Right this moment is Microsoft’s November 2024 Patch Tuesday, which incorporates safety updates for 91 flaws, together with 4 zero-days, two of that are actively exploited.
This Patch Tuesday fastened 4 crucial vulnerabilities, which embrace two distant code execution and two elevation of privileges flaws.
The variety of bugs in every vulnerability class is listed under:
- 26 Elevation of Privilege vulnerabilities
- 2 Safety Characteristic Bypass vulnerabilities
- 52 Distant Code Execution vulnerabilities
- 1 Info Disclosure vulnerability
- 4 Denial of Service vulnerabilities
- 3 Spoofing vulnerabilities
This depend doesn’t embrace two Edge flaws that have been beforehand fastened on November seventh.
To study extra concerning the non-security updates launched in the present day, you possibly can evaluate our devoted articles on the brand new Home windows 11 KB5046617 and KB5046633 cumulative updates and the Home windows 10 KB5046613 replace.
4 zero-days disclosed
This month’s Patch Tuesday fixes 4 zero-days, two of which have been actively exploited in assaults, and three have been publicly disclosed.
Microsoft classifies a zero-day flaw as one that’s publicly disclosed or actively exploited whereas no official repair is accessible.
The 2 actively exploited zero-day vulnerabilities in in the present day’s updates are:
CVE-2024-43451 – NTLM Hash Disclosure Spoofing Vulnerability
Microsoft has fastened a vulnerability that exposes NTLM hashes to distant attackers with minimal interplay with a malicious file.
“This vulnerability discloses a person’s NTLMv2 hash to the attacker who may use this to authenticate because the person,” defined Microsoft.
“Minimal interplay with a malicious file by a person equivalent to deciding on (single-click), inspecting (right-click), or performing an motion aside from opening or executing may set off this vulnerability,” continued Microsoft.
Microsoft says Israel Yeshurun of ClearSky Cyber Safety found this vulnerability and that it was publicly disclosed, however didn’t share any additional particulars.
CVE-2024-49039 – Home windows Activity Scheduler Elevation of Privilege Vulnerability
A specifically crafted software might be executed that elevates privilege to Medium Integrity stage.
“On this case, a profitable assault might be carried out from a low privilege AppContainer. The attacker may elevate their privileges and execute code or entry assets at the next integrity stage than that of the AppContainer execution atmosphere,” defined Microsoft.
Microsoft says that exploiting this vulnerability would enable attackers to execute RPC features which can be usually restricted to privileged accounts.
The flaw was found by Vlad Stolyarov and Bahare Sabouri of Google’s Risk Evaluation Group.
It’s not recognized how the flaw was exploited in assaults.
The opposite three vulnerabilities that have been publicly disclosed however not exploited in assaults are:
CVE-2024-49040 – Microsoft Alternate Server Spoofing Vulnerability
Microsoft has fastened a Microsoft Alternate vulnerability that permits risk actors to spoof the sender’s e-mail deal with in emails to native recipients.
“Microsoft is conscious of a vulnerability (CVE-2024-49040) that permits attackers to run spoofing assaults in opposition to Microsoft Alternate Server,” explains a associated advisory by Microsoft.
“The vulnerability is brought on by the present implementation of the P2 FROM
header verification, which occurs in transport.”
Beginning with this month’s Microsoft Alternate safety updates, Microsoft is now detecting and flagging spoofed emails with an alert prepended to the e-mail physique that states, “Discover: This e-mail seems to be suspicious. Don’t belief the data, hyperlinks, or attachments on this e-mail with out verifying the supply by a trusted methodology.”
Microsoft says the flaw was found by Slonser at Solidlab, who publicly disclosed the flaw on this article.
CVE-2024-49019 – Lively Listing Certificates Companies Elevation of Privilege Vulnerability
Microsoft fastened a flaw that permits attackers to realize area administrator privileges by abusing built-in default model 1 certificates templates.
“Test when you have revealed any certificates created utilizing a model 1 certificates template the place the Supply of topic title is ready to “Provided within the request” and the Enroll permissions are granted to a broader set of accounts, equivalent to area customers or area computer systems,” explains Microsoft.
“An instance is the built-in Internet Server template, however it isn’t susceptible by default on account of its restricted Enroll permissions.”
The flaw was found by Lou Scicchitano, Scot Berner, and Justin Bollinger with TrustedSec, who disclosed the “EKUwu” vulnerability in October.
“Utilizing built-in default model 1 certificates templates, an attacker can craft a CSR to incorporate software insurance policies which can be most popular over the configured Prolonged Key Utilization attributes specified within the template,” reads TrustedSec’s report.
