Table of Contents
Breaking Down the Latest November 2024 Patch Tuesday Report
Microsoft has kicked off November by disclosing fixes for 89 vulnerabilities across Windows, Office, Exchange Server, Azure, Dynamics, and other products. This release addresses concerns rated as Critical for four flaws while giving an Important ranking to 82 bugs and one rated as Moderate. The updates include patches for four zero-day vulnerabilities, with two being actively exploited in the wild.
The four zero-days are a Windows Task Scheduler elevation of privilege vulnerability (CVE-2024-49039) and NTLM Hash Disclosure spoofing vulnerability (CVE-2024-43451) that are being actively exploited, along with a publicly disclosed Active Directory Certificate Services elevation of privilege vulnerability (CVE-2024-49019) and Microsoft Exchange Server spoofing vulnerability (CVE-2024-49040).
The Critical flaws include a remote code execution vulnerability in Windows Kerberos (CVE-2024-43639), elevation of privilege vulnerabilities in Microsoft Windows VMSwitch (CVE-2024-43625) and Airlift.microsoft.com (CVE-2024-49056), and a remote code execution vulnerability in .NET and Visual Studio (CVE-2024-43498).
Additional key fixes address various remote code execution vulnerabilities in SQL Server Native Client, Windows Telephony Service, Microsoft Office applications and other components. There are also multiple elevation of privilege flaws in Windows kernel components, and spoofing vulnerabilities in Microsoft Exchange Server.
In this monthly report, we'll analyze severity ratings, exploitation vectors, and remediation advice to help prioritize patching. Whether you manage Windows clients and servers or cloud-based services, applying these latest critical and important updates helps secure environments from emerging threats.
Update for Windows 11 users: Microsoft has published KB5046617 for Windows 11. Visit [this page] to learn what is there in the KB5046617 update.
Update for Windows 10 users: Microsoft has published KB5046613 for Windows 10. Visit [this page] to learn what is there in the KB5046613 update.
Key Highlights - Patch Tuesday November 2024
In November's Patch Tuesday, Microsoft addressed 89 flaws, including four zero-day vulnerabilities, two of which were actively exploited in the wild. This update included patches across categories like elevation of privilege, remote code execution, spoofing, denial of service, security feature bypass, and information disclosure vulnerabilities.
The key affected products in this release span Microsoft's ecosystem, including Windows, Office, Exchange Server, Azure, Dynamics 365, .NET Framework, Windows Hyper-V, and Microsoft Edge. It is crucial for administrators and end users to apply these security updates promptly to protect their systems from these vulnerabilities.
Key Highlights are:
Total Flaws and Zero-Day Vulnerabilities: This update resolves 89 total bugs, with four critical, 82 important, and one moderate severity rating. Of the four zero-days, two were actively exploited in the wild.
Critical Flaws: The four critical vulnerabilities addressed include:
Windows Kerberos Remote Code Execution vulnerability (CVE-2024-43639)
Microsoft Windows VMSwitch Elevation of Privilege vulnerability (CVE-2024-43625)
Airlift.microsoft.com Elevation of Privilege vulnerability (CVE-2024-49056)
.NET and Visual Studio Remote Code Execution vulnerability (CVE-2024-43498)
3. Vulnerability Types: The vulnerabilities addressed include:
52 Remote Code Execution vulnerabilities
26 Elevation of Privilege vulnerabilities
4 Denial of Service vulnerabilities
2 Security Feature Bypass vulnerabilities
1 Information Disclosure vulnerability
4. Zero-Day Threats: The four zero-day vulnerabilities include:
CVE-2024-49039: Windows Task Scheduler Elevation of Privilege (actively exploited)
CVE-2024-43451: NTLM Hash Disclosure Spoofing (actively exploited)
CVE-2024-49019: Active Directory Certificate Services Elevation of Privilege (publicly disclosed)
CVE-2024-49040: Microsoft Exchange Server Spoofing (publicly disclosed)
5. Critical-Rated Bugs: Other notable critical issues include multiple remote code execution vulnerabilities in SQL Server Native Client and Windows Telephony Service.
