November 2024 Patch Tuesday Fixes 91 Vulnerabilities, Featuring 4 Zero-Day Issues
During Patch Tuesday in November 2024, Microsoft addressed a total of 91 vulnerabilities, which notably included four zero-day flaws. In line with the usual Patch Tuesday procedure, this month’s updates provide vital security patches for various systems, such as Windows, Microsoft Office,. NET, Visual Studio, and SQL Server, among others.
This month’s update encompasses the following categories of vulnerabilities:
- 26 vulnerabilities related to elevation of privilege
- 2 vulnerabilities that allow bypassing security features
- 52 vulnerabilities that enable remote code execution
- 1 vulnerability resulting in information disclosure
- 4 vulnerabilities causing denial of service
- 3 vulnerabilities associated with spoofing
Out of the four zero-day vulnerabilities that have been patched, two had already been exploited in active attacks while the third was disclosed to the public without confirmed exploitation.
CVE-2024-43451 – NTLM Hash Disclosure Spoofing Vulnerability
CVE-2024-49039 – Windows Task Scheduler Elevation of Privilege Vulnerability
CVE-2024-49040 – Microsoft Exchange Server Spoofing Vulnerability
CVE-2024-49019 – Active Directory Certificate Services Elevation of Privilege Vulnerability
Below is a detailed list of all vulnerabilities addressed by Microsoft in the November 2024 Patch Tuesday update.
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| .NET and Visual Studio | CVE-2024-43499 | .NET and Visual Studio Denial of Service Vulnerability | Important |
| .NET and Visual Studio | CVE-2024-43498 | .NET and Visual Studio Remote Code Execution Vulnerability | Critical |
| Airlift.microsoft.com | CVE-2024-49056 | Airlift.microsoft.com Elevation of Privilege Vulnerability | Critical |
| Azure CycleCloud | CVE-2024-43602 | Azure CycleCloud Remote Code Execution Vulnerability | Important |
| LightGBM | CVE-2024-43598 | LightGBM Remote Code Execution Vulnerability | Important |
| Microsoft Defender for Endpoint | CVE-2024-5535 | OpenSSL: CVE-2024-5535 SSL_select_next_proto buffer overread | Important |
| Microsoft Edge (Chromium-based) | CVE-2024-10826 | Chromium: CVE-2024-10826 Use after free in Family Experiences | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2024-10827 | Chromium: CVE-2024-10827 Use after free in Serial | Unknown |
| Microsoft Exchange Server | CVE-2024-49040 | Microsoft Exchange Server Spoofing Vulnerability | Important |
| Microsoft Graphics Component | CVE-2024-49031 | Microsoft Office Graphics Remote Code Execution Vulnerability | Important |
| Microsoft Graphics Component | CVE-2024-49032 | Microsoft Office Graphics Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2024-49029 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2024-49026 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2024-49027 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2024-49028 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2024-49030 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | ADV240001 | Microsoft SharePoint Server Defense in Depth Update | None |
| Microsoft Office Word | CVE-2024-49033 | Microsoft Word Security Feature Bypass Vulnerability | Important |
| Microsoft PC Manager | CVE-2024-49051 | Microsoft PC Manager Elevation of Privilege Vulnerability | Important |
| Microsoft Virtual Hard Drive | CVE-2024-38264 | Microsoft Virtual Hard Disk (VHDX) Denial of Service Vulnerability | Important |
| Microsoft Windows DNS | CVE-2024-43450 | Windows DNS Spoofing Vulnerability | Important |
| Role: Windows Active Directory Certificate Services | CVE-2024-49019 | Active Directory Certificate Services Elevation of Privilege Vulnerability | Important |
| Role: Windows Hyper-V | CVE-2024-43633 | Windows Hyper-V Denial of Service Vulnerability | Important |
| Role: Windows Hyper-V | CVE-2024-43624 | Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability | Important |
| SQL Server | CVE-2024-48998 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-48997 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-48993 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-49001 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-49000 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-48999 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-49043 | Microsoft.SqlServer.XEvent.Configuration.dll Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-43462 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-48995 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-48994 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-38255 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-48996 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-43459 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-49002 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-49013 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-49014 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-49011 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-49012 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-49015 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-49018 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-49021 | Microsoft SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-49016 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-49017 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-49010 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-49005 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-49007 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-49003 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-49004 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-49006 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-49009 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-49008 | SQL Server Native Client Remote Code Execution Vulnerability | Important |
