Microsoft Releases November 2024 Security Updates
Scheduled updates fix 89 Microsoft vulnerabilities, including two zero-day vulnerabilities
Summary
Scheduled updates fix 89 Microsoft vulnerabilities, including two zero-day vulnerabilities
Affected platforms
The following platforms are known to be affected:
The following platforms are also known to be affected:
- Airlift.microsoft.com
- Azure CycleCloud
- Azure Database for PostgreSQL
- LightGBM
- Microsoft Graphics Component
- Microsoft Office Excel
- Microsoft Office Word
- Microsoft PC Manager
- Microsoft Virtual Hard Drive
- Microsoft Windows DNS
- Role: Windows Hyper-V
- SQL Server
- TorchGeo
- Visual Studio
- Visual Studio Code
- Windows Active Directory Certificate Services
- Windows CSC Service
- Windows Defender Application Control (WDAC)
- Windows DWM Core Library
- Windows Kerberos
- Windows Kernel
- Windows NT OS Kernel
- Windows NTLM
- Windows Package Library Manager
- Windows Registry
- Windows Secure Kernel Mode
- Windows SMB
- Windows SMBv3 Client/Server
- Windows Task Scheduler
- Windows Telephony Service
- Windows Update Stack
- Windows USB Video Driver
- Windows VMSwitch
- Windows Win32 Kernel Subsystem
Threat details
Active exploitation of CVE-2024-43451 and CVE-2024-49039
Microsoft has reported two vulnerabilities are under active exploitation. NHS England National CSOC urges organisations to apply relevant security updates to affected versions of Windows and Windows Server as soon as practicable.
Introduction
Microsoft has released security updates to address 89 vulnerabilities in Microsoft products. The security updates include four critical vulnerabilities, two vulnerabilities that are under zero-day exploitation, and four vulnerabilities that are publicly disclosed.
Vulnerability details
- CVE-2024-43451 - NTLM Hash Disclosure Spoofing Vulnerability
CVE-2024-43451 is an 'external control of file name or path’ vulnerability in Windows and Windows Server and has a CVSSv3 score of 6.5. Successful exploitation discloses a user's NTLMv2 hash to the attacker, who could use the hash to authenticate as the user. This vulnerability is publicly known and is under active exploitation.
- CVE-2024-49039 - Windows Task Scheduler Elevation of Privilege Vulnerability
CVE-2024-49039 is a ‘improper authentication’ vulnerability in .NET and Visual Studio 2022 with a CVSSv3 score of 8.8. An attacker who successfully exploited this vulnerability could execute RPC functions that are restricted to privileged accounts only. This vulnerability is under active exploitation.
- CVE-2024-43498 - .NET and Visual Studio Remote Code Execution Vulnerability
CVE-2024-49039 is a critical ‘type confusion’ vulnerability in .NET and Visual Studio 2022 with a CVSSv3 score of 9.8. An unauthenticated attacker could exploit this vulnerability leading to remote code execution.
- CVE-2024-49019 - Active Directory Certificate Services Elevation of Privilege Vulnerability
CVE-2024-49019 is a ‘weak authentication’ vulnerability in Windows Server with a CVSSv3 score of 7.8. An attacker who successfully exploited this vulnerability could escalate privileges to gain domain administrator privileges. This vulnerability is publicly disclosed.
- CVE-2024-49040 - Microsoft Exchange Server Spoofing Vulnerability
CVE-2024-49040 is a ‘user interface (UI) misrepresentation of critical information’ vulnerability in Microsoft Exchange Server with a CVSSv3 score of 7.5. This vulnerability is publicly known and Microsoft has a blog post that provides additional information and explains how this vulnerability could lead to the email client (for example, Microsoft Outlook) displaying a forged sender as if it were legitimate.
- CVE-2024-43625 - Microsoft Windows VMSwitch Elevation of Privilege Vulnerability
CVE-2024-43625 is a critical ‘use after free’ vulnerability with a CVSSv3 score of 8.1 that affects Windows and Windows Server. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges or lead to a scope change, which would mean that the attacker could traverse the guest's security boundary to execute arbitrary code on the Hyper-V host execution environment.
- CVE-2024-43639 - Windows Kerberos Remote Code Execution Vulnerability
CVE-2024-43639 is a critical ‘numeric truncation error’ vulnerability with a CVSSv3 score of 9.8 that affects Windows Server. An unauthenticated attacker could use a specially crafted application to leverage a cryptographic protocol vulnerability in Windows Kerberos to perform remote code execution against the target.
Threat updates
| Date | Update |
|---|---|
| 28 Nov 2024 |
Updates for Exchange Server Released
Microsoft has re-released the security updates for Exchange server that were paused after resolving issues impacting transport rules: Re-release of November 2024 Exchange Server Security Update packages | Microsoft Community Hub
|
| 15 Nov 2024 |
Update issues with Exchange Server
Microsoft has paused updates for Exchange server, citing the known issues section of this blog: Released: November 2024 Exchange Server Security Updates | Microsoft Community Hub |
Remediation advice
Affected organisations are encouraged to review Microsoft's November 2024 Security Updates Summary and apply the relevant updates as soon as practicable.
Definitive source of threat updates
- https://msrc.microsoft.com/update-guide/releaseNote/2024-Nov
- https://learn.microsoft.com/en-us/exchange/plan-and-deploy/post-installation-tasks/security-best-practices/exchange-non-compliant-p2from-detection?view=exchserver-2019
- https://techcommunity.microsoft.com/blog/exchange/released-november-2024-exchange-server-security-updates/4293125
CVE Vulnerabilities
Last edited: 28 November 2024 11:00 am