Microsoft patched 87 CVEs in its November 2024 Patch Tuesday release, with four rated critical, 82 rated important and one rated moderate.
- 26 Elevation of Privilege vulnerabilities
- 2 Security Feature Bypass vulnerabilities
- 51 Remote Code Execution vulnerabilities
- 1 Information Disclosure vulnerability
- 4 Denial of Service vulnerabilities
- 3 Spoofing vulnerabilities
Based on the active exploitation evidence, CISA has added CVE-2024-49039 and CVE-2024-43451 to its Known exploited catalog
NTLM Hash Disclosure Spoofing Vulnerability
The vulnerability tracked as CVE-2024-43451 with a CVSSv3 of 6.5, is a NTLM hash spoofing vulnerability in Microsoft Windows. An attacker could exploit this flaw by convincing a user to open a specially crafted file. Successful exploitation would lead to the unauthorized disclosure of a user’s NTLMv2 hash, which an attacker could then use to authenticate to the system as the user. This vulnerability was exploited in the wild as a zero-day. No further details about this vulnerability were available at the time this blog post was published.
Windows Task Scheduler Elevation of Privilege Vulnerability
The vulnerability tracked as CVE-2024-49039 with a CVSSv3 score of 8.8 is an EoP vulnerability in the Microsoft Windows Task Scheduler. An attacker with local access to a vulnerable system could exploit this vulnerability by running a specially crafted application. Successful exploitation would allow an attacker to access resources that would otherwise be unavailable to them as well as execute code, such as remote procedure call (RPC) functions. This vulnerability was exploited in the wild as a zero-day. At the time this blog post was published, no further details about in-the-wild exploitation were available.
Active Directory Certificate Services Elevation of Privilege Vulnerability
The vulnerability tracked as CVE-2024-49019 with a CVSSv3 score of 7.8 is an EoP vulnerability affecting Active Directory Certificate Services. It was publicly disclosed prior to a patch being made available. Successful exploitation would allow an attacker to gain administrator privileges. According to Microsoft’s Exploitability Index, this vulnerability is assessed as Exploitation More Likely
Microsoft Exchange Server Spoofing Vulnerability
The vulnerability tracked as CVE-2024-49040 with a CVSSv3 score of 7.5 is a spoofing vulnerability affecting Microsoft Exchange Server 2016 and 2019.
After applying the update, administrators should review the support article Exchange Server non-RFC compliant P2 FROM header detection. The supplemental guide notes that as part of a “secure by default” approach, the Exchange Server update for November will flag suspicious emails which may contain “malicious patterns in the P2 FROM header.” While this feature can be disabled, Microsoft strongly recommends leaving it enabled to provide further protection from phishing attempts and malicious emails.
Windows Kerberos Remote Code Execution Vulnerability
The vulnerability tracked as CVE-2024-43639 with a CVSSV3 score of 9.8 is a critical RCE vulnerability affecting Windows Kerberos, an authentication protocol designed to verify user or host identities. To exploit this vulnerability, an unauthenticated attacker needs to leverage a cryptographic protocol vulnerability to achieve RCE. No further details were provided by Microsoft about this vulnerability at the time this blog was published.
SQL Server Native Client Remote Code Execution Vulnerability
This month’s release included 29 CVEs for RCEs affecting SQL Server Native Client. All vulnerabilities have a CVSSv3 scores of 8.8 and were rated as “Exploitation Less Likely.” Successful exploitation of these vulnerabilities can be achieved by convincing an authenticated user into connecting to a malicious SQL server database using an affected driver. A full list of the CVEs is included in the table below.
Azure CycleCloud Remote Code Execution Vulnerability
The vulnerability tracked as CVE-2024-43602 with a CVSSv3 score of 9.9, is a RCE vulnerability in Microsoft’s Azure CycleCloud, A user with basic permissions could exploit CVE-2024-43602 by sending specially crafted requests to a vulnerable Azure CycleCloud cluster to modify its configuration. Successful exploitation would result in the user gaining root permissions, which could then be used to execute commands on any cluster in the Azure CycleCloud as well as steal admin credentials.
