Microsoft Patch Tuesday – November 2024

Microsoft Patch Tuesday – November 2024

No Comments

Microsoft patched 87 CVEs in its November 2024 Patch Tuesday release, with four rated critical, 82 rated important and one rated moderate.

  • 26 Elevation of Privilege vulnerabilities
  • 2 Security Feature Bypass vulnerabilities
  • 51 Remote Code Execution vulnerabilities
  • 1 Information Disclosure vulnerability
  • 4 Denial of Service vulnerabilities
  • 3 Spoofing vulnerabilities

Based on the active  exploitation evidence, CISA has added CVE-2024-49039 and CVE-2024-43451 to its Known  exploited catalog

NTLM Hash Disclosure Spoofing Vulnerability

The vulnerability tracked as CVE-2024-43451 with a CVSSv3 of 6.5,  is a NTLM hash spoofing vulnerability in Microsoft Windows. An attacker could exploit this flaw by convincing a user to open a specially crafted file. Successful exploitation would lead to the unauthorized disclosure of a user’s NTLMv2 hash, which an attacker could then use to authenticate to the system as the user. This vulnerability was exploited in the wild as a zero-day. No further details about this vulnerability were available at the time this blog post was published.

Windows Task Scheduler Elevation of Privilege Vulnerability

The vulnerability tracked as CVE-2024-49039 with a CVSSv3 score of 8.8  is an EoP vulnerability in the Microsoft Windows Task Scheduler. An attacker with local access to a vulnerable system could exploit this vulnerability by running a specially crafted application. Successful exploitation would allow an attacker to access resources that would otherwise be unavailable to them as well as execute code, such as remote procedure call (RPC) functions. This vulnerability was exploited in the wild as a zero-day. At the time this blog post was published, no further details about in-the-wild exploitation were available.

Advertisements

Active Directory Certificate Services Elevation of Privilege Vulnerability

The vulnerability tracked as CVE-2024-49019 with a CVSSv3 score of 7.8  is an EoP vulnerability affecting Active Directory Certificate Services. It was publicly disclosed prior to a patch being made available. Successful exploitation would allow an attacker to gain administrator privileges. According to Microsoft’s Exploitability Index, this vulnerability is assessed as Exploitation More Likely

Microsoft Exchange Server Spoofing Vulnerability

The vulnerability tracked as CVE-2024-49040 with a CVSSv3 score of 7.5 is a spoofing vulnerability affecting Microsoft Exchange Server 2016 and 2019.

 After applying the update, administrators should review the support article Exchange Server non-RFC compliant P2 FROM header detection. The supplemental guide notes that as part of a “secure by default” approach, the Exchange Server update for November will flag suspicious emails which may contain “malicious patterns in the P2 FROM header.” While this feature can be disabled, Microsoft strongly recommends leaving it enabled to provide further protection from phishing attempts and malicious emails.

Windows Kerberos Remote Code Execution Vulnerability

The vulnerability tracked as CVE-2024-43639 with a CVSSV3 score of 9.8 is a critical RCE vulnerability affecting Windows Kerberos, an authentication protocol designed to verify user or host identities. To exploit this vulnerability, an unauthenticated attacker needs to leverage a cryptographic protocol vulnerability to achieve RCE. No further details were provided by Microsoft about this vulnerability at the time this blog was published.

Advertisements

SQL Server Native Client Remote Code Execution Vulnerability

This month’s release included 29 CVEs for RCEs affecting SQL Server Native Client. All vulnerabilities have a CVSSv3 scores of 8.8 and were rated as “Exploitation Less Likely.” Successful exploitation of these vulnerabilities can be achieved by convincing an authenticated user into connecting to a malicious SQL server database using an affected driver. A full list of the CVEs is included in the table below.

Azure CycleCloud Remote Code Execution Vulnerability

The vulnerability tracked as CVE-2024-43602 with a CVSSv3 score of 9.9, is a RCE vulnerability in Microsoft’s Azure CycleCloud, A user with basic permissions could exploit CVE-2024-43602 by sending specially crafted requests to a vulnerable Azure CycleCloud cluster to modify its configuration. Successful exploitation would result in the user gaining root permissions, which could then be used to execute commands on any cluster in the Azure CycleCloud as well as steal admin credentials.

