November 2024 Microsoft Patches: Addressing Zero-Day Exploits and High-Priority Vulnerabilities
Summary
OEM | Microsoft |
Severity | High |
Date of Announcement | 2024-11-13 |
NO. of Vulnerabilities Patched | 89 |
Actively Exploited | 02 |
Exploited in Wild | Yes |
Advisory Version | 1.0 |
Overview
Microsoft’s November 2024 Patch Tuesday release addresses 89 security vulnerabilities across various products, including critical updates for Windows, Microsoft Edge, SQL Server, and more. Four zero-day vulnerabilities are part of this release, with two actively exploited in the wild. The patch targets a range of critical issues across Microsoft products, categorized as follows:
- 51 Remote Code Execution (RCE) Vulnerabilities
- 28 Elevation of Privilege (EoP) Vulnerabilities
- 4 Denial of Service (DoS) Vulnerabilities
- 2 Security Feature Bypass Vulnerabilities
- 3 Spoofing Vulnerabilities
- 1 Information Disclosure Vulnerabilities
Vulnerability Name | CVE ID | Product Affected | Impact | CVSS Score |
Microsoft Management Console Remote Code Execution Vulnerability (Exploitation detected) | CVE-2024-43572 | Windows Servers and Windows 10&11 | High | 7.8 |
Winlogon Elevation of Privilege Vulnerability | CVE-2024-43583 | Windows systems using Winlogon | High | 7.8 |
Windows Hyper-V Security Feature Bypass Vulnerability | CVE-2024-20659 | Windows Hyper-V | High | 7.1 |
Windows MSHTML Platform Spoofing Vulnerability | CVE-2024-43573 | Windows Servers and Windows 10&11 | Medium | 6.5 |
Technical Summary
CVE ID | System Affected | Vulnerability Details | Impact |
CVE-2024-49039 | Windows Servers and Windows 10&11 | This zero-day allows attackers to escalate privileges within Windows environments. Exploited actively, it is particularly concerning for its ability to grant attackers elevated access. | Elevation of privilege potentially leading to full system control. |
CVE-2024-49019 | Windows Servers | A flaw in Active Directory Certificate Services allows attackers to gain domain administrator privileges by exploiting misconfigured version 1 certificate templates with overly broad enrollment permissions. This can be triggered by an attacker crafting a certificate request that bypasses security controls. | Elevate privileges to domain administrator, compromising the entire Active Directory environment and enabling full network control. |
CVE-2024-49040 | Microsoft Exchange Server 2016 and 2019 | A vulnerability in Microsoft Exchange Server allows attackers to spoof the sender’s email address in emails to local recipients by exploiting improper verification of the P2 FROM header. This flaw can be used to launch email-based phishing and social engineering attacks. | Attackers can impersonate trusted senders, deceiving recipients into trusting malicious emails, potentially leading to data compromise or malware infections. |
CVE-2024-43451 | Windows Servers and Windows 10&11 | A zero-day that exposes NTLMv2 hashes, enabling “pass-the-hash” attacks for unauthorized network access. This is the third NTLM-related zero-day discovered in 2024. | High risk in network environments; attackers may impersonate users and compromise critical systems. |
Additional Critical Patches Address High-Severity Vulnerabilities
- Azure CycleCloud: Remote Code Execution Vulnerability (CVE-2024-43602).
- .NET and Visual Studio: Remote Code Execution vulnerability (CVE-2024-43498).
- Microsoft Windows VMSwitch: Elevation of Privilege vulnerability (CVE-2024-43625).
- Windows Kerberos: Remote Code Execution vulnerability (CVE-2024-43639).
- SQL Server: Multiple updates targeting memory vulnerabilities, each with a CVSS score of 8.8, affecting database security.
Remediation
- Implement a routine patch management process to regularly check for and apply the latest Microsoft security updates and patches for all affected products.
- Regularly audit Active Directory and Exchange Server configurations to close potential security gaps.
- Awareness of download files from the internet & regularly review and monitor your security setup, staying updated on new advisories to secure against emerging threats and vulnerabilities.
- Create and test an incident response plan with defined communication channels and responsibilities to ensure readiness for any security breaches.