Jetzt Ausprobieren
Patch Tuesday

Microsoft Patch Tuesday – November 2024

8 min. read
12/11/2024
By Esben Dochy
Microsoft Patch Tuesday

⚡ TL;DR | Go Straight to the November 202Patch Tuesday Audit Report

Patch Tuesday is once again upon us. As always, our team has put together the monthly Patch Tuesday Report to help you manage your update progress. The audit report gives you a quick and clear overview of your Windows machines and their patching status. The November 2024 edition of Patch Tuesday brings us 88 new fixes, with 4 rated as critical and 2 exploited. We’ve listed the most important changes below.

Windows Task Scheduler Elevation of Privilege Vulnerability

The most critical vulnerability this month is CVE-2024-49039. This vulnerability is being actively exploited already and has a CVSS 3.1 base score of 8.8. If exploited successfully, the attacker could escalate their privileges to execute code or access resources with a higher integrity level than the AppContainer execution environment.

Regarding how exploitation would occur, Microsoft lists the following:

To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application on the target system exploit the vulnerability to elevate their privileges to a Medium Integrity Level.

NTLM Hash Disclosure Spoofing Vulnerability

The second actively exploited vulnerability this month is CVE-2024-43451. The vulnerability, which has a slightly lower CVSS base score of 6.5, exposes a user’s NTLMv2 hash to an attacker, allowing them to authenticate as the user.

Exploitation can be triggered by minimal user interaction with a malicious file, such as selecting (single-click), inspecting (right-click), or performing any action other than opening or executing the file.

Additionally, Microsoft released Internet Explorer patches for Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012 R2 with the following notes:

While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control. The EdgeHTML platform is used by WebView and some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but can also be used by other legacy applications. Updates to address vulnerabilities in the MSHTML platform and scripting engine are included in the IE Cumulative Updates; EdgeHTML and Chakra changes are not applicable to those platforms.

To stay fully protected, we recommend that customers who install Security Only updates install the IE Cumulative updates for this vulnerability.

Active Directory Certificate Services Elevation of Privilege Vulnerability

The last highlight of this month is CVE-2024-49019. This vulnerability has not yet been actively exploited, but Microsoft does list it as „more likely“ to be exploited. The primary concern with this vulnerability is that, if exploited, an attacker who successfully exploits this vulnerability can gain domain administrator privileges.

Microsoft does provide some information on how you can check if any of your certificates are affected:

How do I know if my PKI environment is vulnerable to this type of attack?

Check if you have published any certificates created using a version 1 certificate template where the Source of subject name is set to „Supplied in the request“ and the Enroll permissions are granted to a broader set of accounts, such as domain users or domain computers. An example is the built-in Web Server template, but it is not vulnerable by default due to its restricted Enroll permissions.

What types of certificates are vulnerable to this type of attack?

Certificates created using a version 1 certificate template with Source of subject name set to „Supplied in the request“ are potentially vulnerable if the template is not secured according to the best practices published in the Securing Certificate Templates section of Securing PKI: Technical Controls for Securing PKI | Microsoft Learn.

Run the Patch Tuesday November 2024 Audit

To help manage your update progress, we’ve created the Patch Tuesday Audit that checks if the assets in your network are on the latest patch updates. The report has been color-coded to see which machines are up-to-date and which ones still need to be updated. As always, system administrators are urged to update their environment as soon as possible to ensure all endpoints are secured.

The Lansweeper Patch Tuesday report is automatically added to your Lansweeper Site. Lansweeper Sites is included in all our licenses without any additional cost and allows you to federate all your installations into one single view so all you need to do is look at one report, automatically added every patch Tuesday!

