Summary
November’s Microsoft Patch Tuesday has security updates to fix 4 zero-day vulnerabilities with 2 of them being actively-exploited, 4 critical vulnerabilities and a total of 89 vulnerabilities.
The patches this month break down as follows:
- 52 Remote code execution vulnerabilities
- 26 Elevation of privilege vulnerabilities
- 4 Denial of Service vulnerabilities
- 3 Spoofing vulnerabilities
- 2 Security feature bypass vulnerabilities
- 1 Information disclosure vulnerabilities
The most important patches are:
CVE-2024-49039 – Windows Task Scheduler Elevation of Privilege Vulnerability. A specially crafted application could be executed that elevates privilege to Medium Integrity level.
“In this case, a successful attack could be performed from a low privilege AppContainer. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment,” explained Microsoft. CVSS 3.1: 8.8 (High)
CVE-2024-43451 – NTLM Hash Disclosure Spoofing Vulnerability
Microsoft has fixed a vulnerability that exposes NTLM hashes to remote attackers with minimal interaction with a malicious file.
“This vulnerability discloses a user’s NTLMv2 hash to the attacker who could use this to authenticate as the user,” explained Microsoft. CVSS 3.1: 6.5 (Medium)
More information can be found here.