6. Non-Critical Notables: Important-rated vulnerabilities include elevation of privilege flaws in Windows kernel components, information disclosure in Windows Package Library Manager, and multiple spoofing vulnerabilities in Microsoft Exchange Server.
Zero-day Vulnerabilities Patched in November 2024
Microsoft addressed four zero-day vulnerabilities in the November 2024 Patch Tuesday release. Out of these, two vulnerabilities (CVE-2024-49039 and CVE-2024-43451) were being actively exploited in the wild, while three were publicly disclosed. Let's examine each of these vulnerabilities in detail:
CVE ID
|
Description
|
CVSSv3
|
Severity
|
Exploited?
|
Publicly Disclosed?
|
---|---|---|---|---|---|
CVE-2024-43451
|
NTLM Hash Disclosure Spoofing Vulnerability - Allows disclosure of user's NTLMv2 hash to attacker who could use it to authenticate as the user. Requires minimal interaction with malicious file.
|
6.5
|
Important
|
Yes
|
Yes
|
CVE-2024-49039
|
Windows Task Scheduler Elevation of Privilege Vulnerability - Allows attacker to execute RPC functions restricted to privileged accounts from low privilege AppContainer.
|
8.8
|
Important
|
Yes
|
No
|
CVE-2024-49019
|
Active Directory Certificate Services Elevation of Privilege Vulnerability - Allows attacker to gain domain administrator privileges by abusing built-in default version 1 certificate templates.
|
7.8
|
Important
|
No
|
Yes
|
CVE-2024-49040
|
Microsoft Exchange Server Spoofing Vulnerability - Allows attackers to spoof sender's email address in emails to local recipients due to P2 FROM header verification implementation.
|
7.5
|
Important
|
No
|
Yes
|
CVE-2024-43451 - NTLM Hash Disclosure Spoofing Vulnerability
Vulnerability type: Spoofing
Affected product: Windows NTLM
CVSS v3 base score: 6.5
Severity rating: Important
This vulnerability allows an attacker to obtain a user's NTLMv2 hash, which could then be used to authenticate as the user. The attack requires minimal interaction with a malicious file, such as selecting (single-click), inspecting (right-click), or performing an action other than opening or executing the file.
Microsoft notes that this vulnerability was both publicly disclosed and actively exploited in the wild. CISA has added this vulnerability to its Known Exploited Vulnerabilities Catalog and urges users to patch before December 3, 2024.
CVE-2024-49039 - Windows Task Scheduler Elevation of Privilege Vulnerability
Vulnerability type: Elevation of Privilege
Affected product: Windows Task Scheduler
CVSS v3 base score: 8.8
Severity rating: Important
This vulnerability allows an authenticated attacker to execute RPC functions that are normally restricted to privileged accounts. The attack could be performed from a low privilege AppContainer, and successful exploitation would allow attackers to elevate their privileges and execute code at a higher integrity level than that of the AppContainer execution environment.
The flaw was discovered by Vlad Stolyarov and Bahare Sabouri of Google's Threat Analysis Group and is being actively exploited in the wild. CISA has added this to their Known Exploited Vulnerabilities Catalog with a remediation date of October 29, 2024.
CVE-2024-49019 - Active Directory Certificate Services Elevation of Privilege Vulnerability
Vulnerability type: Elevation of Privilege
Affected product: Active Directory Certificate Services
CVSS v3 base score: 7.8
Severity rating: Important
This vulnerability allows attackers to gain domain administrator privileges by abusing built-in default version 1 certificate templates. The vulnerability affects environments where certificates are created using a version 1 certificate template with the source of subject name set to "Supplied in the request" and Enroll permissions granted to a broader set of accounts.
