Microsoft November 2024 Patch Tuesday

November’s Patch Tuesday was released to fix security flaws in several Microsoft products such as .NET and Visual Studio, Azure CycleCloud, Azure Database for PostgreSQL, Microsoft Office Excel, Windows Secure Kernel Mode, Microsoft Office Word, Microsoft SQL Server, Microsoft PC Manager, Microsoft TorchGeo, Microsoft Graphics Component, Microsoft SQL Server, Windows Package Library Manager, Microsoft Windows DNS, Windows Kerberos, Windows CSC Service, Windows Defender Application Control (WDAC), Windows Registry, Windows VMSwitch, Microsoft LightGBM, Microsoft Exchange Server, Microsoft Edge (Chromium-based).

The actively exploited zero-day vulnerabilities in Novermver’s Patch are:

• NTLM Hash Disclosure Spoofing Vulnerability “CVE-2024-43451” allowsremote attackers to disclose a user’s NTLMv2 which might be used to authenticate as the user.
• Windows Task Scheduler Elevation of Privilege Vulnerability “CVE-2024-49039” allows attackers to elevate their privileges and execute code or access resources at a higher integrity level than the AppContainer execution environment.
• Microsoft Exchange Server Spoofing Vulnerability “CVE-2024-49040” allows the remote attacker to spoof the sender’s email address in emails to local recipients.
• Active Directory Certificate Services Elevation of Privilege Vulnerability “CVE2024-49019” allows attackers to gain domain administrator privileges by abusing built-in default version 1 certificate templates.

Sample of the addressed vulnerabilities:

1. Azure CycleCloud Remote Code Execution Vulnerability (CVE-2024-43602):

• CVSS: 9.9
• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: Low
• User Interaction: None
• Consequences: Gain Access

2. Microsoft Windows VMSwitch Elevation of Privilege Vulnerability (CVE-2024- 43625):

• CVSS: 8.1
• Attack Vector: Local
• Attack Complexity: High
• Privileges Required: None
• User Interaction: None
• Consequences: Gain Privileges