Microsoft November 2024 Patch Tuesday

    Published: 2024-11-12. Last Updated: 2024-11-12 18:26:59 UTC
    by Renato Marinho (Version: 1)
    0 comment(s)

    This month, Microsoft is addressing a total of 83 vulnerabilities. Among these, 3 are classified as critical, 2 have been exploited in the wild, and another 2 have been disclosed prior to Patch Tuesday. Organizations are encouraged to prioritize these updates to mitigate potential risks and enhance their security posture.

    Notable Vulnerabilities:

    NTLM Hash Disclosure Spoofing Vulnerability (CVE-2024-43451)
    This vulnerability, identified as CVE-2024-43451, has been exploited and disclosed, carrying an Important severity rating with a CVSS score of 6.5. It allows an attacker to disclose a user's NTLMv2 hash, enabling them to authenticate as that user, which could lead to a total loss of confidentiality. Exploitation requires minimal user interaction, such as selecting or inspecting a malicious file. The vulnerability affects all supported versions of Microsoft Windows, and while Internet Explorer has been retired on certain platforms, updates addressing this vulnerability are included in the IE Cumulative Updates to ensure continued protection.

    Windows Task Scheduler Elevation of Privilege Vulnerability (CVE-2024-49039)
    This vulnerability, identified as CVE-2024-49039, has a severity rating of Important with a CVSS score of 8.8 and is currently being exploited in the wild, although it has not been disclosed publicly. An authenticated attacker can exploit this vulnerability by running a specially crafted application on the target system, allowing them to elevate their privileges to a Medium Integrity Level. Successful exploitation could enable the attacker to execute RPC functions that are typically restricted to privileged accounts, thereby compromising the security of the system. Remediation efforts should focus on monitoring for unauthorized applications and ensuring that only trusted software is executed on systems to mitigate the risk of exploitation.

    Active Directory Certificate Services Elevation of Privilege Vulnerability (CVE-2024-49019)
    This vulnerability, identified as CVE-2024-49019, has been disclosed but is not currently exploited in the wild. It carries a severity rating of Important with a CVSS score of 7.8, allowing an attacker to potentially gain domain administrator privileges. The vulnerability affects certificates created using a version 1 certificate template with the Source of subject name set to "Supplied in the request," particularly if the template is not secured according to best practices. To mitigate this risk, organizations are advised to remove overly broad enrollment permissions, eliminate unused templates from certification authorities, and secure templates that allow specification of the subject in requests through additional signatures, certificate manager approval, and monitoring of issued certificates.

    Windows Kerberos Remote Code Execution Vulnerability (CVE-2024-43639)
    This critical vulnerability, with a CVSS score of 9.8, has not been exploited in the wild nor disclosed publicly. It allows an unauthenticated attacker to leverage a cryptographic protocol vulnerability in Windows Kerberos to perform remote code execution against the target using a specially crafted application. The potential impact of this vulnerability underscores the importance of monitoring and securing systems against unauthorized access and exploitation.

    Microsoft Windows VMSwitch Elevation of Privilege Vulnerability (CVE-2024-43625)
    This critical vulnerability, identified as CVE-2024-43625, has a CVSS score of 8.1 and is currently not exploited or disclosed publicly. It allows an attacker with low privileges on a Hyper-V guest to traverse the security boundary and execute code on the Hyper-V host, potentially gaining SYSTEM privileges. The exploitation requires a high level of complexity, as the attacker must gather specific environmental information and perform additional preparatory actions before sending a specific series of networking requests to the VMswitch driver, triggering a use-after-free vulnerability. Notably, this vulnerability is confined to the VmSwitch component within Hyper-V and does not affect the System Center Virtual Machine Manager (SCVMM).

