Microsoft rolled out its monthly security updates as part of the Microsoft November 2024 Patch Tuesday cycle. The company addressed a total of 91 vulnerabilities, with four of them being classified as zero-day vulnerabilities that were actively exploited in the wild.
This release, which includes patches for a variety of critical flaws, offers essential protection for users across different Microsoft platforms, including Windows, Microsoft Exchange Server, and Azure.
Key Highlights from the Microsoft November 2024 Patch Tuesday
This month’s Microsoft Patch Tuesday updates cover a broad range of security vulnerabilities. Of the 91 flaws addressed, four are zero-day vulnerabilities, with two being actively exploited. The severity of these vulnerabilities ranges from critical to moderate, with the majority falling into the remote code execution (RCE) and elevation of privilege (EoP) categories.
The Microsoft November 2024 Patch Tuesday update addresses a range of vulnerabilities, with a particular focus on four zero-day flaws. Two of these zero-day vulnerabilities were actively being exploited in the wild, highlighting the urgency of applying the patches immediately.
These vulnerabilities, if left unpatched, could allow attackers to gain unauthorized access or cause significant disruption, making it crucial for users and organizations to act quickly to protect their systems.
In addition to the zero-day flaws, the update also fixes four critical vulnerabilities. These critical flaws pose significant risks, including the potential for attackers to execute arbitrary code or gain unauthorized access to systems. Exploitation of these vulnerabilities could lead to severe security breaches, allowing attackers to compromise sensitive information or take control of vulnerable systems.
The Microsoft November 2024 Patch Tuesday also addresses a variety of other vulnerabilities across different categories. Among these are issues related to elevation of privilege, spoofing, and denial of service (DoS).
Elevation of privilege vulnerabilities could allow attackers to escalate their user privileges, granting them access to restricted resources. Spoofing vulnerabilities could be exploited to impersonate legitimate users or services, potentially leading to phishing attacks or unauthorized access.
Meanwhile, the denial-of-service vulnerabilities could disrupt services, causing them to become unavailable or unresponsive. These diverse vulnerabilities further emphasize the importance of keeping systems up to date with the latest security patches.
Zero-Day Vulnerabilities Actively Exploited
Among the most urgent fixes in the Microsoft November 2024 Patch Tuesday release are the four zero-day vulnerabilities. These flaws have been discovered to be actively exploited, meaning that they pose an immediate risk to users and businesses.
- CVE-2024-43451: A spoofing vulnerability in the New Technology LAN Manager v2 (NTLMv2) protocol, this flaw could allow an attacker to view a user’s hashed password, which could then be exploited to gain unauthorized access to systems. Although it is rated medium in severity, its potential for abuse means it should be addressed quickly.
- CVE-2024-49039: This is an elevation of privilege vulnerability found in Windows Task Scheduler. It allows attackers to escalate their privileges from low to high, potentially giving them access to restricted resources. This flaw is considered high in severity, with a CVSS score of 8.8.
- CVE-2024-49040: A spoofing vulnerability in Microsoft Exchange Server, this flaw could allow an attacker to forge email headers and send messages that appear to come from a legitimate source. This vulnerability is critical for Exchange Server users, as it can enable phishing or other malicious activity.
- CVE-2024-49019: Found in Active Directory Certificate Services (AD CS), this flaw could allow an attacker to obtain domain administrator privileges due to weak authentication in certain configurations. It ranks high in severity, with a CVSS score of 7.8.
These four vulnerabilities highlight the ongoing risk posed by zero-day flaws and underscore the importance of keeping systems up to date with the latest Microsoft security updates.
Critical Vulnerabilities in the November 2024 Update
In addition to the zero-day flaws, Microsoft November 2024 Patch Tuesday also addressed several critical vulnerabilities across different Microsoft services and platforms. Among these critical vulnerabilities are:
- CVE-2024-43498: A type confusion vulnerability in .NET that could allow remote code execution on vulnerable web and desktop applications.
- CVE-2024-43625: A “use after free” vulnerability in Hyper-V, which could allow an attacker to gain host privileges from a guest virtual machine.
- CVE-2024-43639: A flaw in Windows Kerberos that could allow unauthenticated attackers to execute remote code on a targeted machine.
- CVE-2024-49056: A privilege escalation flaw in Microsoft’s Airlift component, which could be exploited by unauthorized users to bypass authentication controls.
These critical vulnerabilities are considered to be highly exploitable and require immediate attention to ensure that systems remain secure.
Breakdown of Vulnerabilities by Type
In terms of categorization, the Microsoft November 2024 Patch Tuesday update covers several different types of vulnerabilities. The most prevalent flaws in this month’s release are in the following categories:
- Remote Code Execution (RCE): 52 vulnerabilities fall under this category, representing 58.6% of the total patched flaws. RCE vulnerabilities allow attackers to execute arbitrary code remotely, often leading to full system compromise.
- Elevation of Privilege (EoP): With 26 vulnerabilities, EoP flaws make up 29.9% of the total. These vulnerabilities can allow attackers to escalate their privileges on a compromised system, granting them access to restricted resources.
- Denial of Service (DoS): Four DoS vulnerabilities were addressed, which can cause systems or services to become unavailable.
- Spoofing: Three spoofing vulnerabilities were patched, which could allow attackers to impersonate legitimate users or services.
- Security Feature Bypass (SFB): Two vulnerabilities in this category were fixed, which could allow attackers to bypass security features.
- information disclosure: One vulnerability was patched that could potentially lead to unauthorized information disclosure.
Commentary from Security Experts
Security professionals are urging organizations to act quickly and deploy the Microsoft security update to patch these vulnerabilities, particularly the zero-days. Satnam Narang, Sr. Staff Research Engineer at Tenable, emphasized the potential risks associated with flaws like CVE-2024-43451, which exposes NTLMv2 hashes and can be exploited using pass-the-hash techniques.
“While we don’t have insight into the in-the-wild exploitation of CVE-2024-43451 at this time, one thing is certain: attackers continue to be adamant about discovering and exploiting zero-day vulnerabilities that can disclose NTLMv2 hashes, as they can be used to authenticate to systems and potentially move laterally within a network to access other systems”, denoted Narang.
He also noted that the CVE-2024-49039 vulnerability in Windows Task Scheduler could be part of a more targeted attack, often associated with advanced persistent threats (APTs) or nation-state actors. As such, organizations should prioritize these vulnerabilities to mitigate the risk of targeted exploits.
Related