⚡ TL;DR | Go Straight to the November 2024 Patch Tuesday Audit Report
Patch Tuesday is once again upon us. As always, our team has put together the monthly Patch Tuesday Report to help you manage your update progress. The audit report gives you a quick and clear overview of your Windows machines and their patching status. The November 2024 edition of Patch Tuesday brings us 88 new fixes, with 4 rated as critical and 2 exploited. We’ve listed the most important changes below.
Windows Task Scheduler Elevation of Privilege Vulnerability
The most critical vulnerability this month is CVE-2024-49039. This vulnerability is being actively exploited already and has a CVSS 3.1 base score of 8.8. If exploited successfully, the attacker could escalate their privileges to execute code or access resources with a higher integrity level than the AppContainer execution environment.
Regarding how exploitation would occur, Microsoft lists the following:
To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application on the target system exploit the vulnerability to elevate their privileges to a Medium Integrity Level.
NTLM Hash Disclosure Spoofing Vulnerability
The second actively exploited vulnerability this month is CVE-2024-43451. The vulnerability, which has a slightly lower CVSS base score of 6.5, exposes a user’s NTLMv2 hash to an attacker, allowing them to authenticate as the user.
Exploitation can be triggered by minimal user interaction with a malicious file, such as selecting (single-click), inspecting (right-click), or performing any action other than opening or executing the file.
Additionally, Microsoft released Internet Explorer patches for Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012 R2 with the following notes:
While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control. The EdgeHTML platform is used by WebView and some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but can also be used by other legacy applications. Updates to address vulnerabilities in the MSHTML platform and scripting engine are included in the IE Cumulative Updates; EdgeHTML and Chakra changes are not applicable to those platforms.
To stay fully protected, we recommend that customers who install Security Only updates install the IE Cumulative updates for this vulnerability.
Active Directory Certificate Services Elevation of Privilege Vulnerability
The last highlight of this month is CVE-2024-49019. This vulnerability has not yet been actively exploited, but Microsoft does list it as «more likely» to be exploited. The primary concern with this vulnerability is that, if exploited, an attacker who successfully exploits this vulnerability can gain domain administrator privileges.
Microsoft does provide some information on how you can check if any of your certificates are affected:
How do I know if my PKI environment is vulnerable to this type of attack?
Check if you have published any certificates created using a version 1 certificate template where the Source of subject name is set to «Supplied in the request» and the Enroll permissions are granted to a broader set of accounts, such as domain users or domain computers. An example is the built-in Web Server template, but it is not vulnerable by default due to its restricted Enroll permissions.
What types of certificates are vulnerable to this type of attack?
Certificates created using a version 1 certificate template with Source of subject name set to «Supplied in the request» are potentially vulnerable if the template is not secured according to the best practices published in the Securing Certificate Templates section of Securing PKI: Technical Controls for Securing PKI | Microsoft Learn.
Run the Patch Tuesday November 2024 Audit
To help manage your update progress, we’ve created the Patch Tuesday Audit that checks if the assets in your network are on the latest patch updates. The report has been color-coded to see which machines are up-to-date and which ones still need to be updated. As always, system administrators are urged to update their environment as soon as possible to ensure all endpoints are secured.
The Lansweeper Patch Tuesday report is automatically added to your Lansweeper Site. Lansweeper Sites is included in all our licenses without any additional cost and allows you to federate all your installations into one single view so all you need to do is look at one report, automatically added every patch Tuesday!
Patch Tuesday November 2024 CVE Codes & Titles
CVE Number | CVE Title |
CVE-2024-5535 | OpenSSL: CVE-2024-5535 SSL_select_next_proto buffer overread |
CVE-2024-49056 | Airlift.microsoft.com Elevation of Privilege Vulnerability |
CVE-2024-49051 | Microsoft PC Manager Elevation of Privilege Vulnerability |
CVE-2024-49050 | Visual Studio Code Python Extension Remote Code Execution Vulnerability |
CVE-2024-49049 | Visual Studio Code Remote Extension Elevation of Privilege Vulnerability |
CVE-2024-49048 | TorchGeo Remote Code Execution Vulnerability |
CVE-2024-49046 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability |
CVE-2024-49044 | Visual Studio Elevation of Privilege Vulnerability |
CVE-2024-49043 | Microsoft.SqlServer.XEvent.Configuration.dll Remote Code Execution Vulnerability |
CVE-2024-49040 | Microsoft Exchange Server Spoofing Vulnerability |
CVE-2024-49039 | Windows Task Scheduler Elevation of Privilege Vulnerability |
CVE-2024-49033 | Microsoft Word Security Feature Bypass Vulnerability |
CVE-2024-49032 | Microsoft Office Graphics Remote Code Execution Vulnerability |
CVE-2024-49031 | Microsoft Office Graphics Remote Code Execution Vulnerability |
CVE-2024-49030 | Microsoft Excel Remote Code Execution Vulnerability |
CVE-2024-49029 | Microsoft Excel Remote Code Execution Vulnerability |