    This summary highlights key vulnerabilities for this Patch Tuesday. Notably, CVE-2024-43451, a NTLM hash disclosure vulnerability, poses a significant risk due to its exploitation potential with minimal user interaction. CVE-2024-49039, an elevation of privilege vulnerability, is actively exploited and requires immediate attention. Additionally, CVE-2024-49019 allows potential domain admin access, necessitating strict certificate management. Critical vulnerabilities like CVE-2024-43639 (CVSS 9.8) and CVE-2024-43625, while not currently exploited, demand proactive monitoring and security measures. Prioritize patching and monitoring to mitigate these risks effectively.

    November 2024 Security Updates

    Description
    CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
    .NET and Visual Studio Denial of Service Vulnerability
    CVE-2024-43499 No No - - Important 7.5 6.5
    .NET and Visual Studio Remote Code Execution Vulnerability
    CVE-2024-43498 No No - - Critical 9.8 8.5
    Active Directory Certificate Services Elevation of Privilege Vulnerability
    CVE-2024-49019 Yes No - - Important 7.8 6.8
    Airlift.microsoft.com Elevation of Privilege Vulnerability
    CVE-2024-49056 No No - - Critical 7.3 6.4
    Azure CycleCloud Remote Code Execution Vulnerability
    CVE-2024-43602 No No - - Important 9.9 8.6
    Chromium: CVE-2024-10826 Use after free in Family Experiences
    CVE-2024-10826 No No - - -    
    Chromium: CVE-2024-10827 Use after free in Serial
    CVE-2024-10827 No No - - -    
    LightGBM Remote Code Execution Vulnerability
    CVE-2024-43598 No No - - Important 7.5 6.5
    Microsoft Excel Remote Code Execution Vulnerability
    CVE-2024-49026 No No - - Important 7.8 6.8
    CVE-2024-49027 No No - - Important 7.8 6.8
    CVE-2024-49028 No No - - Important 7.8 6.8
    CVE-2024-49029 No No - - Important 7.8 6.8
    CVE-2024-49030 No No - - Important 7.8 6.8
    Microsoft Exchange Server Spoofing Vulnerability
    CVE-2024-49040 Yes No - - Important 7.5 6.7
    Microsoft Office Graphics Remote Code Execution Vulnerability
    CVE-2024-49031 No No - - Important 7.8 6.8
    CVE-2024-49032 No No - - Important 7.8 6.8
    Microsoft PC Manager Elevation of Privilege Vulnerability
    CVE-2024-49051 No No - - Important 7.8 6.8
    Microsoft SQL Server Remote Code Execution Vulnerability
    CVE-2024-49021 No No - - Important 7.8 6.8
    Microsoft SharePoint Server Defense in Depth Update
    ADV240001 No No - - None    
    Microsoft Virtual Hard Disk (VHDX) Denial of Service Vulnerability
    CVE-2024-38264 No No - - Important 5.9 5.2
    Microsoft Windows VMSwitch Elevation of Privilege Vulnerability
    CVE-2024-43625 No No - - Critical 8.1 7.1
    Microsoft Word Security Feature Bypass Vulnerability
    CVE-2024-49033 No No - - Important 7.5 6.5
    Microsoft.SqlServer.XEvent.Configuration.dll Remote Code Execution Vulnerability
    CVE-2024-49043 No No - - Important 7.8 6.8
    NTLM Hash Disclosure Spoofing Vulnerability
    CVE-2024-43451 Yes Yes - - Important 6.5 6.0
    OpenSSL: CVE-2024-5535 SSL_select_next_proto buffer overread
    CVE-2024-5535 No No - - - 9.1 9.1
    SQL Server Native Client Remote Code Execution Vulnerability
    TorchGeo Remote Code Execution Vulnerability
    CVE-2024-49048 No No - - Important 8.1 7.1
    Visual Studio Code Python Extension Remote Code Execution Vulnerability
