Connect with us

Tech News

Microsoft Released November 2024 Patch Tuesday With ~90 Fixes

Published

4 hours ago

on

Latest Hacking News

This week saw the release of the latest monthly updates from Microsoft. The November 2024 Patch Tuesday brought fixes for approximately 90 security vulnerabilities across various Microsoft products.

Addressing Multiple Zero-Day Vulnerabilities

Microsoft’s November Patch Tuesday included patches for several critical vulnerabilities, some of which were publicly known and actively exploited.

One of the most significant vulnerabilities addressed was CVE-2024-43498, a critical remote code execution flaw affecting .NET and Visual Studio. This flaw could be exploited by an unauthenticated, remote attacker to execute malicious code on a vulnerable system. The vulnerability received a CVSS score of 9.8.

While Microsoft did not classify CVE-2024-43498 as a zero-day, ZDI identified it as such due to a report highlighting a similar issue. However, Microsoft did acknowledge two zero-day vulnerabilities:

  • CVE-2024-43451 (important; CVSS 6.5): A spoofing vulnerability that could expose a user’s NTLMv2 hash, allowing for fraudulent user authentication. Microsoft confirmed active exploitation of this flaw following public disclosure.

  • CVE-2024-49039 (important; CVSS 8.8): A privilege escalation vulnerability in Windows Task Scheduler that was actively exploited before a patch was available.

  • CVE-2024-49019 (important; CVSS 7.8): A privilege escalation flaw in Active Directory Certificate Services that could grant an adversary domain administrator privileges.

Other Updates from Microsoft

In addition to the above, Microsoft also addressed three critical vulnerabilities this month:

  • CVE-2024-49056 (critical; CVSS 7.3): An authentication bypass vulnerability affecting airlift.microsoft.com.

  • CVE-2024-43625 (critical; CVSS 8.1): A privilege escalation issue in the VmSwitch component within Hyper-V.

  • CVE-2024-43639 (critical; CVSS 9.8): A remote code execution flaw in Windows Kerberos.

This month, Microsoft addressed a total of 89 security issues, including 84 important severity vulnerabilities and a moderate-severity privilege escalation flaw.

While Microsoft updates are automatically delivered to eligible devices, users should regularly check for updates to ensure they receive all necessary security fixes.

Share your thoughts in the comments below.

See also  Why responsible AI is a business imperative
Related Topics:
Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Trending