“The one requirement is enrollment rights, and it may be used to generate consumer authentication, certificates request agent, and codesigning certificates utilizing the WebServer template.”
As defined above, CVE-2024-43451 was additionally publicly disclosed.
Current updates from different firms
Different distributors who launched updates or advisories in November 2024 embrace:
- Adobe launched safety updates for quite a few functions, together with Photoshop, Illustrator, and Commerce.
- Cisco releases safety updates for a number of merchandise, together with Cisco Telephones, Nexus Dashboard, Id Companies Engine, and extra.
- Citrix releases safety updates for NetScaler ADC and NetScaler Gateway vulnerabilities. Additionally they launched an replace for the Citrix Digital Apps and Desktops reported by Watchtowr.
- Dell releases safety updates for code execution and safety bypass flaws in SONiC OS.
- D-Hyperlink releases a safety replace for a crucial DSL6740C flaw that permits modification of account passwords.
- Google launched Chrome 131, which incorporates 12 safety fixes. No zero-days.
- Ivanti releases safety updates for twenty-five vulnerabilities in Ivanti Join Safe (ICS), Ivanti Coverage Safe (IPS), Ivanti Safe Entry Consumer (ISAC).
- SAP releases safety updates for a number of merchandise as a part of November Patch Day.
- Schneider Electrical releases safety updates for flaws in Modicon M340, Momentum, and MC80 merchandise.
- Siemens launched a safety replace for a crucial 10/10 flaw in TeleControl Server Fundamental tracked as CVE-2024-44102.
The November 2024 Patch Tuesday Safety Updates
Under is the entire listing of resolved vulnerabilities within the November 2024 Patch Tuesday updates.
To entry the complete description of every vulnerability and the techniques it impacts, you possibly can view the full report right here.
Tag | CVE ID | CVE Title | Severity |
---|---|---|---|
.NET and Visible Studio | CVE-2024-43499 | .NET and Visible Studio Denial of Service Vulnerability | Essential |
.NET and Visible Studio | CVE-2024-43498 | .NET and Visible Studio Distant Code Execution Vulnerability | Crucial |
Airlift.microsoft.com | CVE-2024-49056 | Airlift.microsoft.com Elevation of Privilege Vulnerability | Crucial |
Azure CycleCloud | CVE-2024-43602 | Azure CycleCloud Distant Code Execution Vulnerability | Essential |
LightGBM | CVE-2024-43598 | LightGBM Distant Code Execution Vulnerability | Essential |
Microsoft Defender for Endpoint | CVE-2024-5535 | OpenSSL: CVE-2024-5535 SSL_select_next_proto buffer overread | Essential |
Microsoft Edge (Chromium-based) | CVE-2024-10826 | Chromium: CVE-2024-10826 Use after free in Household Experiences | Unknown |
Microsoft Edge (Chromium-based) | CVE-2024-10827 | Chromium: CVE-2024-10827 Use after free in Serial | Unknown |
Microsoft Alternate Server | CVE-2024-49040 | Microsoft Alternate Server Spoofing Vulnerability | Essential |
Microsoft Graphics Part | CVE-2024-49031 | Microsoft Workplace Graphics Distant Code Execution Vulnerability | Essential |
Microsoft Graphics Part | CVE-2024-49032 | Microsoft Workplace Graphics Distant Code Execution Vulnerability | Essential |
Microsoft Workplace Excel | CVE-2024-49029 | Microsoft Excel Distant Code Execution Vulnerability | Essential |
Microsoft Workplace Excel | CVE-2024-49026 | Microsoft Excel Distant Code Execution Vulnerability | Essential |
Microsoft Workplace Excel | CVE-2024-49027 | Microsoft Excel Distant Code Execution Vulnerability | Essential |
Microsoft Workplace Excel | CVE-2024-49028 | Microsoft Excel Distant Code Execution Vulnerability | Essential |
Microsoft Workplace Excel | CVE-2024-49030 | Microsoft Excel Distant Code Execution Vulnerability | Essential |
Microsoft Workplace SharePoint | ADV240001 | Microsoft SharePoint Server Protection in Depth Replace | None |
Microsoft Workplace Phrase | CVE-2024-49033 | Microsoft Phrase Safety Characteristic Bypass Vulnerability | Essential |
Microsoft PC Supervisor | CVE-2024-49051 | Microsoft PC Supervisor Elevation of Privilege Vulnerability | Essential |
Microsoft Digital Exhausting Drive | CVE-2024-38264 | Microsoft Digital Exhausting Disk (VHDX) Denial of Service Vulnerability | Essential |
