Skip to main content

Microsoft Monthly Security Update (November 2024)

Release Date: 13 Nov 2024 1487 Views

RISK: Medium Risk

TYPE: Operating Systems - Windows OS

TYPE: Windows OS

Microsoft has released monthly security update for their products:

 

Vulnerable ProductRisk LevelImpactsNotes
AppsMedium Risk Medium RiskElevation of Privilege 
AzureMedium Risk Medium RiskRemote Code Execution
Elevation of Privilege
 
Developer ToolsMedium Risk Medium RiskElevation of Privilege
Remote Code Execution
Denial of Service
 
Extended Security Updates (ESU)Medium Risk Medium RiskElevation of Privilege
Remote Code Execution
Spoofing
Information Disclosure

CVE-2024-43451 is being exploited in the wild. This is a NTLM Hash Disclosure Spoofing Vulnerability. To exploit the vulnerability, user interaction is required. Hence, the risk level is rated to Medium Risk.

MarinerMedium Risk Medium RiskRemote Code Execution 
Microsoft OfficeMedium Risk Medium RiskRemote Code Execution
Security Restriction Bypass
 
Open Source SoftwareMedium Risk Medium RiskRemote Code Execution 
Server SoftwareLow Risk Low RiskSpoofing 
SQL ServerMedium Risk Medium RiskRemote Code Execution 
System CenterMedium Risk Medium RiskRemote Code Execution 
WindowsMedium Risk Medium RiskElevation of Privilege
Remote Code Execution
Security Restriction Bypass
Spoofing
Denial of Service
Information Disclosure

CVE-2024-49039 is being exploited in the wild. This is a Windows Task Scheduler Elevation of Privilege Vulnerability. To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application on the target system exploit the vulnerability to elevate their privileges to a Medium Integrity Level. Hence, the risk level is rated to Medium Risk.

 

CVE-2024-43451 is being exploited in the wild. This is a NTLM Hash Disclosure Spoofing Vulnerability. To exploit the vulnerability, user interaction is required. Hence, the risk level is rated to Medium Risk.

 

Proof of Concept exploit code Is publicly available for CVE-2024-49040 . This is a Microsoft Exchange Server Spoofing Vulnerability. The risk level is rated to Medium Risk.

 

Number of 'Extremely High Risk' product(s): 0

Number of 'High Risk' product(s): 0

Number of 'Medium Risk' product(s): 10

Number of 'Low Risk' product(s): 1

Evaluation of overall 'Risk Level': Medium Risk


Impact

  • Remote Code Execution
  • Elevation of Privilege
  • Denial of Service
  • Spoofing
  • Security Restriction Bypass
  • Information Disclosure

System / Technologies affected

  • Apps
  • Azure
  • Developer Tools
  • Extended Security Updates (ESU)
  • Mariner
  • Microsoft Office
  • Open Source Software
  • Server Software
  • SQL Server
  • System Center
  • Windows

Solutions

Before installation of the software, please visit the vendor web-site for more details.

  •  Apply fixes issued by the vendor.

Vulnerability Identifier


Source


Related Link