Microsoft Addresses Critical Zero-Day Vulnerabilities in November Patch Tuesday
Microsoft’s November 2024 Patch Tuesday addresses 92 vulnerabilities, including four critical and 83 deemed “important.” Notably, this release includes patches for four zero-day vulnerabilities actively exploited in the wild, underscoring the critical need for immediate action from organizations and users. Noteworthy fixes cover vulnerabilities in prominent Microsoft services, including Azure Active Directory, Windows Kerberos, .NET and Visual Studio, SQL Server, and Hyper-V. This edition also features a Defense in Depth (DiD) update for Microsoft SharePoint Server, enhancing protections beyond basic vulnerability patching.
Zero-Day Vulnerabilities Require Immediate Attention
Among the addressed vulnerabilities, four stand out due to their active exploitation:
- CVE-2024-43451 (NTLM Hash Disclosure Spoofing Vulnerability): This vulnerability enables attackers to potentially disclose a user’s NTLMv2 hash, facilitating unauthorized authentication. The Cybersecurity and Infrastructure Security Agency (CISA) has added this to its Known Exploited Vulnerabilities Catalog, mandating federal agencies to patch by December 3, 2024.
- CVE-2024-49040 (Microsoft Exchange Server Spoofing Vulnerability): While details remain limited, any vulnerability affecting Exchange Server, a cornerstone of enterprise communication, warrants immediate attention.
- CVE-2024-49019 (Active Directory Certificate Services Elevation of Privilege Vulnerability): Exploitation of this vulnerability could grant attackers domain administrator privileges, posing a severe security risk.
- CVE-2024-49039 (Windows Task Scheduler Elevation of Privilege Vulnerability): This vulnerability allows attackers to execute privileged RPC functions, potentially leading to unauthorized system access. CISA has also included this in its Known Exploited Vulnerabilities Catalog with the same patching deadline as CVE-2024-43451.
Critical Vulnerabilities Addressed
In addition to the zero-days, Microsoft patched four critical vulnerabilities:
- CVE-2024-43625 (Microsoft Windows VMSwitch Elevation of Privilege Vulnerability): Successful exploitation could grant attackers SYSTEM privileges.
- CVE-2024-43639 (Windows Kerberos Remote Code Execution Vulnerability): This vulnerability allows unauthenticated attackers to execute code remotely, compromising system integrity.
- CVE-2024-49056 (Airlift.microsoft.com Elevation of Privilege Vulnerability): This vulnerability allows attackers to elevate privileges on the airlift.microsoft.com platform.
- CVE-2024-43498 (.NET and Visual Studio Remote Code Execution Vulnerability): Attackers can exploit this vulnerability to execute code remotely on vulnerable .NET web applications or desktop applications.
Further Patching Highlights
The November Patch Tuesday also includes fixes for vulnerabilities in various components, including:
- Windows Kernel: Multiple vulnerabilities addressed, including elevation of privilege (CVE-2024-43630) and denial-of-service (CVE-2024-43642) flaws.
- Windows NT OS Kernel: Elevation of privilege vulnerability (CVE-2024-43623) patched.
- Win32k: Elevation of privilege vulnerability (CVE-2024-43636) addressed.
- Microsoft Word: Security feature bypass vulnerability (CVE-2024-49033) mitigated.
Recommendations
Organizations and individuals are strongly advised to prioritize patching these vulnerabilities to mitigate potential risks. Given the severity and active exploitation of certain vulnerabilities, immediate action is crucial to maintain system security and integrity.