| TorchGeo | CVE-2024-49048 | TorchGeo Remote Code Execution Vulnerability | Important |
| Visual Studio | CVE-2024-49044 | Visual Studio Elevation of Privilege Vulnerability | Important |
| Visual Studio Code | CVE-2024-49050 | Visual Studio Code Python Extension Remote Code Execution Vulnerability | Important |
| Visual Studio Code | CVE-2024-49049 | Visual Studio Code Remote Extension Elevation of Privilege Vulnerability | Moderate |
| Windows CSC Service | CVE-2024-43644 | Windows Client-Side Caching Elevation of Privilege Vulnerability | Important |
| Windows Defender Application Control (WDAC) | CVE-2024-43645 | Windows Defender Application Control (WDAC) Security Feature Bypass Vulnerability | Important |
| Windows DWM Core Library | CVE-2024-43636 | Win32k Elevation of Privilege Vulnerability | Important |
| Windows DWM Core Library | CVE-2024-43629 | Windows DWM Core Library Elevation of Privilege Vulnerability | Important |
| Windows Kerberos | CVE-2024-43639 | Windows Kerberos Remote Code Execution Vulnerability | Critical |
| Windows Kernel | CVE-2024-43630 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows NT OS Kernel | CVE-2024-43623 | Windows NT OS Kernel Elevation of Privilege Vulnerability | Important |
| Windows NTLM | CVE-2024-43451 | NTLM Hash Disclosure Spoofing Vulnerability | Important |
| Windows Package Library Manager | CVE-2024-38203 | Windows Package Library Manager Information Disclosure Vulnerability | Important |
| Windows Registry | CVE-2024-43641 | Windows Registry Elevation of Privilege Vulnerability | Important |
| Windows Registry | CVE-2024-43452 | Windows Registry Elevation of Privilege Vulnerability | Important |
| Windows Secure Kernel Mode | CVE-2024-43631 | Windows Secure Kernel Mode Elevation of Privilege Vulnerability | Important |
| Windows Secure Kernel Mode | CVE-2024-43646 | Windows Secure Kernel Mode Elevation of Privilege Vulnerability | Important |
| Windows Secure Kernel Mode | CVE-2024-43640 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | Important |
| Windows SMB | CVE-2024-43642 | Windows SMB Denial of Service Vulnerability | Important |
| Windows SMBv3 Client/Server | CVE-2024-43447 | Windows SMBv3 Server Remote Code Execution Vulnerability | Important |
| Windows Task Scheduler | CVE-2024-49039 | Windows Task Scheduler Elevation of Privilege Vulnerability | Important |
| Windows Telephony Service | CVE-2024-43628 | Windows Telephony Service Remote Code Execution Vulnerability | Important |
| Windows Telephony Service | CVE-2024-43621 | Windows Telephony Service Remote Code Execution Vulnerability | Important |
| Windows Telephony Service | CVE-2024-43620 | Windows Telephony Service Remote Code Execution Vulnerability | Important |
| Windows Telephony Service | CVE-2024-43627 | Windows Telephony Service Remote Code Execution Vulnerability | Important |
| Windows Telephony Service | CVE-2024-43635 | Windows Telephony Service Remote Code Execution Vulnerability | Important |
| Windows Telephony Service | CVE-2024-43622 | Windows Telephony Service Remote Code Execution Vulnerability | Important |
| Windows Telephony Service | CVE-2024-43626 | Windows Telephony Service Elevation of Privilege Vulnerability | Important |
| Windows Update Stack | CVE-2024-43530 | Windows Update Stack Elevation of Privilege Vulnerability | Important |
| Windows USB Video Driver | CVE-2024-43643 | Windows USB Video Class System Driver Elevation of Privilege Vulnerability | Important |
| Windows USB Video Driver | CVE-2024-43449 | Windows USB Video Class System Driver Elevation of Privilege Vulnerability | Important |
| Windows USB Video Driver | CVE-2024-43637 | Windows USB Video Class System Driver Elevation of Privilege Vulnerability | Important |
| Windows USB Video Driver | CVE-2024-43634 | Windows USB Video Class System Driver Elevation of Privilege Vulnerability | Important |
| Windows USB Video Driver | CVE-2024-43638 | Windows USB Video Class System Driver Elevation of Privilege Vulnerability | Important |
| Windows VMSwitch | CVE-2024-43625 | Microsoft Windows VMSwitch Elevation of Privilege Vulnerability | Critical |
| Windows Win32 Kernel Subsystem | CVE-2024-49046 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | Important |
Additionally, Microsoft resolved an issue in Windows that resulted in blue screen errors on Windows Server 2025 during backup or deduplication processes. A recent update for Microsoft Exchange Server 2025 has also introduced a caution for emails that might exploit the CVE-2024-49040 vulnerability.
Users of Windows 10 and Windows 11 can obtain the latest November 2024 Patch Tuesday updates through Windows Update, Microsoft Update, or by downloading them directly from the Microsoft Update Catalog.
If you have issued any certificates based on a version 1 certificate template where the subject name is set to “Supplied in the request” and enrollment permissions are extended to a wide array of accounts (like domain users or computers), please review them. The built-in Web Server template is one such example, although it is not vulnerable by default because of its limited Enroll permissions.
Microsoft acknowledges the existence of a vulnerability (CVE-2024-49040) that makes it feasible for attackers to carry out spoofing attacks targeting Microsoft Exchange Server. This vulnerability stems from the current method of validation for the P2 FROM header during transmission.
A successful breach via this method could be conducted from a low-privilege AppContainer. This would allow attackers to elevate their permissions and execute code or access resources at a higher integrity level than the AppContainer’s execution environment permits.
This vulnerability can disclose a user’s NTLMv2 hash to attackers, who may then authenticate as that user. A user’s minimal interaction with a harmful file—such as clicking, right-clicking to inspect, or performing actions other than executing—may activate this vulnerability.
Leave a Reply