Vulnerability Watch

Forum Discussion

scaveza's avatar
scaveza
Product Team
11 months ago

Microsoft’s November 2024 Patch Tuesday Addresses 87 CVEs (CV

Microsoft’s November 2024 Patch Tuesday Addresses 87 CVEs (CVE-2024-43451, CVE-2024-49039)

On November 12, Microsoft released its November 2024 Patch Tuesday release which patched 87 CVEs and one advisory with four rated critical, 82 rated important and one rated moderate.

This month's update included patches for four zero-day vulnerabilities, two of which were exploited in the wild.

CVE-2024-43451 is a NTLM hash spoofing vulnerability in Microsoft Windows. It was assigned a CVSSv3 score of 6.5 and is rated as important. According to Microsoft, CVE-2024-43451 was exploited in the wild as a zero-day. No further details about this vulnerability were available at the time this blog post was published.

CVE-2024-49039 is an EoP vulnerability in the Microsoft Windows Task Scheduler. It was assigned a CVSSv3 score of 8.8 and is rated as important. An attacker with local access to a vulnerable system could exploit this vulnerability by running a specially crafted application. According to Microsoft, CVE-2024-49039 was exploited in the wild as a zero-day. At the time our blog post was published, no further details about in-the-wild exploitation were available.

This month’s update includes patches for:

  • .NET and Visual Studio
  • Airlift.microsoft.com
  • Azure CycleCloud
  • Azure Database for PostgreSQL
  • LightGBM
  • Microsoft Exchange Server
  • Microsoft Graphics Component
  • Microsoft Office Excel
  • Microsoft Office Word
  • Microsoft PC Manager
  • Microsoft Virtual Hard Drive
  • Microsoft Windows DNS
  • Role: Windows Hyper-V
  • SQL Server
  • TorchGeo
  • Visual Studio
  • Visual Studio Code
  • Windows Active Directory Certificate Services
  • Windows CSC Service
  • Windows DWM Core Library
  • Windows Defender Application Control (WDAC)
  • Windows Kerberos
  • Windows Kernel
  • Windows NT OS Kernel
  • Windows NTLM
  • Windows Package Library Manager
  • Windows Registry
  • Windows SMB
  • Windows SMBv3 Client/Server
  • Windows Secure Kernel Mode
  • Windows Task Scheduler
  • Windows Telephony Service
  • Windows USB Video Driver
  • Windows Update Stack
  • Windows VMSwitch
  • Windows Win32 Kernel Subsystem

For more information, please visit our blog.

Cyber Exposure Alerts
No RepliesBe the first to reply

Recent Discussions