Microsoft November Patch Tuesday: 4 Zero-Days & 89 Vulnerabilities Patched

Microsoft released its latest Patch Tuesday update, addressing 89 security vulnerabilities across its software portfolio.

Four of these are classified as zero-day vulnerabilities, with two actively exploited in the wild. This patch release underscores the critical importance of timely updates to protect against potential cyber threats.

Zero-Day Vulnerabilities Patched

The four zero-day vulnerabilities patched in this update include two that attackers have actively exploited:

1. CVE-2024-43451 – NTLM Hash Disclosure Spoofing Vulnerability
   This vulnerability exposes NTLMv2 hashes to remote attackers through minimal user interaction, such as selecting or right-clicking on a malicious file. Attackers can use these hashes to authenticate as the user, potentially gaining unauthorized access to sensitive systems. This vulnerability has been actively exploited and poses a significant risk to all supported versions of Windows.
2. CVE-2024-49039 – Windows Task Scheduler Elevation of Privilege Vulnerability
   This flaw allows attackers to elevate their privileges by exploiting a vulnerability in the Windows Task Scheduler. Attackers can execute restricted RPC functions, potentially leading to unauthorized code execution or resource access. Like CVE-2024-43451, this vulnerability has been actively exploited.

Additionally, two other zero-day vulnerabilities were publicly disclosed but not yet actively exploited:

Free Ultimate Continuous Security Monitoring Guide - Download Here (PDF)

3. CVE-2024-49040 – Microsoft Exchange Server Spoofing Vulnerability
   This vulnerability allows attackers to spoof email addresses within Microsoft Exchange Server, potentially deceiving recipients into interacting with malicious content.
4. CVE-2024-49019 – Active Directory Certificate Services Elevation of Privilege Vulnerability
   Attackers could exploit this flaw to gain domain administrator privileges by leveraging weak authentication mechanisms in Active Directory Certificate Services.

Breakdown of Vulnerabilities

The 89 vulnerabilities addressed in this update span a wide range of categories:

• 52 Remote Code Execution (RCE) vulnerabilities: These flaws allow attackers to execute arbitrary code on vulnerable systems remotely.
• 26 Elevation of Privilege (EoP) vulnerabilities: These enable attackers to gain higher-level access than they are authorized.
• 4 Denial of Service (DoS) vulnerabilities: These can disrupt services by overloading systems.
• 3 Spoofing vulnerabilities
• 2 Security Feature Bypass (SFB) vulnerabilities
• 1 Information Disclosure vulnerability.

Critical Vulnerabilities

Four vulnerabilities have been rated as critical by Microsoft due to their potential for severe exploitation:

1. CVE-2024-43639 – Windows Kerberos Remote Code Execution Vulnerability
   This vulnerability could allow an attacker to execute remote code by exploiting weaknesses in the Windows Kerberos cryptographic protocol. Although classified as critical, Microsoft has assessed that exploitation is less likely due to the complexity involved.
2. CVE-2024-43625 – Hyper-V VMSwitch Elevation of Privilege Vulnerability
   An attacker could exploit this flaw by sending specially crafted network packets, potentially gaining elevated privileges on a Hyper-V host.
3. CVE-2024-43498 – .NET and Visual Studio Remote Code Execution Vulnerability
   This critical RCE flaw could allow attackers to execute arbitrary code by sending specially crafted requests to vulnerable .NET applications.
4. CVE-2024-43602 – Azure CycleCloud Remote Code Execution Vulnerability
   If an attacker gains basic user privileges, they could exploit this flaw to gain root privileges on an Azure CycleCloud cluster.

Given the severity of these vulnerabilities, particularly the two zero-days being actively exploited, it is crucial for organizations and users to apply these patches immediately. Delaying updates could leave systems exposed to attacks that leverage these flaws.

For Windows users, cumulative updates are available for both Windows 10 and Windows 11 versions via Windows Update or manual download from the Microsoft Update Catalog. Administrators managing large environments should prioritize patching systems vulnerable to the most critical and actively exploited flaws.

Microsoft’s November Patch Tuesday highlights the ongoing need for vigilance in cybersecurity as attackers continue to exploit zero-day vulnerabilities. Keeping systems up-to-date is one of the most effective ways to mitigate potential risks from these security flaws.

Other Vulnerabilities Patched in November 2024

• Citrix Patches Virtual Apps & Desktops RCE Vulnerability
• SAP Security Update: Patch For High Severity Vulnerabilities
• Epson Devices Vulnerability Let Attackers Create Rogue Admin Accounts
• Palo Alto Networks Warns Of Critical PAN-OS Remote Code Execution Vulnerability
• Cisco Industrial Wireless Software Flaw Let Attackers Run Command As Root User
• Multiple Vulnerabilities in HPE Aruba Access Points Let Attackers Execute Remote Code
• Azure API Management Flaws Let Attackers Take Full Control APIM Service
• Chrome Security Update: Patch for Multiple High Severity Vulnerabilities
• Rockwell ThinManager Vulnerability Exposes Systems To DoS Condition
• Android Zero-Day Vulnerabilities Actively Exploited In Attacks, Patch Now!
• Critical QNAP Zero-day Flaw in QuRouter Patched, Update Now!
• PfSense Stored XSS Vulnerability Leads To RCE Attacks, PoC Published
• Okta Verify Agent Windows Flaw Let Attackers Steal User Passwords
• Opera Browser 0-Day Flaw Allows Malicious Extensions to Takeover Browser
• Critical qBittorrent RCE Vulnerability Let Attackers Inject Malicious Script
• Hikvision Network Camera Flaw Let Attackers Intercept Dynamic DNS Credentials

Run private, Real-time Malware Analysis in both Windows & Linux VMs. Get a 14-day free trial with ANY.RUN!