The flaw was discovered by Lou Scicchitano, Scot Berner, and Justin Bollinger with TrustedSec, who disclosed the "EKUwu" vulnerability in October. Microsoft assesses future exploitation of this vulnerability as "more likely."
CVE-2024-49040 - Microsoft Exchange Server Spoofing Vulnerability
Vulnerability type: Spoofing
Affected product: Microsoft Exchange Server
CVSS v3 base score: 7.5
Severity rating: Important
This vulnerability allows threat actors to spoof the sender's email address in emails to local recipients. The vulnerability is caused by the current implementation of the P2 FROM header verification in transport.
Starting with this month's Microsoft Exchange security updates, Microsoft is now detecting and flagging spoofed emails with an alert prepended to the email body. The flaw was discovered by Slonser at Solidlab, who publicly disclosed it. Patches are available for Exchange 2019 CU13 and CU14, as well as Exchange 2016 CU23.
Critical Vulnerabilities Patched in November 2024
Four vulnerabilities have been rated as Critical in the November 2024 Patch Tuesday release. Let's examine each of these critical vulnerabilities in detail:
CVE ID
|
Description
|
CVSSv3
|
Severity
|
---|---|---|---|
CVE-2024-43639
|
Windows Kerberos Remote Code Execution Vulnerability
|
9.8
|
Critical
|
CVE-2024-43625
|
Microsoft Windows VMSwitch Elevation of Privilege Vulnerability
|
8.1
|
Critical
|
CVE-2024-49056
|
Airlift.microsoft.com Elevation of Privilege Vulnerability
|
7.3
|
Critical
|
CVE-2024-43498
|
.NET and Visual Studio Remote Code Execution Vulnerability
|
9.8
|
Critical
|
CVE-2024-43639 - Windows Kerberos Remote Code Execution Vulnerability
Vulnerability type: Remote Code Execution
Affected product: Windows Kerberos
CVSS v3 base score: 9.8
Severity rating: Critical
Windows Kerberos is a protocol that verifies user and host identities on a network. Kerberos uses a Key Distribution Center (KDC) and symmetric key cryptography to authenticate users. An unauthenticated attacker could use a specially crafted application to exploit a cryptographic protocol vulnerability in Windows Kerberos to perform remote code execution against the target.
While Microsoft rates this bug as "Exploitation Less Likely," the high CVSS score and the potential for unauthenticated remote code execution make this a priority for patching.
CVE-2024-43625 - Microsoft Windows VMSwitch Elevation of Privilege Vulnerability
Vulnerability type: Elevation of Privilege
Affected product: Microsoft Windows VMSwitch
CVSS v3 base score: 8.1
Severity rating: Critical
A Microsoft Windows VMSwitch, or virtual switch, is a software program that allows virtual machines (VMs) to communicate with each other and physical networks. VMSwitches are available in Hyper-V Manager when the Hyper-V server role is installed.
Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and prepare the target environment. Upon successful exploitation, an attacker may gain SYSTEM privileges.
CVE-2024-49056 - Airlift.microsoft.com Elevation of Privilege Vulnerability
Vulnerability type: Elevation of Privilege
Affected product: Airlift.microsoft.com
CVSS v3 base score: 7.3
Severity rating: Critical
The authentication bypass vulnerability by assumed-immutable data on airlift.microsoft.com may allow an authorized attacker to elevate privileges over a network. Microsoft has provided limited details about the exploitation methods or potential impact.
CVE-2024-43498 - .NET and Visual Studio Remote Code Execution Vulnerability
Vulnerability type: Remote Code Execution
Affected product: .NET and Visual Studio
CVSS v3 base score: 9.8
Severity rating: Critical
This vulnerability could allow a remote unauthenticated attacker to execute code by either:
Sending specially crafted requests to a vulnerable .NET webapp
Loading a specially crafted file into a vulnerable desktop app
The CVSS v3 base score of 9.8 reflects the critical nature of this vulnerability, as it requires no privileges or user interaction and can be exploited with low attack complexity. While Microsoft assesses exploitation as less likely, the potential for unauthenticated network-based attacks makes this a high-priority patch.
