Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws

Nowadays is Microsoft’s November 2024 Patch Tuesday, which incorporates safety updates for 91 flaws, together with 4 zero-days, two of which might be actively exploited.

This Patch Tuesday fastened 4 essential vulnerabilities, which come with two far flung code execution and two elevation of privileges flaws.

The choice of insects in each and every vulnerability class is indexed underneath:

• 26 Elevation of Privilege vulnerabilities
• 2 Safety Function Bypass vulnerabilities
• 52 Far flung Code Execution vulnerabilities
• 1 Knowledge Disclosure vulnerability
• 4 Denial of Provider vulnerabilities
• 3 Spoofing vulnerabilities

This rely does no longer come with two Edge flaws that have been up to now fastened on November seventh.

To be informed extra concerning the non-security updates launched lately, you’ll be able to assessment our devoted articles at the new Home windows 11 KB5046617 and KB5046633 cumulative updates and the Home windows 10 KB5046613 replace.

4 zero-days disclosed

This month’s Patch Tuesday fixes 4 zero-days, two of which have been actively exploited in assaults, and 3 have been publicly disclosed.

Microsoft classifies a zero-day flaw as one this is publicly disclosed or actively exploited whilst no authentic repair is to be had.

The 2 actively exploited zero-day vulnerabilities in lately’s updates are:

CVE-2024-43451 – NTLM Hash Disclosure Spoofing Vulnerability

Microsoft has fastened a vulnerability that exposes NTLM hashes to far flung attackers with minimum interplay with a malicious record.

“This vulnerability discloses a consumer’s NTLMv2 hash to the attacker who may just use this to authenticate because the consumer,” defined Microsoft.

“Minimum interplay with a malicious record via a consumer similar to settling on (single-click), analyzing (right-click), or appearing an motion rather than opening or executing may just cause this vulnerability,” endured Microsoft.

Microsoft says Israel Yeshurun of ClearSky Cyber Safety found out this vulnerability and that it was once publicly disclosed, however didn’t proportion to any extent further main points.

CVE-2024-49039 – Home windows Process Scheduler Elevation of Privilege Vulnerability

A specifically crafted software may well be finished that elevates privilege to Medium Integrity degree.

“On this case, a a success assault may well be carried out from a low privilege AppContainer. The attacker may just lift their privileges and execute code or get admission to assets at a better integrity degree than that of the AppContainer execution atmosphere,” defined Microsoft.

Microsoft says that exploiting this vulnerability would permit attackers to execute RPC purposes which can be usually limited to privileged accounts.

The flaw was once found out via Vlad Stolyarov and Bahare Sabouri of Google’s Risk Research Staff.

It’s not identified how the flaw was once exploited in assaults.

The opposite 3 vulnerabilities that have been publicly disclosed however no longer exploited in assaults are:

CVE-2024-49040 – Microsoft Alternate Server Spoofing Vulnerability

Microsoft has fastened a Microsoft Alternate vulnerability that permits risk actors to spoof the sender’s electronic mail deal with in emails to native recipients.

“Microsoft is conscious about a vulnerability (CVE-2024-49040) that permits attackers to run spoofing assaults towards Microsoft Alternate Server,” explains a similar advisory via Microsoft.

“The vulnerability is led to via the present implementation of the P2 FROM header verification, which occurs in shipping.”

Beginning with this month’s Microsoft Alternate safety updates, Microsoft is now detecting and flagging spoofed emails with an alert prepended to the e-mail frame that states, “Understand: This electronic mail seems to be suspicious. Don’t believe the ideas, hyperlinks, or attachments on this electronic mail with out verifying the supply via a relied on way.”

Microsoft says the flaw was once found out via Slonser at Solidlab, who publicly disclosed the flaw on this article.

CVE-2024-49019 – Energetic Listing Certificates Services and products Elevation of Privilege Vulnerability

Microsoft fastened a flaw that permits attackers to achieve area administrator privileges via abusing integrated default model 1 certificates templates.

“Test when you’ve got printed any certificate created the use of a model 1 certificates template the place the Supply of topic identify is about to “Equipped within the request” and the Join permissions are granted to a broader set of accounts, similar to area customers or area computer systems,” explains Microsoft.

“An instance is the integrated Internet Server template, however it’s not prone via default because of its limited Join permissions.”

The flaw was once found out via Lou Scicchitano, Scot Berner, and Justin Bollinger with TrustedSec, who disclosed the “EKUwu” vulnerability in October.

“The usage of integrated default model 1 certificates templates, an attacker can craft a CSR to incorporate software insurance policies which can be most well-liked over the configured Prolonged Key Utilization attributes specified within the template,” reads TrustedSec’s record.

“The one requirement is enrollment rights, and it may be used to generate consumer authentication, certificates request agent, and codesigning certificate the use of the WebServer template.”

As defined above, CVE-2024-43451 was once additionally publicly disclosed.

Fresh updates from different corporations

Different distributors who launched updates or advisories in November 2024 come with:

• Adobe launched safety updates for a large number of packages, together with Photoshop, Illustrator, and Trade.
• Cisco releases safety updates for a couple of merchandise, together with Cisco Telephones, Nexus Dashboard, Identification Services and products Engine, and extra.
• Citrix releases safety updates for NetScaler ADC and NetScaler Gateway vulnerabilities. Additionally they launched an replace for the Citrix Digital Apps and Desktops reported via Watchtowr.
• Dell releases safety updates for code execution and safety bypass flaws in SONiC OS.
• D-Hyperlink releases a safety replace for a essential DSL6740C flaw that permits amendment of account passwords.
• Google launched Chrome 131, which incorporates 12 safety fixes. No zero-days.
• Ivanti releases safety updates for twenty-five vulnerabilities in Ivanti Attach Protected (ICS), Ivanti Coverage Protected (IPS), Ivanti Protected Get right of entry to Consumer (ISAC).
• SAP releases safety updates for a couple of merchandise as a part of November Patch Day.
• Schneider Electrical releases safety updates for flaws in Modicon M340, Momentum, and MC80 merchandise.
• Siemens launched a safety replace for a essential 10/10 flaw in TeleControl Server Elementary tracked as CVE-2024-44102.

The November 2024 Patch Tuesday Safety Updates

Under is all the record of resolved vulnerabilities within the November 2024 Patch Tuesday updates.

To get admission to the overall description of each and every vulnerability and the programs it impacts, you’ll be able to view the complete record right here.

Replace 9/11/24: Up to date to give an explanation for that handiest 3 flaws have been actively exploited and why CVE-2024-43491 was once marked as exploited.