listed in Windows Settings > Apps > Installed apps, because it is a persistent system component.”

1 user thanked author for this post.

deuxbits

Reply | Quote

Yes, just documenting the fact that it disappeared since there was a discussion about it last month.

Reply | Quote

It’s interesting that MS described webview2 as a “system component” even though it does not appear in the listing displayed by Settings->System->System Components.  Oh well…

Reply | Quote

If you do a list of the installed stuff, I believe it shows up as Microsoft.Win32WebViewHost (cw5n1h2txyewy). At least, that’s the closest description in my list as of 11/28/24.

Reply | Quote

Yes, I wasn’t thrilled when WebView2 seemingly disappeared from program listings in Settings and in Control Panel.  I knew it had to still be around because it seems like MS Teams and another program or two have recently changed to using it as part of their software underpinnings.  I can find WebView2 and its version under C:\Program Files (x86)\Microsoft\EdgeWebView\Application.

 

Reply | Quote

Windows Update successfully installed KB5048652 for the December 2024 Patch Tuesday on my Win 10 Pro v22H2 laptop, and I am now at OS Build 19045.5427. This was the only update offered and I did not receive an update for the Malicious Software Removal Tool (MSRT) this month.

Like PKCano (post # 2724912), I finally received at least part of the changes described in the 15-Mar-2024 ghacks.net article Next Windows 10 update brings Windows Spotlight, Lock screen content, and another Windows 11 upgrade offer.

My Desktop background was automatically changed to Windows Spotlight at Settings | Personalization | Background. Nothing has changed at Settings | Personalization | Lockscreen and I’m not seeing any new widgets on my lock screen.

I also noticed the user profile button on my Start menu sometimes shows a red dot (see attached image). When I click that user profile button it displays a revolving set of new notification messages nagging me to run Windows Backup (which I don’t use), add a recovery phone number to my Microsoft Account, etc. So far I’ve just ignored these notifications and they eventually disappear on their own, but I expect it won’t be long until I start seeing nags to upgrade to Windows 11.  NOTE: I normally log in to Windows with my Microsoft Account, but don’t know if that’s relevant.

There is one oddity I noticed since installing the Dec 2024 Patch Tuesday updates, although I’m not sure I just haven’t noticed it before. When I open File Explorer and search for “user” anywhere in my C:\Users\<myusername> folder (including my Pictures subfolder that only includes image files) the search appears to return every file in that folder, regardless of the file name or contents. Is this because I’m searching for “user” in folders where the Location field includes the word “user”(e.g., C:\Users\<myusername>\Pictures\…), and is this “normal” for Win 10? If not, I’ll start a new topic and troubleshoot there.
———–
Dell Inspiron 15 5584 * 64-bit Win 10 Pro v22H2 build 19045.5427 * Firefox v133.0.3 * Microsoft Defender v4.18.24090.11-1.1.24090.11 * Malwarebytes Premium v5.2.3.156-1.0.5108 * Macrium Reflect Free v8.0.7783

1 user thanked author for this post.

WCHS

Reply | Quote

Susan, where can I post about WUmgr, which is not working for me on Win11 23H2 system. WUmgr Windows updates search will show only Windows 11 24 H2 upgrade.

Reply | Quote

I see you have found a place!
https://www.askwoody.com/forums/topic/wumgr-on-windows-11-23h2/

cheers, Paul

Reply | Quote