Microsoft Security Updates: November 2024 – Hold Onto Your Hats!
Gather ’round, tech enthusiasts and cyber warriors! Today’s VERT Alert takes on the thrilling world of Microsoft’s November 2024 Security Updates. Just when you thought you could relax, here comes a parade of vulnerabilities ready to crash your digital party. But fret not! Our heroes at VERT are on the case, diligently crafting coverage to zip out ASPL-1132 faster than you can say “Windows Update.”
The Wild West of Vulnerabilities
First up on the vulnerability hit list — and no, this isn’t an episode of “Wipeout” — is CVE-2024-43451. This nasty bug allows NTLMv2 hash disclosure, and let me tell you, it’s been both publicly disclosed and actively exploited. Apparently, all it takes is a user left or right-clicking on a malicious file. You know what that means? Most of us could be accidentally caught in the snare before our morning coffee! According to Microsoft, they’ve reported this as Exploitation Detected. I mean, if you had a penny for every time someone clicked on something without thinking… well, you’d have a lot of pennies, my friend.
Next up: CVE-2024-49039 and CVE-2024-49040. These twinned vulnerabilities in Microsoft Exchange Server bring a delightful round of email spoofing nightmares to the table. Imagine the horror of receiving an email from your boss, only to discover it’s actually your coworker impersonating them! After installing the Exchange update, users will get a new disclaimer, because nothing says “trust me” quite like a legal footnote pasted onto your email.
And before you think you can breathe easy, let’s talk about CVE-2024-49019. This gem festers in Active Directory Certificate Services, granting a nefarious soul domain admin privileges. It’s like giving the keys to your castle to someone who just showed up with a “Hello, my name is…” sticker. Microsoft marked this one as Exploitation More Likely. Remember folks, keep those PKI environments tighter than your grandma’s hugs!
A Color-Coded Charade: CVE Breakdown!
Yes, my dear readers! Gone are the days of vague bulletins. We now have a colour-coded CVE breakdown. It’s practically a Rainbow Brite explosion in the world of cybersecurity! While historical Microsoft Security Bulletin groupings have sung their swan song, folks can now revel in a nifty tagging system that makes spotting vulnerabilities as easy as pie—and we all know pie is delicious!
- Traditional Software
- Mobile Software
- Cloud or Cloud Adjacent
- Vulnerabilities that are being exploited or disclosed will be highlighted
| Tag | CVE Count | CVEs |
|---|---|---|
| Windows Update Stack | 1 | CVE-2024-43530 |
| .NET and Visual Studio | 2 | CVE-2024-43499, CVE-2024-43498 |
| Azure CycleCloud | 1 | CVE-2024-43602 |
| Windows Telephony Service | 7 | CVE-2024-43626, CVE-2024-43627, CVE-2024-43628, CVE-2024-43620, CVE-2024-43621, CVE-2024-43622, CVE-2024-43635 |
| SQL Server | 31 | CVE-2024-38255, CVE-2024-43459, CVE-2024-43462… |
| Microsoft Office Excel | 5 | CVE-2024-49026, CVE-2024-49027, CVE-2024-49028… |
Conclusion: Keeping Your Digital Defence Strong!
So, let’s wrap this up, shall we? Microsoft’s November updates serve as yet another reminder that the digital landscape is akin to a bustling bazaar—full of deals, but also rife with risks. Don’t let yourself be the last to know; keep your systems updated, patch like your life (or job) depends on it, and remember to click wisely! For more on honing your security skills, check out the new advisory included in this month’s Security Guidance: Microsoft SharePoint Server Defense in Depth Update [ADV240001]. Trust me, your future self will thank you!
Today’s VERT Alert focuses on the critical implications of Microsoft’s November 2024 Security Updates. The VERT team is diligently engaged in developing coverage for these vulnerabilities and anticipates the release of ASPL-1132 promptly upon completion of this coverage.
In-The-Wild & Disclosed CVEs
This serious vulnerability facilitates NTLMv2 hash disclosure, significantly jeopardizing user security. It has been both publicly disclosed and is currently under active exploitation. Microsoft warns that only a simple interaction—such as a user clicking on a malicious file—can trigger this exploit. They have classified this vulnerability with the alarming designation of Exploitation Detected.
This vulnerability found in Microsoft Exchange Server exposes users to email spoofing risks. It allows non-compliant P2 FROM headers to bypass security checks and reach the email client. After users have installed the latest Exchange update, any incoming messages will now prepend a new disclaimer and include an additional header. Microsoft encourages users to adopt recommended security measures, which include rejecting suspicious emails when these headers are identified. Additionally, functionality to disable this risk can be managed by users. Microsoft has categorized this vulnerability as Exploitation More Likely.
The vulnerability affecting Active Directory Certificate Services enables attackers to potentially secure domain administrator privileges. Microsoft details that systems may be vulnerable if they exhibit the following characteristics:
- A published certificate configured with the version 1 certificate template.
- The Source of subject name designation is set to “Supplied in the request.”
