Today is Microsoft’s November 2024 Patch Tuesday, which includes security updates for 89 flaws, including four zero-days, two of which are actively exploited.
This Patch Tuesday fixed four critical vulnerabilities, which include two remote code execution and two elevation of privileges flaws.
The number of bugs in each vulnerability category is listed below:
26 Elevation of Privilege vulnerabilities
2 Security Feature Bypass vulnerabilities
52 Remote Code Execution vulnerabilities
1 Information Disclosure vulnerability
4 Denial of Service vulnerabilities
3 Spoofing vulnerabilities
This count does not include two Edge flaws that were previously fixed on November 7th.
To learn more about the non-security updates released today, you can review our dedicated articles on the new Windows 11 KB5046617 and KB5046633 cumulative updates and the Windows 10 KB5046613 update.
Four zero-days disclosed
This month’s Patch Tuesday fixes four zero-days, two of which were actively exploited in attacks, and three were publicly disclosed.
Microsoft classifies a zero-day flaw as one that is publicly disclosed or actively exploited while no official fix is available.
The two actively exploited zero-day vulnerabilities in today’s updates are:
CVE-2024-43451 – NTLM Hash Disclosure Spoofing Vulnerability
Microsoft has fixed a vulnerability that exposes NTLM hashes to remote attackers with minimal interaction with a malicious file.
“This vulnerability discloses a user’s NTLMv2 hash to the attacker who could use this to authenticate as the user,” explained Microsoft.
“Minimal interaction with a malicious file by a user such as selecting (single-click), inspecting (right-click), or performing an action other than opening or executing could trigger this vulnerability,” continued Microsoft.
Microsoft says Israel Yeshurun of ClearSky Cyber Security discovered this vulnerability and that it was publicly disclosed, but did not share any further details.
CVE-2024-49039 – Windows Task Scheduler Elevation of Privilege Vulnerability
A specially crafted application could be executed that elevates privilege to Medium Integrity level.
“In this case, a successful attack could be performed from a low privilege AppContainer. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment,” explained Microsoft.
Microsoft says that exploiting this vulnerability would allow attackers to execute RPC functions that are normally restricted to privileged accounts.
The flaw was discovered by Vlad Stolyarov and Bahare Sabouri of Google’s Threat Analysis Group.
It is not known how the flaw was exploited in attacks.
The other three vulnerabilities that were publicly disclosed but not exploited in attacks are:
CVE-2024-49040 – Microsoft Exchange Server Spoofing Vulnerability
Microsoft has fixed a Microsoft Exchange vulnerability that allows threat actors to spoof the sender’s email address in emails to local recipients.
“Microsoft is aware of a vulnerability (CVE-2024-49040) that allows attackers to run spoofing attacks against Microsoft Exchange Server,” explains a related advisory by Microsoft.
“The vulnerability is caused by the current implementation of the P2 FROM header verification, which happens in transport.”
Starting with this month’s Microsoft Exchange security updates, Microsoft is now detecting and flagging spoofed emails with an alert prepended to the email body that states, “Notice: This email appears to be suspicious. Do not trust the information, links, or attachments in this email without verifying the source through a trusted method.”
Microsoft says the flaw was discovered by Slonser at Solidlab, who publicly disclosed the flaw in this article.
CVE-2024-49019 – Active Directory Certificate Services Elevation of Privilege Vulnerability
Microsoft fixed a flaw that allows attackers to gain domain administrator privileges by abusing built-in default version 1 certificate templates.
“Check if you have published any certificates created using a version 1 certificate template where the Source of subject name is set to “Supplied in the request” and the Enroll permissions are granted to a broader set of accounts, such as domain users or domain computers,” explains Microsoft.
“An example is the built-in Web Server template, but it is not vulnerable by default due to its restricted Enroll permissions.”
The flaw was discovered by Lou Scicchitano, Scot Berner, and Justin Bollinger with TrustedSec, who disclosed the “EKUwu” vulnerability in October.
“Using built-in default version 1 certificate templates, an attacker can craft a CSR to include application policies that are preferred over the configured Extended Key Usage attributes specified in the template,” reads TrustedSec’s report.
