Microsoft issued patches for 72 CVE-rated vulnerabilities:

27 Elevation of Privilege Vulnerabilities
30 Remote Code Execution Vulnerabilities
Seven Information Disclosure Vulnerabilities
Five Denial-of-Service Vulnerabilities
One Spoofing Vulnerabilities
One Revisited
One Zero-day under active exploit.
Of these, one is listed as being actively exploited: Windows Common Log File System Driver Elevation of Privilege Vulnerability.

Quorum Cyber Recommendations
Patching should be completed within your regular cycles and without delay. We do not at this time recommend expedited patching.

Microsoft Release Notes
December 2024 Security Updates – Release Notes – Security Update Guide – Microsoft

Key Vulnerability Details
Title Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE CVE-2024-49138
CVSS 7.8

Reason for Concern Zero day with public exploit.
Mitigations and other Factors An attacker with local privileges could exploit this flaw to execute arbitrary code, thereby escalating their privileges to the SYSTEM level without any user interaction.
Commentary The vulnerability was reported by CrowdStrike’s Advanced Research Team, whose efforts were acknowledged by Microsoft.
Threat Intelligence Comment This flaw allows attackers to gain SYSTEM-level privileges by exploiting the CLFS driver, leading to full control over the affected system. Successful exploitation enables attackers to execute arbitrary code, install malware, exfiltrate data, and create new accounts with full user rights without user interaction. The vulnerability is actively being exploited in the wild and has been added to the CISA Known Exploited Vulnerability list, further emphasising its severity and the urgency for remediation.
Link Windows Common Log File System Driver Elevation of Privilege Vulnerability