Microsoft Security Bulletin Coverage for November 2024
Overview
Microsoft’s November 2024 Patch Tuesday has 89 vulnerabilities, of which 51 are Remote Code Execution. SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of November2024 and has produced coverage for 6 of the reported vulnerabilities
Vulnerabilities with Detections
CVE | CVE Title | Signature |
CVE-2024-43451 | NTLM Hash Disclosure Spoofing Vulnerability | ASPY 7021 Malformed-url url.MP_1 |
CVE-2024-43623 | Windows NT OS Kernel Elevation of Privilege Vulnerability | ASPY 7018 Exploit-exe exe.MP_417 |
CVE-2024-43629 | Windows DWM Core Library Elevation of Privilege Vulnerability | ASPY 7019 Exploit-exe exe.MP_418 |
CVE-2024-43630 | Windows Kernel Elevation of Privilege Vulnerability | ASPY 7020 Exploit-exe exe.MP_419 |
CVE-2024-49019 | Active Directory Certificate Services Elevation of Privilege Vulnerability | IPS 4339 Microsoft Active Directory Certificate Services EoP (CVE-2024-49019) |
CVE-2024-49033 | Microsoft Word Security Feature Bypass Vulnerability | IPS 4338 Microsoft Word Security Feature Bypass (CVE-2024-49033) |
Release Breakdown
The vulnerabilities can be classified into following categories:
For November there are 4 critical, 84 Important and 1 moderate vulnerability.
Microsoft tracks vulnerabilities that are being actively exploited at the time of discovery and those that have been disclosed publicly before the patch Tuesday release for each month. The above chart displays these metrics as seen each month.
Release Detailed Breakdown
Defense in Depth Vulnerabilities
CVE | CVE Title |
CVE-2024-49049 | Visual Studio Code Remote Extension Elevation of Privilege Vulnerability |
Denial of Service Vulnerabilities
CVE | CVE Title |
CVE-2024-38264 | Microsoft Virtual Hard Disk (VHDX) Denial of Service Vulnerability |
CVE-2024-43499 | .NET and Visual Studio Denial of Service Vulnerability |
CVE-2024-43633 | Windows Hyper-V Denial of Service Vulnerability |
CVE-2024-43642 | Windows SMB Denial of Service Vulnerability |
Elevation of Privilege Vulnerabilities
CVE | CVE Title |
CVE-2024-43449 | Windows USB Video Class System Driver Elevation of Privilege Vulnerability |
CVE-2024-43452 | Windows Registry Elevation of Privilege Vulnerability |
CVE-2024-43530 | Windows Update Stack Elevation of Privilege Vulnerability |
CVE-2024-43613 | Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability |
CVE-2024-43623 | Windows NT OS Kernel Elevation of Privilege Vulnerability |
CVE-2024-43624 | Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability |
CVE-2024-43625 | Microsoft Windows VMSwitch Elevation of Privilege Vulnerability |
CVE-2024-43626 | Windows Telephony Service Elevation of Privilege Vulnerability |
CVE-2024-43629 | Windows DWM Core Library Elevation of Privilege Vulnerability |
CVE-2024-43630 | Windows Kernel Elevation of Privilege Vulnerability |
CVE-2024-43631 | Windows Secure Kernel Mode Elevation of Privilege Vulnerability |
CVE-2024-43634 | Windows USB Video Class System Driver Elevation of Privilege Vulnerability |
CVE-2024-43636 | Win32k Elevation of Privilege Vulnerability |
CVE-2024-43637 | Windows USB Video Class System Driver Elevation of Privilege Vulnerability |
CVE-2024-43638 | Windows USB Video Class System Driver Elevation of Privilege Vulnerability |
CVE-2024-43640 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability |
CVE-2024-43641 | Windows Registry Elevation of Privilege Vulnerability |
CVE-2024-43643 | Windows USB Video Class System Driver Elevation of Privilege Vulnerability |
CVE-2024-43644 | Windows Client-Side Caching Elevation of Privilege Vulnerability |
CVE-2024-43646 | Windows Secure Kernel Mode Elevation of Privilege Vulnerability |
CVE-2024-49019 | Active Directory Certificate Services Elevation of Privilege Vulnerability |
CVE-2024-49039 | Windows Task Scheduler Elevation of Privilege Vulnerability |
CVE-2024-49042 | Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability |
CVE-2024-49044 | Visual Studio Elevation of Privilege Vulnerability |
CVE-2024-49046 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability |
CVE-2024-49051 | Microsoft PC Manager Elevation of Privilege Vulnerability |
CVE-2024-49056 | Airlift.microsoft.com Elevation of Privilege Vulnerability |
Information Disclosure Vulnerabilities
CVE | CVE Title |
CVE-2024-38203 | Windows Package Library Manager Information Disclosure Vulnerability |
Remote Code Execution Vulnerabilities
CVE | CVE Title |
