Microsoft Security Response Center Blog Alerts

CVE-2024-49132 Windows Remote Desktop Services Remote Code Execution Vulnerability

Published December 10, 2024

Information published.

CVE-2024-49082 Windows File Explorer Information Disclosure Vulnerability

Published December 10, 2024

Information published.

CVE-2024-38033 PowerShell Elevation of Privilege Vulnerability

Published December 10, 2024

To comprehensively address CVE-2024-38033, Microsoft released security updates on December 10, 2024 for all affected versions of Windows Server 2012 and Windows Server 2012 R2.

Microsoft recommends that customers running any of these products install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.

Chromium: CVE-2024-12053 Type Confusion in V8

Published December 6, 2024

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.

CVE-2024-38199 Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability

Published December 2, 2024

Added acknowledgements. This is an informational change only.

CVE-2024-49035 Partner.Microsoft.Com Elevation of Privilege Vulnerability

Published November 26, 2024

An improper access control vulnerability in [Partner.Microsoft.com](https://partner.microsoft.com/) allows an a unauthenticated attacker to elevate privileges over a network.

CVE-2024-49038 Microsoft Copilot Studio Elevation Of Privilege Vulnerability

Published November 26, 2024

Improper neutralization of input during web page generation (‘Cross-site Scripting’) in Copilot Studio by an unauthorized attacker leads to elevation of privilege over a network.