Microsoft Security Bulletin Coverage for November 2024

By

Overview

Microsoft’s November 2024 Patch Tuesday has 89 vulnerabilities, of which 51 are Remote Code Execution. SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of November2024 and has produced coverage for 6 of the reported vulnerabilities

Vulnerabilities with Detections

CVE CVE Title Signature
CVE-2024-43451 NTLM Hash Disclosure Spoofing Vulnerability ASPY 7021 Malformed-url url.MP_1
CVE-2024-43623 Windows NT OS Kernel Elevation of Privilege Vulnerability ASPY 7018 Exploit-exe exe.MP_417
CVE-2024-43629 Windows DWM Core Library Elevation of Privilege Vulnerability ASPY 7019 Exploit-exe exe.MP_418
CVE-2024-43630 Windows Kernel Elevation of Privilege Vulnerability ASPY 7020 Exploit-exe exe.MP_419
CVE-2024-49019 Active Directory Certificate Services Elevation of Privilege Vulnerability IPS 4339 Microsoft Active Directory Certificate Services EoP (CVE-2024-49019)
CVE-2024-49033 Microsoft Word Security Feature Bypass Vulnerability IPS 4338 Microsoft Word Security Feature Bypass (CVE-2024-49033)

Release Breakdown

The vulnerabilities can be classified into following categories:

For November there are 4 critical, 84 Important and 1 moderate vulnerability.

Microsoft tracks vulnerabilities that are being actively exploited at the time of discovery and those that have been disclosed publicly before the patch Tuesday release for each month. The above chart displays these metrics as seen each month.

Release Detailed Breakdown

Defense in Depth Vulnerabilities

CVE CVE Title
CVE-2024-49049 Visual Studio Code Remote Extension Elevation of Privilege Vulnerability

Denial of Service Vulnerabilities

CVE CVE Title
CVE-2024-38264 Microsoft Virtual Hard Disk (VHDX) Denial of Service Vulnerability
CVE-2024-43499 .NET and Visual Studio Denial of Service Vulnerability
CVE-2024-43633 Windows Hyper-V Denial of Service Vulnerability
CVE-2024-43642 Windows SMB Denial of Service Vulnerability

Elevation of Privilege Vulnerabilities 

CVE CVE Title
CVE-2024-43449 Windows USB Video Class System Driver Elevation of Privilege Vulnerability
CVE-2024-43452 Windows Registry Elevation of Privilege Vulnerability
CVE-2024-43530 Windows Update Stack Elevation of Privilege Vulnerability
CVE-2024-43613 Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability
CVE-2024-43623 Windows NT OS Kernel Elevation of Privilege Vulnerability
CVE-2024-43624 Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability
CVE-2024-43625 Microsoft Windows VMSwitch Elevation of Privilege Vulnerability
CVE-2024-43626 Windows Telephony Service Elevation of Privilege Vulnerability
CVE-2024-43629 Windows DWM Core Library Elevation of Privilege Vulnerability
CVE-2024-43630 Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-43631 Windows Secure Kernel Mode Elevation of Privilege Vulnerability
CVE-2024-43634 Windows USB Video Class System Driver Elevation of Privilege Vulnerability
CVE-2024-43636 Win32k Elevation of Privilege Vulnerability
CVE-2024-43637 Windows USB Video Class System Driver Elevation of Privilege Vulnerability
CVE-2024-43638 Windows USB Video Class System Driver Elevation of Privilege Vulnerability
CVE-2024-43640 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
CVE-2024-43641 Windows Registry Elevation of Privilege Vulnerability
CVE-2024-43643 Windows USB Video Class System Driver Elevation of Privilege Vulnerability
CVE-2024-43644 Windows Client-Side Caching Elevation of Privilege Vulnerability
CVE-2024-43646 Windows Secure Kernel Mode Elevation of Privilege Vulnerability
CVE-2024-49019 Active Directory Certificate Services Elevation of Privilege Vulnerability
CVE-2024-49039 Windows Task Scheduler Elevation of Privilege Vulnerability
CVE-2024-49042 Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability
CVE-2024-49044 Visual Studio Elevation of Privilege Vulnerability
CVE-2024-49046 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
CVE-2024-49051 Microsoft PC Manager Elevation of Privilege Vulnerability
CVE-2024-49056 Airlift.microsoft.com Elevation of Privilege Vulnerability

Information Disclosure Vulnerabilities 

CVE CVE Title
CVE-2024-38203 Windows Package Library Manager Information Disclosure Vulnerability

Remote Code Execution Vulnerabilities 

CVE CVE Title
CVE-2024-38255 SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-43447 Windows SMBv3 Server Remote Code Execution Vulnerability
CVE-2024-43459 SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-43462 SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-43498 .NET and Visual Studio Remote Code Execution Vulnerability
CVE-2024-43598 LightGBM Remote Code Execution Vulnerability
CVE-2024-43602 Azure CycleCloud Remote Code Execution Vulnerability
CVE-2024-43620 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2024-43621 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2024-43622 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2024-43627 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2024-43628 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2024-43635 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2024-43639 Windows Kerberos Remote Code Execution Vulnerability
CVE-2024-48993 SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-48994 SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-48995 SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-48996 SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-48997 SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-48998 SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-48999 SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49000 SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49001 SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49002 SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49003 SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49004 SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49005 SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49006 SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49007 SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49008 SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49009 SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49010 SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49011 SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49012 SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49013 SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49014 SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49015 SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49016 SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49017 SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49018 SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49021 Microsoft SQL Server Remote Code Execution Vulnerability
CVE-2024-49026 Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-49027 Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-49028 Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-49029 Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-49030 Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-49031 Microsoft Office Graphics Remote Code Execution Vulnerability
CVE-2024-49032 Microsoft Office Graphics Remote Code Execution Vulnerability
CVE-2024-49043 Microsoft.SqlServer.XEvent.Configuration.dll Remote Code Execution Vulnerability
CVE-2024-49048 TorchGeo Remote Code Execution Vulnerability
CVE-2024-49050 Visual Studio Code Python Extension Remote Code Execution Vulnerability

Security Feature Bypass Vulnerabilities 

CVE CVE Title
CVE-2024-43645 Windows Defender Application Control (WDAC) Security Feature Bypass Vulnerability
CVE-2024-49033 Microsoft Word Security Feature Bypass Vulnerability

Spoofing Vulnerabilities 

CVE CVE Title
CVE-2024-43450 Windows DNS Spoofing Vulnerability
CVE-2024-43451 NTLM Hash Disclosure Spoofing Vulnerability
CVE-2024-49040 Microsoft Exchange Server Spoofing Vulnerability
Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.