CVE-2024-38255 | SQL Server Native Client Remote Code Execution Vulnerability |
CVE-2024-43447 | Windows SMBv3 Server Remote Code Execution Vulnerability |
CVE-2024-43459 | SQL Server Native Client Remote Code Execution Vulnerability |
CVE-2024-43462 | SQL Server Native Client Remote Code Execution Vulnerability |
CVE-2024-43498 | .NET and Visual Studio Remote Code Execution Vulnerability |
CVE-2024-43598 | LightGBM Remote Code Execution Vulnerability |
CVE-2024-43602 | Azure CycleCloud Remote Code Execution Vulnerability |
CVE-2024-43620 | Windows Telephony Service Remote Code Execution Vulnerability |
CVE-2024-43621 | Windows Telephony Service Remote Code Execution Vulnerability |
CVE-2024-43622 | Windows Telephony Service Remote Code Execution Vulnerability |
CVE-2024-43627 | Windows Telephony Service Remote Code Execution Vulnerability |
CVE-2024-43628 | Windows Telephony Service Remote Code Execution Vulnerability |
CVE-2024-43635 | Windows Telephony Service Remote Code Execution Vulnerability |
CVE-2024-43639 | Windows Kerberos Remote Code Execution Vulnerability |
CVE-2024-48993 | SQL Server Native Client Remote Code Execution Vulnerability |
CVE-2024-48994 | SQL Server Native Client Remote Code Execution Vulnerability |
CVE-2024-48995 | SQL Server Native Client Remote Code Execution Vulnerability |
CVE-2024-48996 | SQL Server Native Client Remote Code Execution Vulnerability |
CVE-2024-48997 | SQL Server Native Client Remote Code Execution Vulnerability |
CVE-2024-48998 | SQL Server Native Client Remote Code Execution Vulnerability |
CVE-2024-48999 | SQL Server Native Client Remote Code Execution Vulnerability |
CVE-2024-49000 | SQL Server Native Client Remote Code Execution Vulnerability |
CVE-2024-49001 | SQL Server Native Client Remote Code Execution Vulnerability |
CVE-2024-49002 | SQL Server Native Client Remote Code Execution Vulnerability |
CVE-2024-49003 | SQL Server Native Client Remote Code Execution Vulnerability |
CVE-2024-49004 | SQL Server Native Client Remote Code Execution Vulnerability |
CVE-2024-49005 | SQL Server Native Client Remote Code Execution Vulnerability |
CVE-2024-49006 | SQL Server Native Client Remote Code Execution Vulnerability |
CVE-2024-49007 | SQL Server Native Client Remote Code Execution Vulnerability |
CVE-2024-49008 | SQL Server Native Client Remote Code Execution Vulnerability |
CVE-2024-49009 | SQL Server Native Client Remote Code Execution Vulnerability |
CVE-2024-49010 | SQL Server Native Client Remote Code Execution Vulnerability |
CVE-2024-49011 | SQL Server Native Client Remote Code Execution Vulnerability |
CVE-2024-49012 | SQL Server Native Client Remote Code Execution Vulnerability |
CVE-2024-49013 | SQL Server Native Client Remote Code Execution Vulnerability |
CVE-2024-49014 | SQL Server Native Client Remote Code Execution Vulnerability |
CVE-2024-49015 | SQL Server Native Client Remote Code Execution Vulnerability |
CVE-2024-49016 | SQL Server Native Client Remote Code Execution Vulnerability |
CVE-2024-49017 | SQL Server Native Client Remote Code Execution Vulnerability |
CVE-2024-49018 | SQL Server Native Client Remote Code Execution Vulnerability |
CVE-2024-49021 | Microsoft SQL Server Remote Code Execution Vulnerability |
CVE-2024-49026 | Microsoft Excel Remote Code Execution Vulnerability |
CVE-2024-49027 | Microsoft Excel Remote Code Execution Vulnerability |
CVE-2024-49028 | Microsoft Excel Remote Code Execution Vulnerability |
CVE-2024-49029 | Microsoft Excel Remote Code Execution Vulnerability |
CVE-2024-49030 | Microsoft Excel Remote Code Execution Vulnerability |
CVE-2024-49031 | Microsoft Office Graphics Remote Code Execution Vulnerability |
CVE-2024-49032 | Microsoft Office Graphics Remote Code Execution Vulnerability |
CVE-2024-49043 | Microsoft.SqlServer.XEvent.Configuration.dll Remote Code Execution Vulnerability |
CVE-2024-49048 | TorchGeo Remote Code Execution Vulnerability |
CVE-2024-49050 | Visual Studio Code Python Extension Remote Code Execution Vulnerability |
Security Feature Bypass Vulnerabilities
CVE | CVE Title |
CVE-2024-43645 | Windows Defender Application Control (WDAC) Security Feature Bypass Vulnerability |
CVE-2024-49033 | Microsoft Word Security Feature Bypass Vulnerability |
Spoofing Vulnerabilities
CVE | CVE Title |
CVE-2024-43450 | Windows DNS Spoofing Vulnerability |
CVE-2024-43451 | NTLM Hash Disclosure Spoofing Vulnerability |
CVE-2024-49040 | Microsoft Exchange Server Spoofing Vulnerability |