“The only requirement is enrollment rights, and it can be used to generate client authentication, certificate request agent, and codesigning certificates using the WebServer template.”
As explained above, CVE-2024-43451 was also publicly disclosed.
Recent updates from other companies
Other vendors who released updates or advisories in November 2024 include:
Adobe released security updates for numerous applications, including Photoshop, Illustrator, and Commerce.
Cisco releases security updates for multiple products, including Cisco Phones, Nexus Dashboard, Identity Services Engine, and more.
Citrix releases security updates for NetScaler ADC and NetScaler Gateway vulnerabilities. They also released an update for the Citrix Virtual Apps and Desktops reported by Watchtowr.
Dell releases security updates for code execution and security bypass flaws in SONiC OS.
D-Link releases a security update for a critical DSL6740C flaw that allows modification of account passwords.
Google released Chrome 131, which includes 12 security fixes. No zero-days.
Ivanti releases security updates for twenty-five vulnerabilities in Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), Ivanti Secure Access Client (ISAC).
SAP releases security updates for multiple products as part of November Patch Day.
Schneider Electric releases security updates for flaws in Modicon M340, Momentum, and MC80 products.
Siemens released a security update for a critical 10/10 flaw in TeleControl Server Basic tracked as CVE-2024-44102.
The November 2024 Patch Tuesday Security Updates
Below is the complete list of resolved vulnerabilities in the November 2024 Patch Tuesday updates.
To access the full description of each vulnerability and the systems it affects, you can view the full report here.
Tag
CVE ID
CVE Title
Severity
.NET and Visual Studio
CVE-2024-43499
.NET and Visual Studio Denial of Service Vulnerability
Important
.NET and Visual Studio
CVE-2024-43498
.NET and Visual Studio Remote Code Execution Vulnerability
Critical
Airlift.microsoft.com
CVE-2024-49056
Airlift.microsoft.com Elevation of Privilege Vulnerability
Critical
Azure CycleCloud
CVE-2024-43602
Azure CycleCloud Remote Code Execution Vulnerability
Important
LightGBM
CVE-2024-43598
LightGBM Remote Code Execution Vulnerability
Important
Microsoft Defender for Endpoint
CVE-2024-5535
OpenSSL: CVE-2024-5535 SSL_select_next_proto buffer overread
Important
Microsoft Edge (Chromium-based)
CVE-2024-10826
Chromium: CVE-2024-10826 Use after free in Family Experiences
Unknown
Microsoft Edge (Chromium-based)
CVE-2024-10827
Chromium: CVE-2024-10827 Use after free in Serial
Unknown
Microsoft Exchange Server
CVE-2024-49040
Microsoft Exchange Server Spoofing Vulnerability
Important
Microsoft Graphics Component
CVE-2024-49031
Microsoft Office Graphics Remote Code Execution Vulnerability
Important
Microsoft Graphics Component
CVE-2024-49032
Microsoft Office Graphics Remote Code Execution Vulnerability
Important
Microsoft Office Excel
CVE-2024-49029
Microsoft Excel Remote Code Execution Vulnerability
Important
Microsoft Office Excel
CVE-2024-49026
Microsoft Excel Remote Code Execution Vulnerability
Important
Microsoft Office Excel
CVE-2024-49027
Microsoft Excel Remote Code Execution Vulnerability
Important
Microsoft Office Excel
CVE-2024-49028
Microsoft Excel Remote Code Execution Vulnerability
Important
Microsoft Office Excel
CVE-2024-49030
Microsoft Excel Remote Code Execution Vulnerability
Important
Microsoft Office SharePoint
ADV240001
Microsoft SharePoint Server Defense in Depth Update
None
Microsoft Office Word
CVE-2024-49033
Microsoft Word Security Feature Bypass Vulnerability
Important
Microsoft PC Manager
CVE-2024-49051
Microsoft PC Manager Elevation of Privilege Vulnerability
Important
Microsoft Virtual Hard Drive
CVE-2024-38264
Microsoft Virtual Hard Disk (VHDX) Denial of Service Vulnerability
Important