Patch Tuesday November 2024 CVE Codes & Titles

CVE NumberCVE Title
CVE-2024-5535OpenSSL: CVE-2024-5535 SSL_select_next_proto buffer overread
CVE-2024-49056Airlift.microsoft.com Elevation of Privilege Vulnerability
CVE-2024-49051Microsoft PC Manager Elevation of Privilege Vulnerability
CVE-2024-49050Visual Studio Code Python Extension Remote Code Execution Vulnerability
CVE-2024-49049Visual Studio Code Remote Extension Elevation of Privilege Vulnerability
CVE-2024-49048TorchGeo Remote Code Execution Vulnerability
CVE-2024-49046Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
CVE-2024-49044Visual Studio Elevation of Privilege Vulnerability
CVE-2024-49043Microsoft.SqlServer.XEvent.Configuration.dll Remote Code Execution Vulnerability
CVE-2024-49040Microsoft Exchange Server Spoofing Vulnerability
CVE-2024-49039Windows Task Scheduler Elevation of Privilege Vulnerability
CVE-2024-49033Microsoft Word Security Feature Bypass Vulnerability
CVE-2024-49032Microsoft Office Graphics Remote Code Execution Vulnerability
CVE-2024-49031Microsoft Office Graphics Remote Code Execution Vulnerability
CVE-2024-49030Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-49029Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-49028Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-49027Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-49026Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-49021Microsoft SQL Server Remote Code Execution Vulnerability
CVE-2024-49019Active Directory Certificate Services Elevation of Privilege Vulnerability
CVE-2024-49018SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49017SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49016SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49015SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49014SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49013SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49012SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49011SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49010SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49009SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49008SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49007SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49006SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49005SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49004SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49003SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49002SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49001SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49000SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-48999SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-48998SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-48997SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-48996SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-48995SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-48994SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-48993SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-43646Windows Secure Kernel Mode Elevation of Privilege Vulnerability
CVE-2024-43645Windows Defender Application Control (WDAC) Security Feature Bypass Vulnerability
CVE-2024-43644Windows Client-Side Caching Elevation of Privilege Vulnerability
CVE-2024-43643Windows USB Video Class System Driver Elevation of Privilege Vulnerability
CVE-2024-43642Windows SMB Denial of Service Vulnerability
CVE-2024-43641Windows Registry Elevation of Privilege Vulnerability
CVE-2024-43640Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
CVE-2024-43639Windows Kerberos Remote Code Execution Vulnerability
CVE-2024-43638Windows USB Video Class System Driver Elevation of Privilege Vulnerability
CVE-2024-43637Windows USB Video Class System Driver Elevation of Privilege Vulnerability
CVE-2024-43636Win32k Elevation of Privilege Vulnerability
CVE-2024-43635Windows Telephony Service Remote Code Execution Vulnerability
CVE-2024-43634Windows USB Video Class System Driver Elevation of Privilege Vulnerability
CVE-2024-43633Windows Hyper-V Denial of Service Vulnerability
CVE-2024-43631Windows Secure Kernel Mode Elevation of Privilege Vulnerability
CVE-2024-43630Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-43629Windows DWM Core Library Elevation of Privilege Vulnerability
CVE-2024-43628Windows Telephony Service Remote Code Execution Vulnerability
CVE-2024-43627Windows Telephony Service Remote Code Execution Vulnerability
CVE-2024-43626Windows Telephony Service Elevation of Privilege Vulnerability
CVE-2024-43625Microsoft Windows VMSwitch Elevation of Privilege Vulnerability
CVE-2024-43624Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability
CVE-2024-43623Windows NT OS Kernel Elevation of Privilege Vulnerability
CVE-2024-43622Windows Telephony Service Remote Code Execution Vulnerability
CVE-2024-43621Windows Telephony Service Remote Code Execution Vulnerability
CVE-2024-43620Windows Telephony Service Remote Code Execution Vulnerability
CVE-2024-43602Azure CycleCloud Remote Code Execution Vulnerability
CVE-2024-43598LightGBM Remote Code Execution Vulnerability
CVE-2024-43530Windows Update Stack Elevation of Privilege Vulnerability
CVE-2024-43499.NET and Visual Studio Denial of Service Vulnerability
CVE-2024-43498.NET and Visual Studio Remote Code Execution Vulnerability
CVE-2024-43462SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-43459SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-43452Windows Registry Elevation of Privilege Vulnerability
CVE-2024-43451NTLM Hash Disclosure Spoofing Vulnerability
CVE-2024-43450Windows DNS Spoofing Vulnerability
CVE-2024-43449Windows USB Video Class System Driver Elevation of Privilege Vulnerability
CVE-2024-43447Windows SMBv3 Server Remote Code Execution Vulnerability
CVE-2024-38264Microsoft Virtual Hard Disk (VHDX) Denial of Service Vulnerability
CVE-2024-38255SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-38203Windows Package Library Manager Information Disclosure Vulnerability