December 2024 [Merry FixMas and a Happy Patched Year]

CVE-2024-49093 is a Windows ReFS elevation-of-privilege flaw. A scope change lets an attacker escape a low-privilege app container to reach files, memory, and processes, then move laterally across Windows servers. No active exploitation observed yet.

CVE-2024-49132 is a Remote Desktop Services remote code execution bug driven by a use-after-free race condition. A connection through the Remote Desktop Gateway role can trigger it, and there's no reliable workaround other than patching.

CVE-2024-49138 is a Common Log File System (CLFS) driver elevation-of-privilege vulnerability that is already being exploited and publicly disclosed, with the research credited to CrowdStrike. Successful exploitation grants SYSTEM-level privileges.

The CLFS flaw affects Windows installs going back to Windows Server 2008, and a Microsoft analysis from August 2024 found 19 of 24 CLFS CVEs over five years traced to improper data validation, with at least three carrying active exploits.

The Remote Desktop bug needs precise timing today, but attack complexity drops as researchers build easier exploits. Patch before the bar lowers.