Vulnerabilities by Category
In total, 89 vulnerabilities were addressed in November's Patch Tuesday. Remote code execution issues top the list with 52 patches, followed by elevation of privilege vulnerabilities at 26 occurrences. The rest consist of spoofing, denial of service, security feature bypass, and information disclosure vulnerabilities.
Here is the breakdown of the categories patched this month:
Remote Code Execution - 52
Elevation of Privilege - 26
Spoofing - 3
Security Feature Bypass - 2
Information Disclosure - 1
Here is a table with the vulnerability categories and associated CVE IDs from Microsoft's November 2024 Patch Tuesday:
Vulnerability Category
|
CVE IDs
|
---|---|
Remote Code Execution
|
CVE-2024-43639 (Windows Kerberos)
CVE-2024-43498 (.NET and Visual Studio) CVE-2024-38255 (SQL Server) CVE-2024-43459 (SQL Server) CVE-2024-43462 (SQL Server) CVE-2024-48993 through CVE-2024-49018 (SQL Server) CVE-2024-43621 through CVE-2024-43628 (Windows Telephony) CVE-2024-43635 (Windows Telephony) CVE-2024-43447 (Windows SMBv3) CVE-2024-43602 (Azure CycleCloud) CVE-2024-49031, CVE-2024-49032 (Microsoft Office Graphics) CVE-2024-49026 - CVE-2024-49030 (Microsoft Excel) CVE-2024-49050 (Visual Studio Code Python Extension) CVE-2024-49048 (TorchGeo) CVE-2024-43598 (LightGBM) |
Elevation of Privilege
|
CVE-2024-49039 (Windows Task Scheduler)
CVE-2024-49019 (Active Directory Certificate Services) CVE-2024-43625 (Windows VMSwitch) CVE-2024-49056 (Airlift.microsoft.com) CVE-2024-43636 (Win32k) CVE-2024-43629 (Windows DWM Core Library) CVE-2024-43630 (Windows Kernel) CVE-2024-43623 (Windows NT OS Kernel) CVE-2024-43640 (Windows Kernel-Mode Driver) CVE-2024-43631, CVE-2024-43646 (Windows Secure Kernel Mode) CVE-2024-43641, CVE-2024-43452 (Windows Registry) CVE-2024-43634, CVE-2024-43637, CVE-2024-43638, CVE-2024-43643, CVE-2024-43449 (Windows USB Video Driver) CVE-2024-43530 (Windows Update Stack) CVE-2024-49044 (Visual Studio) CVE-2024-49049 (Visual Studio Code) CVE-2024-43644 (Windows CSC) CVE-2024-49051 (Microsoft PC Manager) |
Spoofing
|
CVE-2024-43451 (Windows NTLM)<br>CVE-2024-49040 (Microsoft Exchange Server)
CVE-2024-43450 (Windows DNS) |
Denial of Service
|
CVE-2024-43633 (Windows Hyper-V)
CVE-2024-43642 (Windows SMB) CVE-2024-43499 (.NET and Visual Studio) CVE-2024-38264 (Microsoft Virtual Hard Drive) |
Security Feature Bypass
|
CVE-2024-43645 (Windows Defender Application Control)
CVE-2024-49033 (Microsoft Word) |
Information Disclosure
|
CVE-2024-38203 (Windows Package Library Manager)
|
List of Products Patched in November 2024 Patch Tuesday Report
Microsoft's November 2024 Patch Tuesday includes updates for a wide range of its products, applications, and services. Here are the applications and product components that received patches:
Product Name
|
No. of Vulnerabilities Patched
|
---|---|
SQL Server
|
29
|
Windows Telephony Service
|
7
|
Windows USB Video Driver
|
5
|
Windows Secure Kernel Mode
|
3
|
Microsoft Excel
|
5
|
Windows Kernel
|
3
|
Microsoft Office Graphics
|
2
|
Azure
|
5
|
Windows Registry
|
2
|
.NET and Visual Studio
|
2
|
Windows Hyper-V
|
2
|
Microsoft Exchange Server
|
1
|
Windows DWM Core Library
|
1
|
Windows VMSwitch
|
1
|
Windows Kerberos
|
1
|
Windows Task Scheduler
|
1
|
Active Directory Certificate Services
|
1
|
Windows NTLM
|
1
|
Windows Package Library Manager
|
1
|
Windows DNS
|
1
|
Windows SMB
|
1
|
Windows SMBv3
|
1
|
Windows Update Stack
|
1
|
Microsoft Word
|
1
|
Visual Studio Code
|
2
|
Microsoft PC Manager
|
1
|
1
|
|
Windows CSC Service
|
1
|
Windows Defender Application Control
|
1
|
