Microsoft Patch Tuesday security updates for November 2024 fix two actively exploited zero-days

Article thumbnail image

This post was originally published on Security Affairs. It can be found here.

Microsoft Patch Tuesday security updates for November 2024 addressed 89 vulnerabilities, including two actively exploited zero-day flaws.

Microsoft Patch Tuesday security updates for November 2024 fixed 89 vulnerabilities in Windows and Windows Components; Office and Office Components; Azure; .NET and Visual Studio; LightGBM; Exchange Server; SQL Server; TorchGeo; Hyper-V; and Windows VMSwitch.

Four of these vulnerabilities are rated Critical, 84 are rated Important, and one is rated Moderate in severity. Microsoft has addressed a total of 949 vulnerabilities this year.

“Microsoft lists three of these CVEs as publicly known, but I disagree and put the count at five (more on that later).” reads the post published by the Zero Day Initiative. “They also list two as being exploited in the wild at the time of release. Let’s take a closer look at some of the more interesting updates for this month, starting with the vulnerabilities currently under active attack:”

Two of the vulnerabilities, tracked as CVE-2024-43451 and CVE-2024-49039, are listed as being exploited in the wild at the time of release. Below are the descriptions for these two vulnerabilities:

  • CVE-2024-43451: An NTLM Hash Disclosure Spoofing vulnerability in MSHTML allows attackers to extract a user’s NTLMv2 hash via Internet Explorer components in WebBrowser control. Although user interaction is needed, attackers can still exploit this to impersonate the victim. Immediate patching is recommended.
  • CVE-2024-49039: A Windows Task Scheduler privilege escalation flaw allows AppContainer escape, enabling low-privileged users to run code at Medium integrity. Discovered by multiple researchers, it is actively exploited, especially across different regions, highlighting its potential impact.

The most severe vulnerability addressed by the IT giant is an Azure CycleCloud Remote Code Execution issue tracked as CVE-2024-43602 (CVSS score of 9.9). An attacker with basic user permissions can exploit Azure CycleCloud by sending crafted requests to gain root access, allowing command execution across clusters and potential administrator credential compromise.

Microsoft also addressed a .NET and Visual Studio Remote Code Execution issue tracked as CVE-2024-43498 (CVSS score 9.8). CVE-2024-43498 allows remote code execution via crafted requests to .NET web apps or files loaded by desktop apps.

The full list of vulnerabilities Microsoft addresses with Patch Tuesday security updates for November 2024 is available here.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Patch Tuesday)

This post was originally published on this site

Forum Search

Partners & Sponsors
  • University of Baltimore
  • Towson University
  • Bureau of Justice Assistance
  • National Science Foundation
LATEST FORUM POSTS
Test post2

Test Post2

By Demo User12, 11 months ago

Finding internships

Hello, Has anyone here secured any forensic related internships for 2024? I'm collecting some data and wanted to know what...

By AP Malla, 11 months ago

Beginner network forensic investigation

How should I approach network forensic? Would you recommend learning tools like WireShark?

By AP Malla, 11 months ago

Cyber Forensic Employment: High level guidelines

Understand the Basics: Know the Field: Cyber forensics involves investigating digital crimes, analyzing electronic data, and recovering hidden, deleted, or...

By AP Malla, 12 months ago

LATEST POSTS