- Enrollment permissions granted broadly across accounts,
Microsoft has flagged this high-risk vulnerability as Exploitation More Likely.
CVE Breakdown by Tag
Historical groupings found in Microsoft Security Bulletins have been replaced with a more efficient tagging system for vulnerabilities. The current categorization for CVEs allows a clear, detailed breakdown by tag, and to assist users in prioritizing their focus, vulnerabilities are also color-coded to highlight critical issues.
- Traditional Software
- Mobile Software
- Cloud or Cloud Adjacent
- Exploited or disclosed vulnerabilities will be highlighted
| Tag | CVE Count | CVEs |
| Windows Update Stack | 1 | CVE-2024-43530 |
| .NET and Visual Studio | 2 | CVE-2024-43499, CVE-2024-43498 |
| Azure CycleCloud | 1 | CVE-2024-43602 |
| Windows NT OS Kernel | 1 | CVE-2024-43623 |
| Windows VMSwitch | 1 | CVE-2024-43625 |
| Windows Telephony Service | 7 | CVE-2024-43626, CVE-2024-43627, CVE-2024-43628, CVE-2024-43620, CVE-2024-43621, CVE-2024-43622, CVE-2024-43635 |
| Windows Kernel | 1 | CVE-2024-43630 |
| Windows Secure Kernel Mode | 3 | CVE-2024-43631, CVE-2024-43646, CVE-2024-43640 |
| Windows USB Video Driver | 5 | CVE-2024-43634, CVE-2024-43637, CVE-2024-43638, CVE-2024-43643, CVE-2024-43449 |
| Windows CSC Service | 1 | CVE-2024-43644 |
| Windows Defender Application Control (WDAC) | 1 | CVE-2024-43645 |
| Windows SMBv3 Client/Server | 1 | CVE-2024-43447 |
| Microsoft Windows DNS | 1 | CVE-2024-43450 |
| Windows NTLM | 1 | CVE-2024-43451 |
| Windows Registry | 2 | CVE-2024-43452, CVE-2024-43641 |
| SQL Server | 31 | CVE-2024-38255, CVE-2024-43459, CVE-2024-43462, CVE-2024-48994, CVE-2024-48995, CVE-2024-48996, CVE-2024-49043, CVE-2024-48993, CVE-2024-48997, CVE-2024-48998, CVE-2024-48999, CVE-2024-49000, CVE-2024-49001, CVE-2024-49002, CVE-2024-49003, CVE-2024-49004, CVE-2024-49005, CVE-2024-49007, CVE-2024-49006, CVE-2024-49008, CVE-2024-49009, CVE-2024-49010, CVE-2024-49011, CVE-2024-49012, CVE-2024-49013, CVE-2024-49014, CVE-2024-49015, CVE-2024-49016, CVE-2024-49017, CVE-2024-49018, CVE-2024-49021 |
| Microsoft Virtual Hard Drive | 1 | CVE-2024-38264 |
| Microsoft Defender for Endpoint | 1 | CVE-2024-5535 |
| Microsoft Exchange Server | 1 | CVE-2024-49040 |
| Visual Studio | 1 | CVE-2024-49044 |
| Windows Win32 Kernel Subsystem | 1 | CVE-2024-49046 |
| Visual Studio Code | 2 | CVE-2024-49049, CVE-2024-49050 |
| Airlift.microsoft.com | 1 | CVE-2024-49056 |
| LightGBM | 1 | CVE-2024-43598 |
| Role: Windows Hyper-V | 2 | CVE-2024-43624, CVE-2024-43633 |
| Windows DWM Core Library | 2 | CVE-2024-43629, CVE-2024-43636 |
| Windows Kerberos | 1 | CVE-2024-43639 |
| Windows SMB | 1 | CVE-2024-43642 |
| Windows Package Library Manager | 1 | CVE-2024-38203 |
| Role: Windows Active Directory Certificate Services | 1 | CVE-2024-49019 |
| Microsoft Office Excel | 5 | CVE-2024-49026, CVE-2024-49027, CVE-2024-49028, CVE-2024-49029, CVE-2024-49030 |
| Microsoft Graphics Component | 2 | CVE-2024-49031, CVE-2024-49032 |
| Microsoft Office Word | 1 | CVE-2024-49033 |
| Windows Task Scheduler | 1 | CVE-2024-49039 |
| TorchGeo | 1 | CVE-2024-49048 |
| Microsoft PC Manager | 1 | CVE-2024-49051 |
| Microsoft Edge (Chromium-based) | 2 | CVE-2024-10826, CVE-2024-10827 |
Other Information
At the time of this publication, a new advisory has been included within the November Security Guidance, enhancing security measures and user protection strategies.
Microsoft SharePoint Server Defense in Depth Update [ADV240001]
104″>1
For all users and systems, it is crucial to regularly update software and apply security patches to mitigate these vulnerabilities. Monitoring for suspicious activity and employing recommended security configurations can also significantly reduce exposure to these potential exploits.