Microsoft Virtual Hard Drive
|
1
|
TorchGeo
|
1
|
LightGBM
|
1
|
Microsoft Edge (Chromium-based)
|
2
|
Complete List of Vulnerabilities Patched in November 2024 Patch Tuesday.
Download the complete list of vulnerabilities by products patched in November 2024 Patch Tuesday here.
Apps vulnerabilities
CVE
|
Title
|
Exploited?
|
Publicly disclosed?
|
CVSSv3 base score
|
---|---|---|---|---|
Microsoft PC Manager Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
Azure vulnerabilities
CVE
|
Title
|
Exploited?
|
Publicly disclosed?
|
CVSSv3 base score
|
---|---|---|---|---|
Azure CycleCloud Remote Code Execution Vulnerability
|
No
|
No
|
9.9
|
|
Airlift.microsoft.com Elevation of Privilege Vulnerability
|
No
|
No
|
7.3
|
|
Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability
|
No
|
No
|
7.2
|
|
Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability
|
No
|
No
|
7.2
|
Browser vulnerabilities
CVE
|
Title
|
Exploited?
|
Publicly disclosed?
|
CVSSv3 base score
|
---|---|---|---|---|
Chromium: CVE-2024-10827 Use after free in Serial
|
No
|
No
|
N/A
|
|
Chromium: CVE-2024-10826 Use after free in Family Experiences
|
No
|
No
|
N/A
|
Developer Tools vulnerabilities
CVE
|
Title
|
Exploited?
|
Publicly disclosed?
|
CVSSv3 base score
|
---|---|---|---|---|
.NET and Visual Studio Remote Code Execution Vulnerability
|
No
|
No
|
9.8
|
|
Visual Studio Code Python Extension Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
.NET and Visual Studio Denial of Service Vulnerability
|
No
|
No
|
7.5
|
|
Visual Studio Code Remote Extension Elevation of Privilege Vulnerability
|
No
|
No
|
7.1
|
|
Visual Studio Elevation of Privilege Vulnerability
|
No
|
No
|
6.7
|
ESU Windows vulnerabilities
CVE
|
Title
|
Exploited?
|
Publicly disclosed?
|
CVSSv3 base score
|
---|---|---|---|---|
Windows Kerberos Remote Code Execution Vulnerability
|
No
|
No
|
9.8
|
|
Windows Telephony Service Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
Windows Telephony Service Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
Windows Telephony Service Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
Windows Telephony Service Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
Windows Telephony Service Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
Windows Telephony Service Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Windows Telephony Service Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Windows Registry Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Windows NT OS Kernel Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Windows Client-Side Caching Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Win32k Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Active Directory Certificate Services Elevation of Privilege Vulnerability
|
No
|
Yes
|
7.8
|
|
Windows Registry Elevation of Privilege Vulnerability
|
No
|
No
|
7.5
|
|
Windows DNS Spoofing Vulnerability
|
No
|
No
|
7.5
|
|
Windows USB Video Class System Driver Elevation of Privilege Vulnerability
|
No
|
No
|
6.8
|
|
Windows USB Video Class System Driver Elevation of Privilege Vulnerability
|
No
|
No
|
6.8
|
|
Windows USB Video Class System Driver Elevation of Privilege Vulnerability
|
No
|
No
|
6.8
|
|
Windows USB Video Class System Driver Elevation of Privilege Vulnerability
|
No
|
No
|
6.8
|
|
Windows USB Video Class System Driver Elevation of Privilege Vulnerability
|
No
|
No
|
6.8
|
|
NTLM Hash Disclosure Spoofing Vulnerability
|
Yes
|
Yes
|
6.5
|
|
Windows Package Library Manager Information Disclosure Vulnerability
|
No
|
No
|
6.2
|
Mariner System Center vulnerabilities
CVE
|
Title
|
Exploited?
