Microsoft Monthly Security Update (November 2024)

Release Date: 13 Nov 2024 3126 Views

RISK: Medium Risk

Medium Risk

TYPE: Operating Systems - Windows OS

TYPE: Windows OS

Microsoft has released monthly security update for their products:

 

Vulnerable ProductRisk LevelImpactsNotes
AppsMedium Risk Medium RiskElevation of Privilege 
AzureMedium Risk Medium RiskRemote Code Execution
Elevation of Privilege		 
Developer ToolsMedium Risk Medium RiskElevation of Privilege
Remote Code Execution
Denial of Service		 
Extended Security Updates (ESU)Medium Risk Medium RiskElevation of Privilege
Remote Code Execution
Spoofing
Information Disclosure

CVE-2024-43451 is being exploited in the wild. This is a NTLM Hash Disclosure Spoofing Vulnerability. To exploit the vulnerability, user interaction is required. Hence, the risk level is rated to Medium Risk.

MarinerMedium Risk Medium RiskRemote Code Execution 
Microsoft OfficeMedium Risk Medium RiskRemote Code Execution
Security Restriction Bypass		 
Open Source SoftwareMedium Risk Medium RiskRemote Code Execution 
Server SoftwareLow Risk Low RiskSpoofing 
SQL ServerMedium Risk Medium RiskRemote Code Execution 
System CenterMedium Risk Medium RiskRemote Code Execution 
WindowsMedium Risk Medium RiskElevation of Privilege
Remote Code Execution
Security Restriction Bypass
Spoofing
Denial of Service
Information Disclosure

CVE-2024-49039 is being exploited in the wild. This is a Windows Task Scheduler Elevation of Privilege Vulnerability. To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application on the target system exploit the vulnerability to elevate their privileges to a Medium Integrity Level. Hence, the risk level is rated to Medium Risk.

 

CVE-2024-43451 is being exploited in the wild. This is a NTLM Hash Disclosure Spoofing Vulnerability. To exploit the vulnerability, user interaction is required. Hence, the risk level is rated to Medium Risk.

 

Proof of Concept exploit code Is publicly available for CVE-2024-49040 . This is a Microsoft Exchange Server Spoofing Vulnerability. The risk level is rated to Medium Risk.

 

Number of 'Extremely High Risk' product(s): 0

Number of 'High Risk' product(s): 0

Number of 'Medium Risk' product(s): 10

Number of 'Low Risk' product(s): 1

Evaluation of overall 'Risk Level': Medium Risk

Impact

  • Remote Code Execution
  • Elevation of Privilege
  • Denial of Service
  • Spoofing
  • Security Restriction Bypass
  • Information Disclosure

System / Technologies affected

  • Apps
  • Azure
  • Developer Tools
  • Extended Security Updates (ESU)
  • Mariner
  • Microsoft Office
  • Open Source Software
  • Server Software
  • SQL Server
  • System Center
  • Windows

Solutions

Before installation of the software, please visit the vendor web-site for more details.

  •  Apply fixes issued by the vendor.

Vulnerability Identifier

Source

Related Link

Related Tags

MicrosoftRemote Code ExecutionDenial of ServiceElevation of PrivilegeInformation DisclosureSecurity Restriction BypassSpoofingProof of ConceptExploit In The Wild

Share with

Previous

Zoom Products Multiple Vulnerabilities

13 Nov 2024 2524 Views

Next

Google Chrome Multiple Vulnerabilities

13 Nov 2024 2537 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY