November 2024 Patch Tuesday: 89 Vulnerabilities Addressed Including 4 Zero-Day Exploits

On November 12, 2024, Microsoft rolled out its monthly security updates, addressing an impressive total of 89 vulnerabilities. This marks a significant moment for IT professionals and Windows users, as the updates include four zero-day exploits and four critical flaws that could leave systems open to attack. Let’s break this down and understand the importance of this up-to-date information for your Windows environment.

What Does This Update Cover?​

Breakdown of Vulnerabilities​

The November Patch Tuesday saw Microsoft tackle a mixed bag of vulnerabilities, categorically addressing:

• 59% Remote Code Execution (RCE)
• 30% Elevation of Privileges (EoP)
• A few Denial of Service (DoS), Spoofing, Security Feature Bypass (SFB), and Information Disclosure vulnerabilities.

In comparison, this update is about 25% smaller than last month’s Patch Tuesday, which dealt with 117 vulnerabilities. However, the threat posed by this month's findings should not be underestimated, given the critical ones that are present.

Focus: Zero-Day Vulnerabilities​

Zero-day vulnerabilities are particularly concerning as they are actively being exploited by attackers. For instance, out of the four zero-days addressed, two were already known to be in the wild, making their resolution critical. Here are specific ones to watch out for:

• CVE-2024-43451: A spoofing vulnerability in the New Technology LAN Manager (NTLMv2) protocol could allow attackers to gain access to user hashed passwords. With a CVSS score of 6.5, it's deemed medium in severity, but still poses a real risk.
• CVE-2024-49039: Found in the Windows Task Scheduler, this elevation of privilege vulnerability allows an attacker within a low-privilege AppContainer to elevate their access level. With a CVSS rating of 8.8, this vulnerability is especially dangerous.

Among other noteworthy vulnerabilities includes:

• CVE-2024-49040: A critical spoofing vulnerability in Microsoft Exchange Server that permits attackers to impersonate legitimate senders. This vulnerability received a CVSS score of 7.5, implicating a serious risk in email communications.
• CVE-2024-49019: It concerns elevation of privileges in Active Directory Certificate Services, rated high severity (CVSS 7.8), allowing route access potentially leading to domain administrator takeover.

Critical Vulnerabilities Spotlight​

The November patch also includes four critical vulnerabilities, among which is:

• CVE-2024-43625: This involves a use-after-free vulnerability in Hyper-V that could allow an attacker to gain elevated permissions on a virtual machine.
• CVE-2024-43639: An attack can be initiated by an unauthenticated user exploiting the Windows Kerberos security system, again allowing for remote code execution, posing a severe risk if left unpatched.

High-Risk Categories​

Microsoft defined the vulnerabilities as follows:

• 52 Remote Code Execution
• 26 Elevation of Privileges
• 4 Denial of Service (DoS)
• 3 Spoofing
• 2 Security Feature Bypass
• 1 Information Disclosure

These figures indicate a pressing need for Windows users to ensure their systems are up-to-date with the latest security patches to mitigate potential threats.

How to Apply These Updates​

For those running Windows systems, it’s essential to regularly check for and apply updates. To do so, follow these steps:

• Open Windows Settings: Press Windows + I.
• Go to Update & Security: This option can usually be found at the bottom of the main settings page.
• Check for Updates: Click the "Check for updates" button. Windows will automatically download and install the relevant patches.
• Restart Your Computer: This may be necessary for the updates to take effect.

Final Thoughts​

The November 2024 Patch Tuesday is a stark reminder of the increasingly complex cybersecurity landscape. With four high-severity vulnerabilities and four zero-days, the importance of maintaining a secure Windows environment cannot be overstated. For IT professionals and regular users alike, staying informed and proactive about updates is critical in safeguarding sensitive data and system integrity.
For more insights and discussions, feel free to join the WindowsForum community where questions and experiences are shared! How do you manage your patching process? Have these updates affected your workflows? Let us know in the comments below!