|
Publicly disclosed?
|
CVSSv3 base score
|
---|---|---|---|---|
OpenSSL: CVE-2024-5535 SSL_select_next_proto buffer overread
|
No
|
No
|
9.1
|
Microsoft Office vulnerabilities
CVE
|
Title
|
Exploited?
|
Publicly disclosed?
|
CVSSv3 base score
|
---|---|---|---|---|
Microsoft Office Graphics Remote Code Execution Vulnerability
|
No
|
No
|
7.8
|
|
Microsoft Office Graphics Remote Code Execution Vulnerability
|
No
|
No
|
7.8
|
|
Microsoft Excel Remote Code Execution Vulnerability
|
No
|
No
|
7.8
|
|
Microsoft Excel Remote Code Execution Vulnerability
|
No
|
No
|
7.8
|
|
Microsoft Excel Remote Code Execution Vulnerability
|
No
|
No
|
7.8
|
|
Microsoft Excel Remote Code Execution Vulnerability
|
No
|
No
|
7.8
|
|
Microsoft Excel Remote Code Execution Vulnerability
|
No
|
No
|
7.8
|
|
Microsoft Word Security Feature Bypass Vulnerability
|
No
|
No
|
7.5
|
Open Source Software vulnerabilities
CVE
|
Title
|
Exploited?
|
Publicly disclosed?
|
CVSSv3 base score
|
---|---|---|---|---|
TorchGeo Remote Code Execution Vulnerability
|
No
|
No
|
8.1
|
|
LightGBM Remote Code Execution Vulnerability
|
No
|
No
|
7.5
|
SQL Server vulnerabilities
CVE
|
Title
|
Exploited?
|
Publicly disclosed?
|
CVSSv3 base score
|
---|---|---|---|---|
SQL Server Native Client Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
SQL Server Native Client Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
SQL Server Native Client Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
SQL Server Native Client Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
SQL Server Native Client Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
SQL Server Native Client Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
SQL Server Native Client Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
SQL Server Native Client Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
SQL Server Native Client Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
SQL Server Native Client Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
SQL Server Native Client Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
SQL Server Native Client Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
SQL Server Native Client Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
SQL Server Native Client Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
SQL Server Native Client Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
SQL Server Native Client Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
SQL Server Native Client Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
SQL Server Native Client Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
SQL Server Native Client Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
SQL Server Native Client Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
SQL Server Native Client Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
SQL Server Native Client Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
SQL Server Native Client Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
SQL Server Native Client Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
SQL Server Native Client Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
SQL Server Native Client Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
SQL Server Native Client Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
SQL Server Native Client Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
SQL Server Native Client Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
Microsoft.SqlServer.XEvent.Configuration.dll Remote Code Execution Vulnerability
|
No
|
No
|
7.8
|
|
Microsoft SQL Server Remote Code Execution Vulnerability
|
No
|
No
|
7.8
|
Server Software vulnerabilities
CVE
|
Title
|
Exploited?
|
Publicly disclosed?
|
CVSSv3 base score
|
---|---|---|---|---|
Microsoft Exchange Server Spoofing Vulnerability
|
No
|
Yes
|
7.5
|
Windows vulnerabilities
CVE
|
Title
|
Exploited?
