Microsoft Monthly Security Update (November 2024)
RISK: Medium Risk
TYPE: Operating Systems - Windows OS
Microsoft has released monthly security update for their products:
Vulnerable Product | Risk Level | Impacts | Notes |
Apps | Medium Risk | Elevation of Privilege | |
Azure | Medium Risk | Remote Code Execution Elevation of Privilege | |
Developer Tools | Medium Risk | Elevation of Privilege Remote Code Execution Denial of Service | |
Extended Security Updates (ESU) | Medium Risk | Elevation of Privilege Remote Code Execution Spoofing Information Disclosure | CVE-2024-43451 is being exploited in the wild. This is a NTLM Hash Disclosure Spoofing Vulnerability. To exploit the vulnerability, user interaction is required. Hence, the risk level is rated to Medium Risk. |
Mariner | Medium Risk | Remote Code Execution | |
Microsoft Office | Medium Risk | Remote Code Execution Security Restriction Bypass | |
Open Source Software | Medium Risk | Remote Code Execution | |
Server Software | Low Risk | Spoofing | |
SQL Server | Medium Risk | Remote Code Execution | |
System Center | Medium Risk | Remote Code Execution | |
Windows | Medium Risk | Elevation of Privilege Remote Code Execution Security Restriction Bypass Spoofing Denial of Service Information Disclosure | CVE-2024-49039 is being exploited in the wild. This is a Windows Task Scheduler Elevation of Privilege Vulnerability. To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application on the target system exploit the vulnerability to elevate their privileges to a Medium Integrity Level. Hence, the risk level is rated to Medium Risk.
CVE-2024-43451 is being exploited in the wild. This is a NTLM Hash Disclosure Spoofing Vulnerability. To exploit the vulnerability, user interaction is required. Hence, the risk level is rated to Medium Risk.
Proof of Concept exploit code Is publicly available for CVE-2024-49040 . This is a Microsoft Exchange Server Spoofing Vulnerability. The risk level is rated to Medium Risk. |
Number of 'Extremely High Risk' product(s): 0
Number of 'High Risk' product(s): 0
Number of 'Medium Risk' product(s): 10
Number of 'Low Risk' product(s): 1
Evaluation of overall 'Risk Level': Medium Risk
Impact
- Remote Code Execution
- Elevation of Privilege
- Denial of Service
- Spoofing
- Security Restriction Bypass
- Information Disclosure
System / Technologies affected
- Apps
- Azure
- Developer Tools
- Extended Security Updates (ESU)
- Mariner
- Microsoft Office
- Open Source Software
- Server Software
- SQL Server
- System Center
- Windows
Solutions
Before installation of the software, please visit the vendor web-site for more details.
- Apply fixes issued by the vendor.
Vulnerability Identifier
Source
Related Link
Related Tags
Share with