< Go Back
Blog

ION Advisory: November Patch Tuesday

Microsoft’s November Patch Tuesday update consists of 83 vulnerabilities for Microsoft products. Two vulnerabilities have already been exploited in the wild, and another 2 were disclosed earlier, while 3 “Critical” vulnerabilities need attention.

Critical Vulnerabilities

None of the following critical vulnerabilities below have been reported as being actively exploited or publicly disclosed:

  • CVE-2024-43498 – .NET and Visual Studio Remote Code Execution Vulnerability
    • A remote unauthenticated attacker could exploit this vulnerability – in the VmSwitch component within Hyper-V – by sending specially crafted requests to a vulnerable .NET webapp or by loading a specially crafted file into a vulnerable desktop app.
  • CVE-2024-43625 – Microsoft Windows VMSwitch Elevation of Privilege Vulnerability
    • An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
  • CVE-2024-43639 – Windows Kerberos Remote Code Execution Vulnerability
    • An unauthenticated attacker could use a specially crafted application to leverage a cryptographic protocol vulnerability in Windows Kerberos to perform remote code execution against the target.
  • CVE-2024-49056Airlift.microsoft.com Elevation of Privilege Vulnerability (fixed by Microsoft – no action required)

Active Exploitation

The following vulnerability has been reported as being actively exploited:

  • CVE-2024-49039 – Windows Task Scheduler Elevation of Privilege Vulnerability
    • To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application on the target system exploit the vulnerability to elevate their privileges to a Medium Integrity Level.

Publicly Disclosed

The following vulnerabilities have been reported as publicly disclosed, but not yet actively exploited:

  • CVE-2024-49019 – Active Directory Certificate Services Elevation of Privilege Vulnerability
    • An attacker who successfully exploited this vulnerability could gain domain administrator privileges. Read the FAQ provided by Microsoft, and the Technical Controls for Securing PKI Guide’s Securing Certificate Templates section
  • CVE-2024-49040 – Microsoft Exchange Server Spoofing Vulnerability
    • The information available about this vulnerability suggest that the vulnerability can be used to display erroneous data, and this may enable paths to launch phishing attacks or spoof organizations.

Notable Vulnerabilities

The following vulnerabilities were rated in the CVE system as more likely to be exploited by Microsoft:

  • CVE-2024-43451 – After user interaction(e.g. running malware), this vulnerability discloses a user’s NTLMv2 hash to the attacker who could use this to authenticate as the user. MSHTML, EdgeHTML, are still used for backward compatibility although Internet Explorer 11 has been retired.

Countermeasures and Patches

  • Apply patches as soon as possible, after appropriate testing.

References

SANS Report: Microsoft November 2024 Patch Tuesday – SANS Internet Storm Center

Patch-A-Palooza: PatchaPalooza

Sharing
Article By

Advanced Threat Operations Team
Ontinue - ATO

Ontinue’s Advanced Threat Operations (ATO) team leverages proactive threat identification, analysis, and mitigation to empower our customers with the resilience needed to tackle the constantly evolving threat landscape.

Balazs Greksza

Domenico de Vitto

 

Related Links
Keywords

Related Articles

Blog
(Podcast) CISO Takeaways from the ATO H1 2024 Threat Report

Listen Now >
eBook
1H 2024 Threat Intelligence Report

Read More >
Blog
Customer Advisory: New Remote Code Execution Vulnerability in printing facility (‘CUPS’) commonly found on Linux and similar systems 

Read More >
Blog
ION Advisory: October Patch Tuesday

Read More >
Blog
Key Findings from Ontinue’s 1H 2024 Threat Intelligence Report

Read More >