Microsoft November 2024 Patch Tuesday, (Tue, Nov 12th)

This month, Microsoft is addressing a total of 83 vulnerabilities. Among these, 3 are classified as critical, 2 have been exploited in the wild, and another 2 have been disclosed prior to Patch Tuesday. Organizations are encouraged to prioritize these updates to mitigate potential risks and enhance their security posture.

Notable Vulnerabilities:

NTLM Hash Disclosure Spoofing Vulnerability (CVE-2024-43451)
This vulnerability, identified as CVE-2024-43451, has been exploited and disclosed, carrying an Important severity rating with a CVSS score of 6.5. It allows an attacker to disclose a user’s NTLMv2 hash, enabling them to authenticate as that user, which could lead to a total loss of confidentiality. Exploitation requires minimal user interaction, such as selecting or inspecting a malicious file. The vulnerability affects all supported versions of Microsoft Windows, and while Internet Explorer has been retired on certain platforms, updates addressing this vulnerability are included in the IE Cumulative Updates to ensure continued protection.

Windows Task Scheduler Elevation of Privilege Vulnerability (CVE-2024-49039)
This vulnerability, identified as CVE-2024-49039, has a severity rating of Important with a CVSS score of 8.8 and is currently being exploited in the wild, although it has not been disclosed publicly. An authenticated attacker can exploit this vulnerability by running a specially crafted application on the target system, allowing them to elevate their privileges to a Medium Integrity Level. Successful exploitation could enable the attacker to execute RPC functions that are typically restricted to privileged accounts, thereby compromising the security of the system. Remediation efforts should focus on monitoring for unauthorized applications and ensuring that only trusted software is executed on systems to mitigate the risk of exploitation.

Active Directory Certificate Services Elevation of Privilege Vulnerability (CVE-2024-49019)
This vulnerability, identified as CVE-2024-49019, has been disclosed but is not currently exploited in the wild. It carries a severity rating of Important with a CVSS score of 7.8, allowing an attacker to potentially gain domain administrator privileges. The vulnerability affects certificates created using a version 1 certificate template with the Source of subject name set to “Supplied in the request,” particularly if the template is not secured according to best practices. To mitigate this risk, organizations are advised to remove overly broad enrollment permissions, eliminate unused templates from certification authorities, and secure templates that allow specification of the subject in requests through additional signatures, certificate manager approval, and monitoring of issued certificates.

Windows Kerberos Remote Code Execution Vulnerability (CVE-2024-43639)
This critical vulnerability, with a CVSS score of 9.8, has not been exploited in the wild nor disclosed publicly. It allows an unauthenticated attacker to leverage a cryptographic protocol vulnerability in Windows Kerberos to perform remote code execution against the target using a specially crafted application. The potential impact of this vulnerability underscores the importance of monitoring and securing systems against unauthorized access and exploitation.

Microsoft Windows VMSwitch Elevation of Privilege Vulnerability (CVE-2024-43625)
This critical vulnerability, identified as CVE-2024-43625, has a CVSS score of 8.1 and is currently not exploited or disclosed publicly. It allows an attacker with low privileges on a Hyper-V guest to traverse the security boundary and execute code on the Hyper-V host, potentially gaining SYSTEM privileges. The exploitation requires a high level of complexity, as the attacker must gather specific environmental information and perform additional preparatory actions before sending a specific series of networking requests to the VMswitch driver, triggering a use-after-free vulnerability. Notably, this vulnerability is confined to the VmSwitch component within Hyper-V and does not affect the System Center Virtual Machine Manager (SCVMM).

This summary highlights key vulnerabilities for this Patch Tuesday. Notably, CVE-2024-43451, a NTLM hash disclosure vulnerability, poses a significant risk due to its exploitation potential with minimal user interaction. CVE-2024-49039, an elevation of privilege vulnerability, is actively exploited and requires immediate attention. Additionally, CVE-2024-49019 allows potential domain admin access, necessitating strict certificate management. Critical vulnerabilities like CVE-2024-43639 (CVSS 9.8) and CVE-2024-43625, while not currently exploited, demand proactive monitoring and security measures. Prioritize patching and monitoring to mitigate these risks effectively.