Microsoft Windows DNS
CVE-2024-43450
Windows DNS Spoofing Vulnerability
Important
Role: Windows Active Directory Certificate Services
CVE-2024-49019
Active Directory Certificate Services Elevation of Privilege Vulnerability
Important
Role: Windows Hyper-V
CVE-2024-43633
Windows Hyper-V Denial of Service Vulnerability
Important
Role: Windows Hyper-V
CVE-2024-43624
Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability
Important
SQL Server
CVE-2024-48998
SQL Server Native Client Remote Code Execution Vulnerability
Important
SQL Server
CVE-2024-48997
SQL Server Native Client Remote Code Execution Vulnerability
Important
SQL Server
CVE-2024-48993
SQL Server Native Client Remote Code Execution Vulnerability
Important
SQL Server
CVE-2024-49001
SQL Server Native Client Remote Code Execution Vulnerability
Important
SQL Server
CVE-2024-49000
SQL Server Native Client Remote Code Execution Vulnerability
Important
SQL Server
CVE-2024-48999
SQL Server Native Client Remote Code Execution Vulnerability
Important
SQL Server
CVE-2024-49043
Microsoft.SqlServer.XEvent.Configuration.dll Remote Code Execution Vulnerability
Important
SQL Server
CVE-2024-43462
SQL Server Native Client Remote Code Execution Vulnerability
Important
SQL Server
CVE-2024-48995
SQL Server Native Client Remote Code Execution Vulnerability
Important
SQL Server
CVE-2024-48994
SQL Server Native Client Remote Code Execution Vulnerability
Important
SQL Server
CVE-2024-38255
SQL Server Native Client Remote Code Execution Vulnerability
Important
SQL Server
CVE-2024-48996
SQL Server Native Client Remote Code Execution Vulnerability
Important
SQL Server
CVE-2024-43459
SQL Server Native Client Remote Code Execution Vulnerability
Important
SQL Server
CVE-2024-49002
SQL Server Native Client Remote Code Execution Vulnerability
Important
SQL Server
CVE-2024-49013
SQL Server Native Client Remote Code Execution Vulnerability
Important
SQL Server
CVE-2024-49014
SQL Server Native Client Remote Code Execution Vulnerability
Important
SQL Server
CVE-2024-49011
SQL Server Native Client Remote Code Execution Vulnerability
Important
SQL Server
CVE-2024-49012
SQL Server Native Client Remote Code Execution Vulnerability
Important
SQL Server
CVE-2024-49015
SQL Server Native Client Remote Code Execution Vulnerability
Important
SQL Server
CVE-2024-49018
SQL Server Native Client Remote Code Execution Vulnerability
Important
SQL Server
CVE-2024-49021
Microsoft SQL Server Remote Code Execution Vulnerability
Important
SQL Server
CVE-2024-49016
SQL Server Native Client Remote Code Execution Vulnerability
Important
SQL Server
CVE-2024-49017
SQL Server Native Client Remote Code Execution Vulnerability
Important
SQL Server
CVE-2024-49010
SQL Server Native Client Remote Code Execution Vulnerability
Important
SQL Server
CVE-2024-49005
SQL Server Native Client Remote Code Execution Vulnerability
Important
SQL Server
CVE-2024-49007
SQL Server Native Client Remote Code Execution Vulnerability
Important
SQL Server
CVE-2024-49003
SQL Server Native Client Remote Code Execution Vulnerability
Important
SQL Server
CVE-2024-49004
SQL Server Native Client Remote Code Execution Vulnerability
Important
SQL Server
CVE-2024-49006
SQL Server Native Client Remote Code Execution Vulnerability
Important
SQL Server
CVE-2024-49009
SQL Server Native Client Remote Code Execution Vulnerability
Important
SQL Server
CVE-2024-49008
SQL Server Native Client Remote Code Execution Vulnerability
Important
TorchGeo
CVE-2024-49048
TorchGeo Remote Code Execution Vulnerability
Important
Visual Studio
CVE-2024-49044
Visual Studio Elevation of Privilege Vulnerability
Important
Visual Studio Code
CVE-2024-49050
Visual Studio Code Python Extension Remote Code Execution Vulnerability
Important
Visual Studio Code
CVE-2024-49049
Visual Studio Code Remote Extension Elevation of Privilege Vulnerability
Moderate
Windows CSC Service