Patch Tuesday Summary
| CVE ID | CVE Title | Severity |
| CVE-2024-43498 | .NET and Visual Studio Remote Code Execution Vulnerability | Critical |
| CVE-2024-49056 | Airlift.microsoft.com Elevation of Privilege Vulnerability | Critical |
| CVE-2024-43625 | Microsoft Windows VMSwitch Elevation of Privilege Vulnerability | Critical |
| CVE-2024-43639 | Windows Kerberos Remote Code Execution Vulnerability | Critical |
| CVE-2024-43499 | .NET and Visual Studio Denial of Service Vulnerability | Important |
| CVE-2024-49019 | Active Directory Certificate Services Elevation of Privilege Vulnerability | Important |
| CVE-2024-43602 | Azure CycleCloud Remote Code Execution Vulnerability | Important |
| CVE-2024-43598 | LightGBM Remote Code Execution Vulnerability | Important |
| CVE-2024-49029 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| CVE-2024-49026 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| CVE-2024-49027 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| CVE-2024-49028 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| CVE-2024-49030 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| CVE-2024-49040 | Microsoft Exchange Server Spoofing Vulnerability | Important |
| CVE-2024-49031 | Microsoft Office Graphics Remote Code Execution Vulnerability | Important |
| CVE-2024-49032 | Microsoft Office Graphics Remote Code Execution Vulnerability | Important |
| CVE-2024-49051 | Microsoft PC Manager Elevation of Privilege Vulnerability | Important |
| CVE-2024-49021 | Microsoft SQL Server Remote Code Execution Vulnerability | Important |
| CVE-2024-38264 | Microsoft Virtual Hard Disk (VHDX) Denial of Service Vulnerability | Important |
| CVE-2024-49033 | Microsoft Word Security Feature Bypass Vulnerability | Important |
| CVE-2024-49043 | Microsoft.SqlServer.XEvent.Configuration.dll Remote Code Execution Vulnerability | Important |
| CVE-2024-43451 | NTLM Hash Disclosure Spoofing Vulnerability | Important |
| CVE-2024-5535 | OpenSSL: CVE-2024-5535 SSL_select_next_proto buffer overread | Important |
| CVE-2024-48998 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| CVE-2024-48997 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| CVE-2024-48993 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| CVE-2024-49001 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| CVE-2024-49000 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| CVE-2024-48999 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| CVE-2024-43462 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| CVE-2024-48995 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| CVE-2024-48994 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| CVE-2024-38255 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| CVE-2024-48996 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| CVE-2024-43459 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| CVE-2024-49002 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| CVE-2024-49013 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| CVE-2024-49014 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| CVE-2024-49011 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| CVE-2024-49012 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| CVE-2024-49015 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| CVE-2024-49018 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| CVE-2024-49016 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| CVE-2024-49017 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| CVE-2024-49010 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| CVE-2024-49005 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| CVE-2024-49007 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| CVE-2024-49003 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| CVE-2024-49004 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| CVE-2024-49006 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| CVE-2024-49009 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| CVE-2024-49008 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| CVE-2024-49050 | Visual Studio Code Python Extension Remote Code Execution Vulnerability | Important |
| CVE-2024-49044 | Visual Studio Elevation of Privilege Vulnerability | Important |
| CVE-2024-43636 | Win32k Elevation of Privilege Vulnerability | Important |
| CVE-2024-43644 | Windows Client-Side Caching Elevation of Privilege Vulnerability | Important |
| CVE-2024-43645 | Windows Defender Application Control (WDAC) Security Feature Bypass Vulnerability | Important |
| CVE-2024-43450 | Windows DNS Spoofing Vulnerability | Important |
| CVE-2024-43629 | Windows DWM Core Library Elevation of Privilege Vulnerability | Important |
| CVE-2024-43633 | Windows Hyper-V Denial of Service Vulnerability | Important |
| CVE-2024-43624 | Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability | Important |
| CVE-2024-43630 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| CVE-2024-43640 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | Important |
| CVE-2024-43623 | Windows NT OS Kernel Elevation of Privilege Vulnerability | Important |
| CVE-2024-38203 | Windows Package Library Manager Information Disclosure Vulnerability | Important |
| CVE-2024-43641 | Windows Registry Elevation of Privilege Vulnerability | Important |
| CVE-2024-43452 | Windows Registry Elevation of Privilege Vulnerability | Important |
| CVE-2024-43631 | Windows Secure Kernel Mode Elevation of Privilege Vulnerability | Important |
| CVE-2024-43646 | Windows Secure Kernel Mode Elevation of Privilege Vulnerability | Important |
| CVE-2024-43642 | Windows SMB Denial of Service Vulnerability | Important |
| CVE-2024-43447 | Windows SMBv3 Server Remote Code Execution Vulnerability | Important |
| CVE-2024-49039 | Windows Task Scheduler Elevation of Privilege Vulnerability | Important |
| CVE-2024-43626 | Windows Telephony Service Elevation of Privilege Vulnerability | Important |
| CVE-2024-43628 | Windows Telephony Service Remote Code Execution Vulnerability | Important |
| CVE-2024-43621 | Windows Telephony Service Remote Code Execution Vulnerability | Important |
| CVE-2024-43620 | Windows Telephony Service Remote Code Execution Vulnerability | Important |
| CVE-2024-43627 | Windows Telephony Service Remote Code Execution Vulnerability | Important |
| CVE-2024-43635 | Windows Telephony Service Remote Code Execution Vulnerability | Important |
| CVE-2024-43622 | Windows Telephony Service Remote Code Execution Vulnerability | Important |
| CVE-2024-43530 | Windows Update Stack Elevation of Privilege Vulnerability | Important |
| CVE-2024-43643 | Windows USB Video Class System Driver Elevation of Privilege Vulnerability | Important |
| CVE-2024-43449 | Windows USB Video Class System Driver Elevation of Privilege Vulnerability | Important |
| CVE-2024-43637 | Windows USB Video Class System Driver Elevation of Privilege Vulnerability | Important |
| CVE-2024-43634 | Windows USB Video Class System Driver Elevation of Privilege Vulnerability | Important |
| CVE-2024-43638 | Windows USB Video Class System Driver Elevation of Privilege Vulnerability | Important |
| CVE-2024-49046 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | Important |
| CVE-2024-49049 | Visual Studio Code Remote Extension Elevation of Privilege Vulnerability | Moderate |
