Service Notices
Microsoft Releases November 2024 Security Updates
Nov 15, 2024 GMT+08:00
I. Overview
Microsoft has released its November 2024 Security Updates. A total of 89 security vulnerabilities have been disclosed, among which 4 are marked as important vulnerabilities. Attackers can exploit these vulnerabilities to implement remote code execution, privilege escalation, and security feature bypass. Affected applications include Microsoft Windows, Microsoft Office, .NET, and Azure.
For details, visit the Microsoft official website:
https://msrc.microsoft.com/update-guide/releaseNote/2024-Nov
The following vulnerabilities require close scrutiny as their details have been disclosed or they have already been exploited by attackers:
Windows Task Scheduler Elevation of Privilege Vulnerability (CVE-2024-49039): This 0-day vulnerability allows authenticated attackers to execute arbitrary code with elevated privileges by running a specially crafted application on the target system. This vulnerability has been exploited in the wild, and the risk is high.
Windows NTLM Hash Leak Spoofing Vulnerability (CVE-2024-43451): This 0-day vulnerability can be exploited when an attacker persuades a user to open a specially crafted file. Successful exploitation results in the leakage of the user's NTLMv2 hash value, which the attacker can then use to perform user authentication. This vulnerability has been exploited in the wild, and the risk is high.
Microsoft Exchange Server Spoofing Vulnerability (CVE-2024-49040): Attackers can exploit this vulnerability to forge valid senders and distribute malicious emails. The vulnerability has been disclosed, and the risk is high.
Active Directory Certificate Service Elevation of Privilege Vulnerability (CVE-2024-49019): Successful exploitation of this vulnerability will allow an attacker to gain administrator privileges. The vulnerability has been disclosed, and the risk is high.
8 vulnerabilities (such as CVE-2024-43623, CVE-2024-43629, and CVE-2024-43630) are marked as Exploitation More Likely. For details, see the official announcement. Please perform security self-check and security hardening in a timely manner to reduce attack risks.
II. Severity
Severity: important
(Severity: low, moderate, important, and critical)
III. Affected Products
Microsoft Windows, Microsoft Office, .NET, Azure, and other products.
IV. Vulnerability Details
|
CVE ID |
Vulnerability |
Severity |
Vulnerability Description |
|
CVE-2024-43639 |
Windows Kerberos Remote Code Execution Vulnerability |
Important |
This vulnerability can be exploited by unauthenticated attackers using specially crafted applications. Successful exploitation allows remote code execution on the target system. |
|
CVE-2024-43498 |
.NET and Visual Studio Remote Code Execution Vulnerability |
Important |
This vulnerability can be exploited by unauthenticated remote attackers who send specially crafted requests to vulnerable .NET web applications or load specially crafted files into vulnerable desktop applications. Successful exploitation allows remote code execution on the target host. |
|
CVE-2024-49056 |
Airlift.microsoft.com Elevation of Privilege Vulnerability |
Important |
This vulnerability allows remote attackers to bypass identity authentication by manipulating immutable data on airlift.microsoft.com. Successful exploitation can lead to unauthorized access and privilege escalation. |
|
CVE-2024-43625 |
Microsoft Windows VMSwitch Elevation of Privilege Vulnerability |
Important |
An attacker can exploit this vulnerability by sending a series of specially crafted network requests to the VMswitch driver. Successful exploitation allows the attacker to gain system privileges. |
(Note: Vulnerabilities listed above are important ones. For more information, refer to the official website of Microsoft.)
V. Security Recommendations
1. Use Windows Update or download patches from the following address to fix the vulnerabilities:
https://msrc.microsoft.com/update-guide
2. Back up data remotely to protect your data.
Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.