|
Publicly disclosed?
|
CVSSv3 base score
|
---|---|---|---|---|
Windows Task Scheduler Elevation of Privilege Vulnerability
|
Yes
|
No
|
8.8
|
|
Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability
|
No
|
No
|
8.8
|
|
Windows SMBv3 Server Remote Code Execution Vulnerability
|
No
|
No
|
8.1
|
|
Microsoft Windows VMSwitch Elevation of Privilege Vulnerability
|
No
|
No
|
8.1
|
|
Windows Update Stack Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Windows Kernel Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Windows DWM Core Library Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Windows SMB Denial of Service Vulnerability
|
No
|
No
|
7.5
|
|
Windows Secure Kernel Mode Elevation of Privilege Vulnerability
|
No
|
No
|
6.7
|
|
Windows Secure Kernel Mode Elevation of Privilege Vulnerability
|
No
|
No
|
6.7
|
|
Windows Defender Application Control (WDAC) Security Feature Bypass Vulnerability
|
No
|
No
|
6.7
|
|
Windows Hyper-V Denial of Service Vulnerability
|
No
|
No
|
6.5
|
|
Microsoft Virtual Hard Disk (VHDX) Denial of Service Vulnerability
|
No
|
No
|
5.9
|
Bottom Line
Microsoft's November 2024 Patch Tuesday addressed 89 total vulnerabilities, headlined by fixes for four zero-day flaws, two of which were actively exploited in the wild:
CVE-2024-43451 (NTLM Hash Disclosure Spoofing Vulnerability)
CVE-2024-49039 (Windows Task Scheduler Elevation of Privilege Vulnerability)
CVE-2024-49019 (Active Directory Certificate Services Elevation of Privilege Vulnerability)
CVE-2024-49040 (Microsoft Exchange Server Spoofing Vulnerability)
The release included four critical vulnerabilities:
CVE-2024-43639 - Critical Windows Kerberos Remote Code Execution vulnerability
CVE-2024-43625 - Critical Microsoft Windows VMSwitch Elevation of Privilege vulnerability
CVE-2024-49056 - Critical Airlift.microsoft.com Elevation of Privilege vulnerability
CVE-2024-43498 - Critical .NET and Visual Studio Remote Code Execution vulnerability
In total, the vulnerabilities addressed were categorized as follows:
52 Remote Code Execution vulnerabilities
26 Elevation of Privilege vulnerabilities
3 Spoofing vulnerabilities
4 Denial of Service vulnerabilities
2 Security Feature Bypass vulnerabilities
1 Information Disclosure vulnerability
The extensive patch load stresses the importance of continuous monitoring, vulnerability management, and updating to counter sophisticated multi-stage attacks targeting enterprise networks. Prioritizing remediation efforts by potential business impact is crucial.
We aim to keep readers informed each month in our Patch Tuesday reports. Please follow our website [website_name] or subscribe to our social media pages on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium & Instagram to receive similar updates.
Severity
|
Count
|
Key Types
|
---|---|---|
Critical
|
4
|
Remote Code Execution, Elevation of Privilege
|
Important
|
82
|
Remote Code Execution, Elevation of Privilege, Spoofing, Denial of Service, Security Feature Bypass, Information Disclosure
|
Moderate
|
1
|
Elevation of Privilege
|
Zero-days
|
4
|
2 actively exploited, 3 publicly disclosed
|
Overall, this month's patches reflect Microsoft's continued commitment to addressing security vulnerabilities across its product portfolio, with particular emphasis on remote code execution and privilege escalation flaws. Organizations should prioritize the actively exploited zero-days and critical vulnerabilities in their patch deployment strategy.
We aim to keep readers informed each month in our Patch Tuesday reports. Please follow our website thesecmaster.com or subscribe to our social media pages on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium & Instagram to receive similar updates.
You may also like these articles:
Arun KL
Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.