Patch Tuesday Summary

CVE IDCVE TitleSeverity
CVE-2024-43498.NET and Visual Studio Remote Code Execution VulnerabilityCritical
CVE-2024-49056Airlift.microsoft.com Elevation of Privilege VulnerabilityCritical
CVE-2024-43625Microsoft Windows VMSwitch Elevation of Privilege VulnerabilityCritical
CVE-2024-43639Windows Kerberos Remote Code Execution VulnerabilityCritical
CVE-2024-43499.NET and Visual Studio Denial of Service VulnerabilityImportant
CVE-2024-49019Active Directory Certificate Services Elevation of Privilege VulnerabilityImportant
CVE-2024-43602Azure CycleCloud Remote Code Execution VulnerabilityImportant
CVE-2024-43598LightGBM Remote Code Execution VulnerabilityImportant
CVE-2024-49029Microsoft Excel Remote Code Execution VulnerabilityImportant
CVE-2024-49026Microsoft Excel Remote Code Execution VulnerabilityImportant
CVE-2024-49027Microsoft Excel Remote Code Execution VulnerabilityImportant
CVE-2024-49028Microsoft Excel Remote Code Execution VulnerabilityImportant
CVE-2024-49030Microsoft Excel Remote Code Execution VulnerabilityImportant
CVE-2024-49040Microsoft Exchange Server Spoofing VulnerabilityImportant
CVE-2024-49031Microsoft Office Graphics Remote Code Execution VulnerabilityImportant
CVE-2024-49032Microsoft Office Graphics Remote Code Execution VulnerabilityImportant
CVE-2024-49051Microsoft PC Manager Elevation of Privilege VulnerabilityImportant
CVE-2024-49021Microsoft SQL Server Remote Code Execution VulnerabilityImportant
CVE-2024-38264Microsoft Virtual Hard Disk (VHDX) Denial of Service VulnerabilityImportant
CVE-2024-49033Microsoft Word Security Feature Bypass VulnerabilityImportant
CVE-2024-49043Microsoft.SqlServer.XEvent.Configuration.dll Remote Code Execution VulnerabilityImportant
CVE-2024-43451NTLM Hash Disclosure Spoofing VulnerabilityImportant
CVE-2024-5535OpenSSL: CVE-2024-5535 SSL_select_next_proto buffer overreadImportant
CVE-2024-48998SQL Server Native Client Remote Code Execution VulnerabilityImportant
CVE-2024-48997SQL Server Native Client Remote Code Execution VulnerabilityImportant
CVE-2024-48993SQL Server Native Client Remote Code Execution VulnerabilityImportant
CVE-2024-49001SQL Server Native Client Remote Code Execution VulnerabilityImportant
CVE-2024-49000SQL Server Native Client Remote Code Execution VulnerabilityImportant
CVE-2024-48999SQL Server Native Client Remote Code Execution VulnerabilityImportant
CVE-2024-43462SQL Server Native Client Remote Code Execution VulnerabilityImportant
CVE-2024-48995SQL Server Native Client Remote Code Execution VulnerabilityImportant
CVE-2024-48994SQL Server Native Client Remote Code Execution VulnerabilityImportant
CVE-2024-38255SQL Server Native Client Remote Code Execution VulnerabilityImportant
CVE-2024-48996SQL Server Native Client Remote Code Execution VulnerabilityImportant
CVE-2024-43459SQL Server Native Client Remote Code Execution VulnerabilityImportant
CVE-2024-49002SQL Server Native Client Remote Code Execution VulnerabilityImportant
CVE-2024-49013SQL Server Native Client Remote Code Execution VulnerabilityImportant
CVE-2024-49014SQL Server Native Client Remote Code Execution VulnerabilityImportant
CVE-2024-49011SQL Server Native Client Remote Code Execution VulnerabilityImportant
CVE-2024-49012SQL Server Native Client Remote Code Execution VulnerabilityImportant
CVE-2024-49015SQL Server Native Client Remote Code Execution VulnerabilityImportant
CVE-2024-49018SQL Server Native Client Remote Code Execution VulnerabilityImportant
CVE-2024-49016SQL Server Native Client Remote Code Execution VulnerabilityImportant
CVE-2024-49017SQL Server Native Client Remote Code Execution VulnerabilityImportant
CVE-2024-49010SQL Server Native Client Remote Code Execution VulnerabilityImportant
