#1 Middle East & Africa Trusted Cybersecurity News & Magazine |

28 C
Dubai
Sunday, March 9, 2025
Subscribe
HomeTopics 4PatchNovember 2024 Patch Tuesday: Vulnerabilities fixed including 89 flaws and 4 zero-days
PatchThreat Intelligence and AnalysisZero Day

November 2024 Patch Tuesday: Vulnerabilities fixed including 89 flaws and 4 zero-days

By: Mohammad Aamir, Contributing Writer

Date:

Related stories

spot_imgspot_imgspot_imgspot_img

Microsoft has rolled out its November 2024 Patch Tuesday updates, addressing critical security risks across its software ecosystem. The update resolves four actively exploited zero-day vulnerabilities, along with 89 other security flaws affecting Windows, Edge, Office, and other Microsoft products. The patches aim to strengthen defenses against potential cyberattacks, with several vulnerabilities rated “Critical” due to their severity and potential impact on user security. Users are advised to update immediately.

On Patch Tuesday, 12 Nov 2024 Microsoft has released fixes for 89 flaws including four zero-days, two of which are actively exploited.

The major categories for these vulnerabilities are as follows:

  • Elevation of Privilege – 26
  • Security Feature Bypass – 2
  • Remote Code Execution (RCE)- 51
  • Information Disclosure – 1
  • Denial of Service – 4
  • Spoofing – 3

Of the vulnerabilities addressed this month, 58.6% were related to Remote Code Execution, while 29.9% were related to Elevation of Privilege.

29 CVEs for RCEs affecting SQL Server Native Client. All these 29 CVEs received CVSSv3 scores of 8.8.

Following are the 4 Zero-day vulnerabilities:

  • NTLM Hash Disclosure Spoofing Vulnerability (CVE-2024-43451)
  • Windows Task Scheduler Elevation of Privilege Vulnerability (CVE-2024-49039)
  • Microsoft Exchange Server Spoofing Vulnerability (CVE-2024-49040)
  • Active Directory Certificate Services Elevation of Privilege Vulnerability (CVE-2024-49019)

Out of these 4 vulnerabilities CVE-2024-43451 and CVE-2024-49039 are getting exploited widely as Zero day.

CVE-2024-43451: Hash Disclosure for NTLM By exploiting a spoofing vulnerability in MSHTML, attackers can use Internet Explorer components under WebBrowser control to obtain a user’s NTLMv2 hash. Even if user engagement is required, attackers can still utilize this to assume the identity of the victim. We advise patching right away.

CVE-2024-49039: The Windows Task Scheduler privilege escalation bug allows AppContainer escape, allowing low-privileged users to run code with medium integrity. It was discovered by several researchers and is currently being used, particularly in different regions, demonstrating its potential significance.

Apart from Microsoft the following companies have also provided fixes:

Citrix : Citrix NetScaler released updates for ADC and NetScaler Gateway.

Adobe: Adobe released updates for applications including Photoshop, Illustrator, and Commerce.

Cisco: Cisco released updates for it’s products including Cisco Phones, Nexus Dashboard, Identity Services Engine.

SAP: SAP released updates for multiple products including SAP Web Dispatcher, SAP NetWeaver.

Ivanti: Ivanti released updates for products including Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), Ivanti Secure Access Client (ISAC)

Dell: Dell released updates for SONiC OS.

Schneider Electric: Released updates for Modicon M340, Momentum, and MC80.

SIEMENS: Flaws in TeleControl Server Basic (CVE-2024-44102) patched by SIEMENS.

Google: Released fixes for several flaws reported.

D-Link: Released fixes for DSL6740C.

Here are 10 essential pieces of advice for users regarding Microsoft’s November 2024 Patch Tuesday updates:

  1. Update Immediately: Install the November 2024 Patch Tuesday updates as soon as possible. Microsoft has addressed four zero-day vulnerabilities that are actively exploited in the wild, so prompt action will minimize risk.
  2. Prioritize Critical Systems: If managing a large IT environment, prioritize updating critical systems such as Windows servers and workstations first, especially those exposed to external networks, to quickly bolster key defenses.
  3. Use Microsoft Update Tools: Ensure that automatic updates are enabled in Windows Update for personal devices, and consider using centralized tools like Windows Server Update Services (WSUS) or Microsoft Endpoint Configuration Manager for enterprise environments.
  4. Secure Edge and Office Applications: Make sure to update Microsoft Edge and Office applications, as some of the vulnerabilities affect these programs. Keeping them updated helps protect against potential threats targeting popular productivity tools.
  5. Patch All Network-Exposed Devices: Network-exposed devices are particularly vulnerable to attacks. Make sure to patch any device connected to the internet or other untrusted networks, including endpoints and remote machines.
  6. Disable Workarounds Where Applicable: If any previous workarounds or temporary mitigations were applied to address vulnerabilities, review and disable them after applying the patches to ensure software functionality returns to normal.
  7. Educate Users on Phishing and Social Engineering: The patch addresses vulnerabilities that could be exploited via malicious links or attachments. Reinforce user education on avoiding suspicious emails, links, and attachments.
  8. Monitor for Anomalous Activity: Since these vulnerabilities have been actively exploited, monitor logs and endpoint activity for unusual behavior that might indicate attempted exploitation or malware activity.
  9. Backup Critical Data: Ensure that recent backups of important data are available and secure. While this is a general best practice, it is especially critical during periods of heightened vulnerability due to zero-day risks.
  10. Review Microsoft’s Security Documentation: Microsoft often provides technical details on vulnerabilities and affected systems in their security bulletins. Review these documents to fully understand the patches’ scope and any additional steps required in your environment.

Following these best practices will help reduce your exposure to the vulnerabilities addressed in this month’s Patch Tuesday and strengthen your organization’s security posture against potential threats.

Conclusion:

The November Patch Tuesday brought critical security fixes, addressing multiple vulnerabilities, including remote code execution flaws in key Microsoft products, underscoring the importance of timely patching to protect against potential exploits. With the year nearing its close, the December 10th Patch Tuesday will likely focus on resolving remaining security gaps and reinforcing protections for holiday-season attacks. Organizations should prepare for a comprehensive set of updates, staying proactive to mitigate any risks as they close out 2024.

Want to stay on top of cybersecurity news? Follow us on Facebook, X (Twitter), Instagram, and LinkedIn for the latest threats, insights, and updates!

Mohammad Aamir, Contributing Writer
Mohammad Aamir, Contributing Writer

Subscribe

- Never miss a story with notifications

- Gain full access to our premium content

- Browse free from up to 5 devices at once

Latest stories

spot_imgspot_imgspot_imgspot_img
Previous article
Massive MOVEit Vulnerability Breach: Employee Data from Amazon, McDonald’s, HSBC, HP, and Hundreds More Leaked by Hacker
Next article
T-Mobile Hacked Again: American Telecom giant fall prey to cyber-espionage operation by hackers group called Salt Typhoon suspected to be connected to Chinese intelligence.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Cybercory Magazine

Cybercory.com serves as a platform for promoting, motivating, and educating its audience on cybersecurity matters, contributing to a more secure digital environment. Cybercory is a part of Sainttly Group.

Latest

Popular

Useful Links

Quick Links

© 2021-2025 cybercory.com, Sainttly Group. All Rights Reserved. Designed by digitalliums.com.