November 2024 Security Updates

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
.NET and Visual Studio Denial of Service Vulnerability
%%cve:2024-43499%% No No Important 7.5 6.5
.NET and Visual Studio Remote Code Execution Vulnerability
%%cve:2024-43498%% No No Critical 9.8 8.5
Active Directory Certificate Services Elevation of Privilege Vulnerability
%%cve:2024-49019%% Yes No Important 7.8 6.8
Airlift.microsoft.com Elevation of Privilege Vulnerability
%%cve:2024-49056%% No No Critical 7.3 6.4
Azure CycleCloud Remote Code Execution Vulnerability
%%cve:2024-43602%% No No Important 9.9 8.6
Chromium: CVE-2024-10826 Use after free in Family Experiences
%%cve:2024-10826%% No No    
Chromium: CVE-2024-10827 Use after free in Serial
%%cve:2024-10827%% No No    
LightGBM Remote Code Execution Vulnerability
%%cve:2024-43598%% No No Important 7.5 6.5
Microsoft Excel Remote Code Execution Vulnerability
%%cve:2024-49026%% No No Important 7.8 6.8
%%cve:2024-49027%% No No Important 7.8 6.8
%%cve:2024-49028%% No No Important 7.8 6.8
%%cve:2024-49029%% No No Important 7.8 6.8
%%cve:2024-49030%% No No Important 7.8 6.8
Microsoft Exchange Server Spoofing Vulnerability
%%cve:2024-49040%% Yes No Important 7.5 6.7
Microsoft Office Graphics Remote Code Execution Vulnerability
%%cve:2024-49031%% No No Important 7.8 6.8
%%cve:2024-49032%% No No Important 7.8 6.8
Microsoft PC Manager Elevation of Privilege Vulnerability
%%cve:2024-49051%% No No Important 7.8 6.8
Microsoft SQL Server Remote Code Execution Vulnerability
%%cve:2024-49021%% No No Important 7.8 6.8
Microsoft SharePoint Server Defense in Depth Update
ADV240001 No No None    
Microsoft Virtual Hard Disk (VHDX) Denial of Service Vulnerability
%%cve:2024-38264%% No No Important 5.9 5.2
Microsoft Windows VMSwitch Elevation of Privilege Vulnerability
%%cve:2024-43625%% No No Critical 8.1 7.1
Microsoft Word Security Feature Bypass Vulnerability
%%cve:2024-49033%% No No Important 7.5 6.5
Microsoft.SqlServer.XEvent.Configuration.dll Remote Code Execution Vulnerability
%%cve:2024-49043%% No No Important 7.8 6.8
NTLM Hash Disclosure Spoofing Vulnerability
%%cve:2024-43451%% Yes Yes Important 6.5 6.0
OpenSSL: CVE-2024-5535 SSL_select_next_proto buffer overread
%%cve:2024-5535%% No No 9.1 9.1
SQL Server Native Client Remote Code Execution Vulnerability
TorchGeo Remote Code Execution Vulnerability
%%cve:2024-49048%% No No Important 8.1 7.1
Visual Studio Code Python Extension Remote Code Execution Vulnerability
%%cve:2024-49050%% No No Important 8.8 7.7
Visual Studio Code Remote Extension Elevation of Privilege Vulnerability
%%cve:2024-49049%% No No Moderate 7.1 6.2
Visual Studio Elevation of Privilege Vulnerability
%%cve:2024-49044%% No No Important 6.7 5.8
Win32k Elevation of Privilege Vulnerability
%%cve:2024-43636%% No No Important 7.8 6.8
Windows Client-Side Caching Elevation of Privilege Vulnerability
%%cve:2024-43644%% No No Important 7.8 6.8
Windows DNS Spoofing Vulnerability
%%cve:2024-43450%% No No Important 7.5 6.5
Windows DWM Core Library Elevation of Privilege Vulnerability
%%cve:2024-43629%% No No Important 7.8 6.8
Windows Defender Application Control (WDAC) Security Feature Bypass Vulnerability
%%cve:2024-43645%% No No Important 6.7 5.8
Windows Hyper-V Denial of Service Vulnerability
%%cve:2024-43633%% No No Important 6.5 5.7
Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability
%%cve:2024-43624%% No No Important 8.8 7.7
Windows Kerberos Remote Code Execution Vulnerability
%%cve:2024-43639%% No No Critical 9.8 8.5
Windows Kernel Elevation of Privilege Vulnerability
%%cve:2024-43630%% No No Important 7.8 6.8
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
%%cve:2024-43640%% No No Important 7.8 6.8
Windows NT OS Kernel Elevation of Privilege Vulnerability
%%cve:2024-43623%% No No Important 7.8 6.8
Windows Package Library Manager Information Disclosure Vulnerability
%%cve:2024-38203%% No No Important 6.2 5.4
Windows Registry Elevation of Privilege Vulnerability
%%cve:2024-43452%% No No Important 7.5 6.5
%%cve:2024-43641%% No No Important 7.8 6.8
Windows SMB Denial of Service Vulnerability
%%cve:2024-43642%% No No Important 7.5 6.5
Windows SMBv3 Server Remote Code Execution Vulnerability
%%cve:2024-43447%% No No Important 8.1 7.1
Windows Secure Kernel Mode Elevation of Privilege Vulnerability
%%cve:2024-43631%% No No Important 6.7 5.8
%%cve:2024-43646%% No No Important 6.7 5.8
Windows Task Scheduler Elevation of Privilege Vulnerability
%%cve:2024-49039%% No Yes Important 8.8 8.2
Windows Telephony Service Elevation of Privilege Vulnerability
%%cve:2024-43626%% No No Important 7.8 6.8
Windows Telephony Service Remote Code Execution Vulnerability
%%cve:2024-43627%% No No Important 8.8 7.7
%%cve:2024-43628%% No No Important 8.8 7.7
%%cve:2024-43620%% No No Important 8.8 7.7
%%cve:2024-43621%% No No Important 8.8 7.7
%%cve:2024-43622%% No No Important 8.8 7.7
%%cve:2024-43635%% No No Important 8.8 7.7
Windows USB Video Class System Driver Elevation of Privilege Vulnerability
%%cve:2024-43634%% No No Important 6.8 5.9
%%cve:2024-43637%% No No Important 6.8 5.9
%%cve:2024-43638%% No No Important 6.8 5.9
%%cve:2024-43643%% No No Important 6.8 5.9
%%cve:2024-43449%% No No Important 6.8 5.9
Windows Update Stack Elevation of Privilege Vulnerability
%%cve:2024-43530%% No No Important 7.8 6.8
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
%%cve:2024-49046%% No No Important 7.8 6.8

 


Renato Marinho
LinkedIn|Twitter

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Leave a Reply

Your email address will not be published. Required fields are marked *