CVE-2024-49005SQL Server Native Client Remote Code Execution VulnerabilityImportant
CVE-2024-49007SQL Server Native Client Remote Code Execution VulnerabilityImportant
CVE-2024-49003SQL Server Native Client Remote Code Execution VulnerabilityImportant
CVE-2024-49004SQL Server Native Client Remote Code Execution VulnerabilityImportant
CVE-2024-49006SQL Server Native Client Remote Code Execution VulnerabilityImportant
CVE-2024-49009SQL Server Native Client Remote Code Execution VulnerabilityImportant
CVE-2024-49008SQL Server Native Client Remote Code Execution VulnerabilityImportant
CVE-2024-49050Visual Studio Code Python Extension Remote Code Execution VulnerabilityImportant
CVE-2024-49044Visual Studio Elevation of Privilege VulnerabilityImportant
CVE-2024-43636Win32k Elevation of Privilege VulnerabilityImportant
CVE-2024-43644Windows Client-Side Caching Elevation of Privilege VulnerabilityImportant
CVE-2024-43645Windows Defender Application Control (WDAC) Security Feature Bypass VulnerabilityImportant
CVE-2024-43450Windows DNS Spoofing VulnerabilityImportant
CVE-2024-43629Windows DWM Core Library Elevation of Privilege VulnerabilityImportant
CVE-2024-43633Windows Hyper-V Denial of Service VulnerabilityImportant
CVE-2024-43624Windows Hyper-V Shared Virtual Disk Elevation of Privilege VulnerabilityImportant
CVE-2024-43630Windows Kernel Elevation of Privilege VulnerabilityImportant
CVE-2024-43640Windows Kernel-Mode Driver Elevation of Privilege VulnerabilityImportant
CVE-2024-43623Windows NT OS Kernel Elevation of Privilege VulnerabilityImportant
CVE-2024-38203Windows Package Library Manager Information Disclosure VulnerabilityImportant
CVE-2024-43641Windows Registry Elevation of Privilege VulnerabilityImportant
CVE-2024-43452Windows Registry Elevation of Privilege VulnerabilityImportant
CVE-2024-43631Windows Secure Kernel Mode Elevation of Privilege VulnerabilityImportant
CVE-2024-43646Windows Secure Kernel Mode Elevation of Privilege VulnerabilityImportant
CVE-2024-43642Windows SMB Denial of Service VulnerabilityImportant
CVE-2024-43447Windows SMBv3 Server Remote Code Execution VulnerabilityImportant
CVE-2024-49039Windows Task Scheduler Elevation of Privilege VulnerabilityImportant
CVE-2024-43626Windows Telephony Service Elevation of Privilege VulnerabilityImportant
CVE-2024-43628Windows Telephony Service Remote Code Execution VulnerabilityImportant
CVE-2024-43621Windows Telephony Service Remote Code Execution VulnerabilityImportant
CVE-2024-43620Windows Telephony Service Remote Code Execution VulnerabilityImportant
CVE-2024-43627Windows Telephony Service Remote Code Execution VulnerabilityImportant
CVE-2024-43635Windows Telephony Service Remote Code Execution VulnerabilityImportant
CVE-2024-43622Windows Telephony Service Remote Code Execution VulnerabilityImportant
CVE-2024-43530Windows Update Stack Elevation of Privilege VulnerabilityImportant
CVE-2024-43643Windows USB Video Class System Driver Elevation of Privilege VulnerabilityImportant
CVE-2024-43449Windows USB Video Class System Driver Elevation of Privilege VulnerabilityImportant
CVE-2024-43637Windows USB Video Class System Driver Elevation of Privilege VulnerabilityImportant
CVE-2024-43634Windows USB Video Class System Driver Elevation of Privilege VulnerabilityImportant
CVE-2024-43638Windows USB Video Class System Driver Elevation of Privilege VulnerabilityImportant
CVE-2024-49046Windows Win32 Kernel Subsystem Elevation of Privilege VulnerabilityImportant
CVE-2024-49049Visual Studio Code Remote Extension Elevation of Privilege VulnerabilityModerate
Tags:

Comments

No comments yet. Why don’t you start the discussion?

    Leave a Reply

    This site uses Akismet to reduce spam. Learn how your comment data is processed.