---

Source: Spiceworks November 2024 Patch Tuesday – 89 Microsoft CVEs Addressed - Spiceworks

 

[ChatGPT]

November 2024 has treated Windows users to a veritable feast of security patches, thanks to Microsoft’s latest Patch Tuesday rollout. With a whopping 89 vulnerabilities addressed, this month’s updates are not only extensive but also crucial for maintaining the security integrity of Windows systems, Office applications, and SQL Server.

The Patch Breakdown: What's Critical and What's Important​

Out of the 89 vulnerabilities, four have been classified as critical, raising red flags for system administrators and security teams alike. The majority—84 vulnerabilities—fall under the "important" category, indicating that while they pose significant risks, the threat actors would generally require prior access to the systems they aim to exploit.

Key Vulnerabilities to Prioritize​

• CVE-2024-43451: A significant concern this month is a vulnerability in Internet Explorer, which has been actively targeted in the wild. This flaw allows attackers to exploit a bug in MSHTML, potentially exposing victims' NTLMv2 hashes. Yes, you read that right—Internet Explorer continues to be a vector for modern attacks, illustrating that even retro technology can remain relevant in the worst ways.
• CVE-2024-43639: Possibly one of the most critical vulnerabilities, this one carries a CVSS score of 9.8, enabling remote code execution on Windows Server systems via Kerberos commands. The elevated privileges inherent in Kerberos mean this vulnerability could spread like wildfire across affected systems.
• CVE-2024-49039: Found within Windows Task Scheduler, this flaw allows for elevation of privileges, meriting urgent attention from system administrators.
• CVE-2024-43498: This vulnerability exists within .NET and Visual Studio, permitting remote code execution, which can lead to severe repercussions if not addressed quickly.

The remaining vulnerabilities were detected in Azure, Office, and SQL Server, categorized as less severe primarily because they necessitate user intervention or specific conditions for exploitation.

Exploit Activity and Recommendations​

Five of the vulnerabilities are currently being exploited, a stark reminder of the need for immediate action. Security expert Dustin Childs from the Trend Micro Zero Day Initiative emphasizes the urgency: "As always, Microsoft does not give any indication of how widespread these attacks are, but I would not wait to test and deploy this update." This underlines the importance of a proactive approach rather than a reactive one.
Particular care should be taken with CVE-2024-49043, related to OLE DB Driver updates. Failure to apply both Microsoft’s patches and any required third-party fixes may leave systems vulnerable.

Understanding the Broader Context​

The November Patch Tuesday highlights an ongoing challenge in cybersecurity: the balance between legacy systems and modern threats. For instance, it's alarming to realize that a browser like Internet Explorer, which many thought to be long obsolete in the face of more advanced browsers, can still serve as a pathway for vulnerabilities. As we declutter our digital ecosystems, it's vital to keep an eye on what we leave behind.

Real-World Implications​

In recent years, we've seen increasing sophistication in attacks targeting vulnerabilities. The nature of these vulnerabilities not only impacts individual users but also enterprises that rely heavily on Windows environments. It’s a broader reflection on the necessity of maintaining robust cybersecurity hygiene—regularly scheduled updates, thorough vulnerability assessments, and an educated user base that understands the risks of outdated software.

Best Practices for Users​

Here are some recommended steps for users and administrators to secure their systems post-October update:

• Prioritize Updates: Make it a habit to check for updates regularly—don't wait for reminders.
• Implement a Backup Plan: Ensure that backups are in place before applying patches, as unforeseen issues can arise.
• Conduct Audits: Regularly audit systems for compliance with update practices.
• Educate Users: Promote awareness of potential threats and the importance of security updates among all users.

Conclusion​

Microsoft's November Patch Tuesday has presented a valuable opportunity to improve the security posture of Windows systems. With a heightened sense of urgency stemming from the active exploitation of several vulnerabilities, now is the time to act. By staying informed and vigilant, Windows users can navigate this cybersecurity landscape with confidence. Let’s hope that by the time next month rolls around, we won’t have an equally daunting patch list, but with the ever-evolving threat landscape, it’s always best to err on the side of caution.
Stay tuned to WindowsForum.com for the latest updates and discussions surrounding Windows security and patch management!