CVE-2024-43644
Windows Client-Side Caching Elevation of Privilege Vulnerability
Important
Windows Defender Application Control (WDAC)
CVE-2024-43645
Windows Defender Application Control (WDAC) Security Feature Bypass Vulnerability
Important
Windows DWM Core Library
CVE-2024-43636
Win32k Elevation of Privilege Vulnerability
Important
Windows DWM Core Library
CVE-2024-43629
Windows DWM Core Library Elevation of Privilege Vulnerability
Important
Windows Kerberos
CVE-2024-43639
Windows Kerberos Remote Code Execution Vulnerability
Critical
Windows Kernel
CVE-2024-43630
Windows Kernel Elevation of Privilege Vulnerability
Important
Windows NT OS Kernel
CVE-2024-43623
Windows NT OS Kernel Elevation of Privilege Vulnerability
Important
Windows NTLM
CVE-2024-43451
NTLM Hash Disclosure Spoofing Vulnerability
Important
Windows Package Library Manager
CVE-2024-38203
Windows Package Library Manager Information Disclosure Vulnerability
Important
Windows Registry
CVE-2024-43641
Windows Registry Elevation of Privilege Vulnerability
Important
Windows Registry
CVE-2024-43452
Windows Registry Elevation of Privilege Vulnerability
Important
Windows Secure Kernel Mode
CVE-2024-43631
Windows Secure Kernel Mode Elevation of Privilege Vulnerability
Important
Windows Secure Kernel Mode
CVE-2024-43646
Windows Secure Kernel Mode Elevation of Privilege Vulnerability
Important
Windows Secure Kernel Mode
CVE-2024-43640
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
Important
Windows SMB
CVE-2024-43642
Windows SMB Denial of Service Vulnerability
Important
Windows SMBv3 Client/Server
CVE-2024-43447
Windows SMBv3 Server Remote Code Execution Vulnerability
Important
Windows Task Scheduler
CVE-2024-49039
Windows Task Scheduler Elevation of Privilege Vulnerability
Important
Windows Telephony Service
CVE-2024-43628
Windows Telephony Service Remote Code Execution Vulnerability
Important
Windows Telephony Service
CVE-2024-43621
Windows Telephony Service Remote Code Execution Vulnerability
Important
Windows Telephony Service
CVE-2024-43620
Windows Telephony Service Remote Code Execution Vulnerability
Important
Windows Telephony Service
CVE-2024-43627
Windows Telephony Service Remote Code Execution Vulnerability
Important
Windows Telephony Service
CVE-2024-43635
Windows Telephony Service Remote Code Execution Vulnerability
Important
Windows Telephony Service
CVE-2024-43622
Windows Telephony Service Remote Code Execution Vulnerability
Important
Windows Telephony Service
CVE-2024-43626
Windows Telephony Service Elevation of Privilege Vulnerability
Important
Windows Update Stack
CVE-2024-43530
Windows Update Stack Elevation of Privilege Vulnerability
Important
Windows USB Video Driver
CVE-2024-43643
Windows USB Video Class System Driver Elevation of Privilege Vulnerability
Important
Windows USB Video Driver
CVE-2024-43449
Windows USB Video Class System Driver Elevation of Privilege Vulnerability
Important
Windows USB Video Driver
CVE-2024-43637
Windows USB Video Class System Driver Elevation of Privilege Vulnerability
Important
Windows USB Video Driver
CVE-2024-43634
Windows USB Video Class System Driver Elevation of Privilege Vulnerability
Important
Windows USB Video Driver
CVE-2024-43638
Windows USB Video Class System Driver Elevation of Privilege Vulnerability
Important
Windows VMSwitch
CVE-2024-43625
Microsoft Windows VMSwitch Elevation of Privilege Vulnerability
Critical
Windows Win32 Kernel Subsystem
CVE-2024-49046
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
Important
Update 11/13/24: Changed number of flaws to 89 as we previously included Edge flaws fixed on November 7.
Information contained on this page is provided by an independent third-party content provider. This website makes no warranties or representations in connection therewith. If you are affiliated with this page and would like it removed please contact editor @pleasantgrove.business