    CVE-2024-49050 No No - - Important 8.8 7.7
    Visual Studio Code Remote Extension Elevation of Privilege Vulnerability
    CVE-2024-49049 No No - - Moderate 7.1 6.2
    Visual Studio Elevation of Privilege Vulnerability
    CVE-2024-49044 No No - - Important 6.7 5.8
    Win32k Elevation of Privilege Vulnerability
    CVE-2024-43636 No No - - Important 7.8 6.8
    Windows Client-Side Caching Elevation of Privilege Vulnerability
    CVE-2024-43644 No No - - Important 7.8 6.8
    Windows DNS Spoofing Vulnerability
    CVE-2024-43450 No No - - Important 7.5 6.5
    Windows DWM Core Library Elevation of Privilege Vulnerability
    CVE-2024-43629 No No - - Important 7.8 6.8
    Windows Defender Application Control (WDAC) Security Feature Bypass Vulnerability
    CVE-2024-43645 No No - - Important 6.7 5.8
    Windows Hyper-V Denial of Service Vulnerability
    CVE-2024-43633 No No - - Important 6.5 5.7
    Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability
    CVE-2024-43624 No No - - Important 8.8 7.7
    Windows Kerberos Remote Code Execution Vulnerability
    CVE-2024-43639 No No - - Critical 9.8 8.5
    Windows Kernel Elevation of Privilege Vulnerability
    CVE-2024-43630 No No - - Important 7.8 6.8
    Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
    CVE-2024-43640 No No - - Important 7.8 6.8
    Windows NT OS Kernel Elevation of Privilege Vulnerability
    CVE-2024-43623 No No - - Important 7.8 6.8
    Windows Package Library Manager Information Disclosure Vulnerability
    CVE-2024-38203 No No - - Important 6.2 5.4
    Windows Registry Elevation of Privilege Vulnerability
    CVE-2024-43452 No No - - Important 7.5 6.5
    CVE-2024-43641 No No - - Important 7.8 6.8
    Windows SMB Denial of Service Vulnerability
    CVE-2024-43642 No No - - Important 7.5 6.5
    Windows SMBv3 Server Remote Code Execution Vulnerability
    CVE-2024-43447 No No - - Important 8.1 7.1
    Windows Secure Kernel Mode Elevation of Privilege Vulnerability
    CVE-2024-43631 No No - - Important 6.7 5.8
    CVE-2024-43646 No No - - Important 6.7 5.8
    Windows Task Scheduler Elevation of Privilege Vulnerability
    CVE-2024-49039 No Yes - - Important 8.8 8.2
    Windows Telephony Service Elevation of Privilege Vulnerability
    CVE-2024-43626 No No - - Important 7.8 6.8
    Windows Telephony Service Remote Code Execution Vulnerability
    CVE-2024-43627 No No - - Important 8.8 7.7
    CVE-2024-43628 No No - - Important 8.8 7.7
    CVE-2024-43620 No No - - Important 8.8 7.7
    CVE-2024-43621 No No - - Important 8.8 7.7
    CVE-2024-43622 No No - - Important 8.8 7.7
    CVE-2024-43635 No No - - Important 8.8 7.7
    Windows USB Video Class System Driver Elevation of Privilege Vulnerability
    CVE-2024-43634 No No - - Important 6.8 5.9
    CVE-2024-43637 No No - - Important 6.8 5.9
    CVE-2024-43638 No No - - Important 6.8 5.9
    CVE-2024-43643 No No - - Important 6.8 5.9
    CVE-2024-43449 No No - - Important 6.8 5.9
    Windows Update Stack Elevation of Privilege Vulnerability
    CVE-2024-43530 No No - - Important 7.8 6.8
    Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
    CVE-2024-49046 No No - - Important 7.8 6.8

     

    --
    Renato Marinho
    LinkedIn|Twitter

    Keywords:
    0 comment(s)
    ISC Stormcast For Tuesday, November 12th, 2024 https://isc.sans.edu/podcastdetail/9218

      Comments


      Diary Archives