Microsoft Home windows DNS | CVE-2024-43450 | Home windows DNS Spoofing Vulnerability | Essential |
Position: Home windows Lively Listing Certificates Companies | CVE-2024-49019 | Lively Listing Certificates Companies Elevation of Privilege Vulnerability | Essential |
Position: Home windows Hyper-V | CVE-2024-43633 | Home windows Hyper-V Denial of Service Vulnerability | Essential |
Position: Home windows Hyper-V | CVE-2024-43624 | Home windows Hyper-V Shared Digital Disk Elevation of Privilege Vulnerability | Essential |
SQL Server | CVE-2024-48998 | SQL Server Native Consumer Distant Code Execution Vulnerability | Essential |
SQL Server | CVE-2024-48997 | SQL Server Native Consumer Distant Code Execution Vulnerability | Essential |
SQL Server | CVE-2024-48993 | SQL Server Native Consumer Distant Code Execution Vulnerability | Essential |
SQL Server | CVE-2024-49001 | SQL Server Native Consumer Distant Code Execution Vulnerability | Essential |
SQL Server | CVE-2024-49000 | SQL Server Native Consumer Distant Code Execution Vulnerability | Essential |
SQL Server | CVE-2024-48999 | SQL Server Native Consumer Distant Code Execution Vulnerability | Essential |
SQL Server | CVE-2024-49043 | Microsoft.SqlServer.XEvent.Configuration.dll Distant Code Execution Vulnerability | Essential |
SQL Server | CVE-2024-43462 | SQL Server Native Consumer Distant Code Execution Vulnerability | Essential |
SQL Server | CVE-2024-48995 | SQL Server Native Consumer Distant Code Execution Vulnerability | Essential |
SQL Server | CVE-2024-48994 | SQL Server Native Consumer Distant Code Execution Vulnerability | Essential |
SQL Server | CVE-2024-38255 | SQL Server Native Consumer Distant Code Execution Vulnerability | Essential |
SQL Server | CVE-2024-48996 | SQL Server Native Consumer Distant Code Execution Vulnerability | Essential |
SQL Server | CVE-2024-43459 | SQL Server Native Consumer Distant Code Execution Vulnerability | Essential |
SQL Server | CVE-2024-49002 | SQL Server Native Consumer Distant Code Execution Vulnerability | Essential |
SQL Server | CVE-2024-49013 | SQL Server Native Consumer Distant Code Execution Vulnerability | Essential |
SQL Server | CVE-2024-49014 | SQL Server Native Consumer Distant Code Execution Vulnerability | Essential |
SQL Server | CVE-2024-49011 | SQL Server Native Consumer Distant Code Execution Vulnerability | Essential |
SQL Server | CVE-2024-49012 | SQL Server Native Consumer Distant Code Execution Vulnerability | Essential |
SQL Server | CVE-2024-49015 | SQL Server Native Consumer Distant Code Execution Vulnerability | Essential |
SQL Server | CVE-2024-49018 | SQL Server Native Consumer Distant Code Execution Vulnerability | Essential |
SQL Server | CVE-2024-49021 | Microsoft SQL Server Distant Code Execution Vulnerability | Essential |
SQL Server | CVE-2024-49016 | SQL Server Native Consumer Distant Code Execution Vulnerability | Essential |
SQL Server | CVE-2024-49017 | SQL Server Native Consumer Distant Code Execution Vulnerability | Essential |
SQL Server | CVE-2024-49010 | SQL Server Native Consumer Distant Code Execution Vulnerability | Essential |
SQL Server | CVE-2024-49005 | SQL Server Native Consumer Distant Code Execution Vulnerability | Essential |
SQL Server | CVE-2024-49007 | SQL Server Native Consumer Distant Code Execution Vulnerability | Essential |
SQL Server | CVE-2024-49003 | SQL Server Native Consumer Distant Code Execution Vulnerability | Essential |
SQL Server | CVE-2024-49004 | SQL Server Native Consumer Distant Code Execution Vulnerability | Essential |
SQL Server | CVE-2024-49006 | SQL Server Native Consumer Distant Code Execution Vulnerability | Essential |
SQL Server | CVE-2024-49009 | SQL Server Native Consumer Distant Code Execution Vulnerability | Essential |
SQL Server | CVE-2024-49008 | SQL Server Native Consumer Distant Code Execution Vulnerability | Essential |
TorchGeo | CVE-2024-49048 | TorchGeo Distant Code Execution Vulnerability | Essential |
Visible Studio | CVE-2024-49044 | Visible Studio Elevation of Privilege Vulnerability | Essential |
Visible Studio Code | CVE-2024-49050 | Visible Studio Code Python Extension Distant Code Execution Vulnerability | Essential |
Visible Studio Code | CVE-2024-49049 | Visible Studio Code Distant Extension Elevation of Privilege Vulnerability | Reasonable |