CVE-2024-49028 | Microsoft Excel Remote Code Execution Vulnerability |
CVE-2024-49027 | Microsoft Excel Remote Code Execution Vulnerability |
CVE-2024-49026 | Microsoft Excel Remote Code Execution Vulnerability |
CVE-2024-49021 | Microsoft SQL Server Remote Code Execution Vulnerability |
CVE-2024-49019 | Active Directory Certificate Services Elevation of Privilege Vulnerability |
CVE-2024-49018 | SQL Server Native Client Remote Code Execution Vulnerability |
CVE-2024-49017 | SQL Server Native Client Remote Code Execution Vulnerability |
CVE-2024-49016 | SQL Server Native Client Remote Code Execution Vulnerability |
CVE-2024-49015 | SQL Server Native Client Remote Code Execution Vulnerability |
CVE-2024-49014 | SQL Server Native Client Remote Code Execution Vulnerability |
CVE-2024-49013 | SQL Server Native Client Remote Code Execution Vulnerability |
CVE-2024-49012 | SQL Server Native Client Remote Code Execution Vulnerability |
CVE-2024-49011 | SQL Server Native Client Remote Code Execution Vulnerability |
CVE-2024-49010 | SQL Server Native Client Remote Code Execution Vulnerability |
CVE-2024-49009 | SQL Server Native Client Remote Code Execution Vulnerability |
CVE-2024-49008 | SQL Server Native Client Remote Code Execution Vulnerability |
CVE-2024-49007 | SQL Server Native Client Remote Code Execution Vulnerability |
CVE-2024-49006 | SQL Server Native Client Remote Code Execution Vulnerability |
CVE-2024-49005 | SQL Server Native Client Remote Code Execution Vulnerability |
CVE-2024-49004 | SQL Server Native Client Remote Code Execution Vulnerability |
CVE-2024-49003 | SQL Server Native Client Remote Code Execution Vulnerability |
CVE-2024-49002 | SQL Server Native Client Remote Code Execution Vulnerability |
CVE-2024-49001 | SQL Server Native Client Remote Code Execution Vulnerability |
CVE-2024-49000 | SQL Server Native Client Remote Code Execution Vulnerability |
CVE-2024-48999 | SQL Server Native Client Remote Code Execution Vulnerability |
CVE-2024-48998 | SQL Server Native Client Remote Code Execution Vulnerability |
CVE-2024-48997 | SQL Server Native Client Remote Code Execution Vulnerability |
CVE-2024-48996 | SQL Server Native Client Remote Code Execution Vulnerability |
CVE-2024-48995 | SQL Server Native Client Remote Code Execution Vulnerability |
CVE-2024-48994 | SQL Server Native Client Remote Code Execution Vulnerability |
CVE-2024-48993 | SQL Server Native Client Remote Code Execution Vulnerability |
CVE-2024-43646 | Windows Secure Kernel Mode Elevation of Privilege Vulnerability |
CVE-2024-43645 | Windows Defender Application Control (WDAC) Security Feature Bypass Vulnerability |
CVE-2024-43644 | Windows Client-Side Caching Elevation of Privilege Vulnerability |
CVE-2024-43643 | Windows USB Video Class System Driver Elevation of Privilege Vulnerability |
CVE-2024-43642 | Windows SMB Denial of Service Vulnerability |
CVE-2024-43641 | Windows Registry Elevation of Privilege Vulnerability |
CVE-2024-43640 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability |
CVE-2024-43639 | Windows Kerberos Remote Code Execution Vulnerability |
CVE-2024-43638 | Windows USB Video Class System Driver Elevation of Privilege Vulnerability |
CVE-2024-43637 | Windows USB Video Class System Driver Elevation of Privilege Vulnerability |
CVE-2024-43636 | Win32k Elevation of Privilege Vulnerability |
CVE-2024-43635 | Windows Telephony Service Remote Code Execution Vulnerability |
CVE-2024-43634 | Windows USB Video Class System Driver Elevation of Privilege Vulnerability |
CVE-2024-43633 | Windows Hyper-V Denial of Service Vulnerability |
CVE-2024-43631 | Windows Secure Kernel Mode Elevation of Privilege Vulnerability |
CVE-2024-43630 | Windows Kernel Elevation of Privilege Vulnerability |
CVE-2024-43629 | Windows DWM Core Library Elevation of Privilege Vulnerability |
CVE-2024-43628 | Windows Telephony Service Remote Code Execution Vulnerability |
CVE-2024-43627 | Windows Telephony Service Remote Code Execution Vulnerability |
CVE-2024-43626 | Windows Telephony Service Elevation of Privilege Vulnerability |
CVE-2024-43625 | Microsoft Windows VMSwitch Elevation of Privilege Vulnerability |
CVE-2024-43624 | Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability |
CVE-2024-43623 | Windows NT OS Kernel Elevation of Privilege Vulnerability |
CVE-2024-43622 | Windows Telephony Service Remote Code Execution Vulnerability |
CVE-2024-43621 | Windows Telephony Service Remote Code Execution Vulnerability |
CVE-2024-43620 | Windows Telephony Service Remote Code Execution Vulnerability |
CVE-2024-43602 | Azure CycleCloud Remote Code Execution Vulnerability |
CVE-2024-43598 | LightGBM Remote Code Execution Vulnerability |
CVE-2024-43530 | Windows Update Stack Elevation of Privilege Vulnerability |
CVE-2024-43499 | .NET and Visual Studio Denial of Service Vulnerability |
CVE-2024-43498 | .NET and Visual Studio Remote Code Execution Vulnerability |
CVE-2024-43462 | SQL Server Native Client Remote Code Execution Vulnerability |
CVE-2024-43459 | SQL Server Native Client Remote Code Execution Vulnerability |
CVE-2024-43452 | Windows Registry Elevation of Privilege Vulnerability |
CVE-2024-43451 | NTLM Hash Disclosure Spoofing Vulnerability |
CVE-2024-43450 | Windows DNS Spoofing Vulnerability |
CVE-2024-43449 | Windows USB Video Class System Driver Elevation of Privilege Vulnerability |
CVE-2024-43447 | Windows SMBv3 Server Remote Code Execution Vulnerability |
CVE-2024-38264 | Microsoft Virtual Hard Disk (VHDX) Denial of Service Vulnerability |
CVE-2024-38255 | SQL Server Native Client Remote Code Execution Vulnerability |
CVE-2024-38203 | Windows Package Library Manager Information Disclosure Vulnerability |