This week marked the arrival of the monthly scheduled updates from Microsoft. With November 2024 Patch Tuesday, Microsoft addressed around 90 different security vulnerabilities across various products.
Multiple Zero-Day Vulnerabilities Addressed
With November Patch Tuesday, Microsoft addressed multiple serious vulnerabilities, including some publicly known and actively exploited flaws, affecting different services.
The most important of these vulnerabilities is CVE-2024-43498. Microsoft defined it as a critical-severity remote code execution vulnerability affecting .NET and Visual Studio. An unauthenticated, remote attacker could exploit the flaw by sending maliciously crafted requests to the target .NET web app or uploading a malicious file on a vulnerable system. This vulnerability received a CVSS score of 9.8. Although Microsoft didn’t mention it as a zero-day, ZDI believes it is one, as they found a report highlighting a similar issue.
Nonetheless, the tech giant did admit the following two flaws as zero-day vulnerabilities.
- CVE-2024-43451 (important; CVSS 6.5): A spoofing vulnerability that could disclose a user’s NTLMv2 hash, allowing fraudulent user authentication by an adversary. Exploiting the flaw required the attacker to trick the target user into clicking or interacting with a maliciously crafted file. Microsoft confirmed that it detected active exploitation of the flaw following public disclosure.
- CVE-2024-49039 (important; CVSS 8.8): A privilege escalation vulnerability in Windows Task Scheduler that was attacked before a fix could arrive. Exploiting the flaw required the attacker to run a maliciously crafted app on the target system. Once done, the attacker could gain elevated privileges and execute RPC functions.
- CVE-2024-49019 (important; CVSS 7.8): A privilege escalation flaw in Active Directory Certificate Services. Microsoft confirmed public disclosure of the flaw before a fix, yet they did not detect any exploitation attempts. Exploiting this vulnerability could give an adversary domain administrator privileges. Microsoft listed several measures in their advisory to mitigate the flaw.
Other Patch Tuesday November Updates From Microsoft
Apart from the above, Microsoft also addressed three critical vulnerabilities this month. These include,
- CVE-2024-49056 (critical; CVSS 7.3): An authentication bypass vulnerability affected airlift.microsoft.com. Exploiting the flaw could let an authorized attacker gain elevated privileges.
- CVE-2024-43625 (critical; CVSS 8.1): A privilege escalation issue affecting the VmSwitch component within Hyper-V.
- CVE-2024-43639 (critical; CVSS 9.8): A remote code execution flaw affecting Windows Kerberos.
This month, Microsoft patched 89 security issues, including 84 vulnerabilities of important severity and a single moderate-severity privilege escalation flaw.
Let us know your thoughts in the comments.