Security Update Review for November 2024's Patch Tuesday releases by Microsoft and Adobe
In a significant security update, Microsoft has released its Patch Tuesday for November 2024, addressing a total of 92 vulnerabilities. Among these, four were zero-day vulnerabilities, two of which (CVE-2024-49039 and CVE-2024-43451) are known to be actively exploited in the wild.
The zero-day vulnerability CVE-2024-43451, identified as "Berserk Bear," is an NTLM Hash Disclosure Spoofing Vulnerability. Upon successful exploitation, this vulnerability may disclose a user's NTLMv2 hash to the attacker. On the other hand, CVE-2024-49039 is a Windows Task Scheduler Elevation of Privilege Vulnerability. If exploited, it may allow an authenticated attacker to execute RPC functions restricted to privileged accounts only.
Several other vulnerabilities addressed in the updates include:
- CVE-2024-43629: An elevation of privilege vulnerability in the Windows DWM Core Library, allowing an attacker to gain SYSTEM privileges upon successful exploitation.
- CVE-2024-43636: An elevation of privilege vulnerability in Win32k, allowing an attacker to gain SYSTEM privileges.
- CVE-2024-43623: An elevation of privilege vulnerability in the Windows NT OS Kernel, allowing an attacker who successfully exploits this vulnerability to gain SYSTEM privileges.
- CVE-2024-43630: An elevation of privilege vulnerability in the Windows Kernel, allowing an attacker who successfully exploits this vulnerability to gain SYSTEM privileges.
- CVE-2024-43498: A remote code execution vulnerability in .NET and Visual Studio, which can be exploited by an unauthenticated attacker by sending specially crafted requests to a vulnerable web application or loading a specially crafted file into a desktop application.
- CVE-2024-49056: An Airlift.microsoft.com Elevation of Privilege Vulnerability, but no further details were provided.
- CVE-2024-49033: A security feature bypass vulnerability in Microsoft Word, allowing an attacker to bypass specific functionality of the Office Protected View upon successful exploitation.
- CVE-2024-43625: A Microsoft Windows VMSwitch Elevation of Privilege Vulnerability, which, upon successful exploitation, may grant SYSTEM privileges to an attacker.
- CVE-2024-43642: A denial-of-service vulnerability in Windows SMB, allowing an attacker to create a denial-of-service attack.
The updates also included patches for vulnerabilities in Windows Hyper-V, SQL Server, Windows Kerberos, Windows Kernel, Windows NT OS Kernel, and more.
This month's Microsoft release notes cover multiple product families and products, including Airlift.microsoft.com, Microsoft Edge (Chromium-based), and Microsoft Defender for Endpoint.
In addition to Microsoft's updates, Adobe has also released eight security advisories to address 48 vulnerabilities in various Adobe products, with 28 vulnerabilities given critical severity ratings.
Qualys VMDR automatically detects new Patch Tuesday vulnerabilities using continuous updates to its Knowledgebase (KB). In cases where a remediation (fix/patch) cannot be done immediately, Qualys Policy Compliance's Out-of-the-Box Mitigation or Compensatory Controls can help reduce the risk of a vulnerability being exploited. However, these security controls are not recommended by any industry standards such as CIS, DISA-STIG.
Users are strongly urged to apply these updates as soon as possible to protect their systems from potential threats.
Read also:
- Industrial robots in China are being installed at a faster rate than in both the United States and the European Union, as the global market for these robots faces a downturn.
- EAFO Research Uncovers Crucial Elements in Electric Vehicle Adoption within the EU
- Excess Solar Energy in the Grid: Challenges for Photovoltaic System Owners
- Ramping Up: America's Electric Vehicle Sector's Swift Expansion