Home windows CSC Service | CVE-2024-43644 | Home windows Consumer-Aspect Caching Elevation of Privilege Vulnerability | Essential |
Home windows Defender Software Management (WDAC) | CVE-2024-43645 | Home windows Defender Software Management (WDAC) Safety Characteristic Bypass Vulnerability | Essential |
Home windows DWM Core Library | CVE-2024-43636 | Win32k Elevation of Privilege Vulnerability | Essential |
Home windows DWM Core Library | CVE-2024-43629 | Home windows DWM Core Library Elevation of Privilege Vulnerability | Essential |
Home windows Kerberos | CVE-2024-43639 | Home windows Kerberos Distant Code Execution Vulnerability | Crucial |
Home windows Kernel | CVE-2024-43630 | Home windows Kernel Elevation of Privilege Vulnerability | Essential |
Home windows NT OS Kernel | CVE-2024-43623 | Home windows NT OS Kernel Elevation of Privilege Vulnerability | Essential |
Home windows NTLM | CVE-2024-43451 | NTLM Hash Disclosure Spoofing Vulnerability | Essential |
Home windows Package deal Library Supervisor | CVE-2024-38203 | Home windows Package deal Library Supervisor Info Disclosure Vulnerability | Essential |
Home windows Registry | CVE-2024-43641 | Home windows Registry Elevation of Privilege Vulnerability | Essential |
Home windows Registry | CVE-2024-43452 | Home windows Registry Elevation of Privilege Vulnerability | Essential |
Home windows Safe Kernel Mode | CVE-2024-43631 | Home windows Safe Kernel Mode Elevation of Privilege Vulnerability | Essential |
Home windows Safe Kernel Mode | CVE-2024-43646 | Home windows Safe Kernel Mode Elevation of Privilege Vulnerability | Essential |
Home windows Safe Kernel Mode | CVE-2024-43640 | Home windows Kernel-Mode Driver Elevation of Privilege Vulnerability | Essential |
Home windows SMB | CVE-2024-43642 | Home windows SMB Denial of Service Vulnerability | Essential |
Home windows SMBv3 Consumer/Server | CVE-2024-43447 | Home windows SMBv3 Server Distant Code Execution Vulnerability | Essential |
Home windows Activity Scheduler | CVE-2024-49039 | Home windows Activity Scheduler Elevation of Privilege Vulnerability | Essential |
Home windows Telephony Service | CVE-2024-43628 | Home windows Telephony Service Distant Code Execution Vulnerability | Essential |
Home windows Telephony Service | CVE-2024-43621 | Home windows Telephony Service Distant Code Execution Vulnerability | Essential |
Home windows Telephony Service | CVE-2024-43620 | Home windows Telephony Service Distant Code Execution Vulnerability | Essential |
Home windows Telephony Service | CVE-2024-43627 | Home windows Telephony Service Distant Code Execution Vulnerability | Essential |
Home windows Telephony Service | CVE-2024-43635 | Home windows Telephony Service Distant Code Execution Vulnerability | Essential |
Home windows Telephony Service | CVE-2024-43622 | Home windows Telephony Service Distant Code Execution Vulnerability | Essential |
Home windows Telephony Service | CVE-2024-43626 | Home windows Telephony Service Elevation of Privilege Vulnerability | Essential |
Home windows Replace Stack | CVE-2024-43530 | Home windows Replace Stack Elevation of Privilege Vulnerability | Essential |
Home windows USB Video Driver | CVE-2024-43643 | Home windows USB Video Class System Driver Elevation of Privilege Vulnerability | Essential |
Home windows USB Video Driver | CVE-2024-43449 | Home windows USB Video Class System Driver Elevation of Privilege Vulnerability | Essential |
Home windows USB Video Driver | CVE-2024-43637 | Home windows USB Video Class System Driver Elevation of Privilege Vulnerability | Essential |
Home windows USB Video Driver | CVE-2024-43634 | Home windows USB Video Class System Driver Elevation of Privilege Vulnerability | Essential |
Home windows USB Video Driver | CVE-2024-43638 | Home windows USB Video Class System Driver Elevation of Privilege Vulnerability | Essential |
Home windows VMSwitch | CVE-2024-43625 | Microsoft Home windows VMSwitch Elevation of Privilege Vulnerability | Crucial |
Home windows Win32 Kernel Subsystem | CVE-2024-49046 | Home windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | Essential |
Replace 9/11/24: Up to date to clarify that solely three flaws have been actively exploited and why CVE-2024-43491 was marked as exploited.