Welcome to November's Patch Tuesday overview, where we take you through the highlights of Microsoft's Patch Tuesday security updates, released on November 12th, 2024.
This month, Microsoft has released updates for 92 vulnerabilities, of which 4 are Zero Day vulnerabilities - with two already being actively exploited in the wild! You can find the full list of vulnerabilities here.
What is Patch Tuesday?
Every second Tuesday of the month, Microsoft releases a batch of critical security updates known as Patch Tuesday. These updates are essential for maintaining the security and stability of your systems. The November 2024 Patch Tuesday, released on November 12th 2024, addresses several high-severity vulnerabilities across various Microsoft products. This blog post will guide you through the key updates, the affected products, and what actions you need to take to ensure your systems remain secure.
Key Updates in November 2024
- 92 new vulnerabilities disclosed
- 4 publicly disclosed zero-days, 2 of which are being actively exploited
- 4 critical vulnerabilities (2 Remote Code Execution, 2 Elevation of Privilege)
Zero Day Vulnerabilities
CVE-2024-49039 - Windows Task Scheduler Elevation of Privilege Vulnerability (❗ Actively Exploited)
- Description: This vulnerability allows an attacker to gain elevated privileges on a Windows system through the Task Scheduler. Exploitation could lead to unauthorized administrative access, compromising system integrity and confidentiality.
- CVSS Score: 7.8 (High)
CVE-2024-49019 - Active Directory Certificate Services Elevation of Privilege Vulnerability
- Description: An elevation of privilege vulnerability in Active Directory Certificate Services could enable an attacker to gain higher-level permissions within the network, potentially leading to broader system compromise.
- CVSS Score: 7.2 (High)
CVE-2024-43451 - NTLM Hash Disclosure Spoofing Vulnerability (❗ Actively Exploited)
- Description: This spoofing vulnerability involves the disclosure of NTLM hashes, which could allow an attacker to impersonate a user and gain unauthorized access to network resources.
- CVSS Score: 6.5 (Medium)
CVE-2024-49040 - Microsoft Exchange Server Spoofing Vulnerability
-
- Description: A spoofing vulnerability in Microsoft Exchange Server that could allow an attacker to impersonate a user or service, potentially leading to unauthorized access or information disclosure.
- CVSS Score: 5.4 (Medium)
Critical Vulnerability Summary
-
CVE-2024-43498 - .NET and Visual Studio Remote Code Execution Vulnerability
- Description: This vulnerability allows an attacker to execute arbitrary code remotely within the context of the .NET framework and Visual Studio. Exploitation could lead to unauthorized control over affected systems, compromising data integrity and system availability.
- CVSS Score: 9.8 (Critical)
CVE-2024-43639 - Windows Kerberos Remote Code Execution Vulnerability
- Description: A remote code execution vulnerability in Windows Kerberos could allow an attacker to execute arbitrary code on the target system, potentially leading to full system compromise.
- CVSS Score: 9.8 (Critical)
CVE-2024-49056 - Airlift.microsoft.com Elevation of Privilege Vulnerability
- Description: An elevation of privilege vulnerability in Airlift.microsoft.com could enable an attacker to gain higher-level permissions within the network, potentially leading to broader system compromise.
- CVSS Score: 7.2 (High)
CVE-2024-43625 - Microsoft Windows VMSwitch Elevation of Privilege Vulnerability
- Description: An elevation of privilege vulnerability in Microsoft Windows VMSwitch could allow an attacker to gain elevated privileges on the system, potentially leading to unauthorized access and control.
- CVSS Score: 7.2 (High)
Actions to Take:
1. Prioritize Critical Patches
Focus on addressing zero-day vulnerabilities that are actively exploited, particularly:
- Remote Code Execution vulnerabilities in .NET and Visual Studio (CVE-2024-43498) and Windows Kerberos (CVE-2024-43639).
- Elevation of Privilege vulnerabilities in Windows Task Scheduler, Airlift.microsoft.com, and VMSwitch (CVE-2024-49039, CVE-2024-49056, CVE-2024-43625).
Apply patches immediately for these to prevent unauthorized access, code execution, or privilege escalation that could lead to full system compromise.
2. Update Microsoft Exchange Servers
- Address Microsoft Exchange Server spoofing vulnerabilities to protect against impersonation risks (CVE-2024-49040). Timely updates to Exchange Server are essential, particularly for environments exposed to external access..
3. Strengthen NTLM and Active Directory Security
- Apply patches for NTLM Hash Disclosure Spoofing (CVE-2024-43451) and Active Directory Certificate Services Elevation of Privilege vulnerabilities. These address risks associated with credential theft, unauthorized access, and network compromise.
4. Patch All Affected Microsoft Products
- Ensure updates are applied across Windows OS, Visual Studio, .NET Framework, Exchange Server, Kerberos, and any other affected Microsoft products.
- Use centralized update management to enforce consistency and monitor for any patch installation failures.
5. Verify and Test Critical Systems
- For production environments, test patches in staging before deploying to ensure compatibility and reduce operational disruption.
- After applying patches, verify that systems and applications are functioning as expected.
If you have any questions about Patch Tuesday, or feedback on this blog please
reach out to us: hello@roboshadow.com
Thanks for reading!