---

Source: SC Media November Patch Tuesday brings cornucopia of 89 fixes to Windows

 

[ChatGPT]

Every second Tuesday of the month, a certain sense of dread rises amongst Windows users. This is the day Microsoft releases its cumulative patches, lovingly dubbed "Patch Tuesday." And as of November 2024, this batch is no small potato; a whopping 89 patches affecting 14 product families were issued, with a particular spotlight on Windows components. The metaphorical spigot of software security now flows with fresh fixes, making it crucial for users to stay informed and proactive.

The Scope of the Update​

By the Numbers​

The latest Patch Tuesday event has led to:

• Total CVEs Addressed: 89
• Publicly Disclosed Vulnerabilities: 3
• Exploits Detected: 2

Severity has ranged from critical to moderate, with 3 critical, 85 important, and 3 moderate vulnerabilities. These updates are not just for show; they represent significant threats that could lead to Remote Code Execution (RCE), Denial of Service (DoS), and even Elevation of Privilege (EoP). Here's the breakdown:

• Remote Code Execution (RCE): 52 vulnerabilities
• Elevation of Privilege (EoP): 27 vulnerabilities
• Denial of Service (DoS): 4 vulnerabilities
• Spoofing: 3 vulnerabilities
• Security Feature Bypass: 2 vulnerabilities
• Information Disclosure: 1 vulnerability

Critical Threats to Address​

Two of the vulnerabilities (CVE-2024-49039 and CVE-2024-43451) are already found to be exploited in the wild. The first, a serious EoP vulnerability with a CVSS score of 8.8, poses a grave risk to organizations. The second, rated at 6.5, allows attackers to exploit systems that have been compromised already.
In total, 31 vulnerabilities are related to SQL Server, illustrating the enormous responsibility administrators and businesses have to ensure their SQL instances are secure. Other affected product families include Microsoft 365 Apps, Visual Studio, and even Azure, signalling an expansive risk landscape.

Noteworthy Vulnerabilities and Specific Cases​

Here are a few of the key vulnerabilities users should take particular notice of:

• CVE-2024-5535: An RCE in OpenSSL, with a staggering CVSS base score of 9.1. What's alarming is that this vulnerability can be exploited via email, even if the target user does not take action on a potentially malicious message. This indicates that the threat model has evolved; attackers don’t even need their victims to take the bait!
• CVE-2024-49040: A critical spoofing vulnerability in Microsoft Exchange Server, it has the potential to affect countless enterprises relying on this service for secure communication.
• CVE-2024-43625: A critical EoP vulnerability in Windows VMSwitch, potentially allowing attackers to gain higher privileges on compromised systems.

The Importance of Timely Updates​

Patch Tuesday is like a monthly reminder to check in with your system's health. In light of the escalating threats, especially concerning ransomware and widespread cyberattacks, regular updates have transitioned from "good practice" to "vital necessity."
Users can download these updates manually if the automatic windows update cycle seems sluggish. After running winver.exe to check system builds, visiting the Windows Update Catalog will allow users to find specific cumulative update packages for their architecture and build.

A Broader Context​

As we approach the end of 2024, it’s worth noting that this year has already surpassed last year's total vulnerabilities patched, with 942 in 2024 against 931 in 2023. This spike serves as a wake-up call, reminding us that as cyber threats evolve, so do the efforts needed to combat them.

Security Is a Shared Responsibility​

With this month’s extensive updates, organizations and users alike should be practicing rigorous security hygiene, acting swiftly to implement these patches. As we march further into the digital age, understanding these vulnerabilities—and your role in addressing them—cannot be overstated.
In summary, don’t let November’s heavy patch load bring you down! Stay informed, update your systems, and remain vigilant against potential threats. The safety of your digital realm depends on it!

---

Source: Sophos News November Patch Tuesday loads up everyone’s plate