Published on Nov 12, 2024 • Last updated on Nov 14, 2024
No attribution of threat actors available at the moment.
NTLM Hash Disclosure Spoofing Vulnerability
Exploit
This NTLM Hash Disclosure vulnerability allows attackers to capture user NTLMv2 hashes through minimal user interaction with malicious files, requiring only actions such as file selection or right-clicking rather than execution. The captured hashes can be leveraged for authentication bypass, potentially giving attackers unauthorized access to affected Windows systems and sensitive data. Given that this vulnerability affects multiple Windows versions and is being actively exploited in the wild, including both modern Windows environments and legacy systems utilizing MSHTML platform components, it represents a significant security risk requiring immediate attention.
SQL Server Native Client Remote Code Execution Vulnerability
A critical heap-based buffer overflow vulnerability in Microsoft SQL Server Native Client enables remote code execution when an authenticated user connects to a malicious SQL server database through OLE DB drivers. An attacker can exploit this flaw by returning malicious data through the connection driver, potentially gaining complete system control, access to sensitive data, and the ability to disrupt operations with minimal attack complexity and no special privileges required. The combination of low attack complexity, network-based attack vector, and severe potential impact on system confidentiality, integrity, and availability makes this vulnerability particularly concerning for organizations running SQL Server installations.
Windows Kerberos Remote Code Execution Vulnerability
A critical remote code execution vulnerability in Windows Kerberos enables unauthenticated attackers to exploit a cryptographic protocol weakness in systems configured as KDC Proxy servers, requiring no user interaction or special privileges. The flaw allows attackers to achieve complete system compromise, potentially affecting the confidentiality, integrity, and availability of the target system while enabling unauthorized access to sensitive data. Given Kerberos's fundamental role in Windows authentication infrastructure, successful exploitation could serve as a foothold for broader network compromise, making immediate remediation crucial for affected systems.
Azure CycleCloud Remote Code Execution Vulnerability
A critical remote code execution vulnerability in Azure CycleCloud enables attackers with basic user permissions to manipulate cluster configurations through specially crafted network requests, allowing unauthorized elevation to Root privileges across multiple clusters. The vulnerability requires no user interaction and can lead to complete system compromise, potentially exposing administrator credentials and enabling arbitrary command execution across affected instances. Given the ability to pivot across clusters and achieve full system control with minimal prerequisites, this high-severity vulnerability poses an immediate threat to operational security and requires urgent attention.
SQL Server Native Client Remote Code Execution Vulnerability
A remote code execution vulnerability in SQL Server Native Client allows attackers to execute arbitrary code by tricking authenticated users into connecting to a malicious SQL server database through OLE DB drivers, requiring minimal attack complexity and user interaction. The vulnerability enables complete system compromise through unauthorized access and data manipulation, with severe impacts to system confidentiality, integrity, and availability. Given the widespread use of SQL Server in enterprise environments and the potential for attackers to gain full control over affected systems through malicious database connections, this vulnerability poses a significant risk to organizational security.
SQL Server Native Client Remote Code Execution Vulnerability
A remote code execution vulnerability in SQL Server Native Client enables attackers to execute arbitrary code by tricking authenticated users into connecting to a malicious SQL server database via OLE DB drivers, requiring no special privileges but needing user interaction. The vulnerability poses a significant risk as successful exploitation could lead to complete system compromise, potentially impacting data confidentiality, integrity, and system availability through arbitrary code execution on the client side. Given SQL Server's widespread enterprise adoption and the severe potential impact on business operations, this high-severity vulnerability requires immediate attention, particularly in environments using affected versions of SQL Server or related OLE DB drivers.
Windows Telephony Service Remote Code Execution Vulnerability
A remote code execution vulnerability in the Windows Telephony Service can be exploited when users are tricked into connecting to a malicious server, leveraging a heap-based buffer overflow condition to execute arbitrary code with service-level privileges. The network-based attack vector, combined with low attack complexity, enables attackers to potentially gain system control and compromise confidentiality, integrity, and availability of affected systems despite requiring user interaction. The high-severity impact across all security metrics and the ability to execute code with elevated privileges makes this vulnerability particularly concerning for organizations with systems exposed to untrusted networks.
Windows Task Scheduler Elevation of Privilege Vulnerability
Exploit
A privilege escalation vulnerability in the Windows Task Scheduler component allows authenticated attackers to execute restricted RPC functions by running a specially crafted application to elevate from AppContainer to Medium Integrity Level privileges. The vulnerability is particularly severe as it enables attackers to break out of the AppContainer isolation boundary and execute code with elevated privileges, potentially leading to full system compromise with high impacts on confidentiality, integrity, and availability. Given that this vulnerability is being actively exploited in the wild and requires minimal complexity to execute, immediate attention is critical for maintaining system security.
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 9.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A remote unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to a .NET vulnerable webapp or loading a specially crafted file into a vulnerable application.
A critical type confusion vulnerability in .NET 9.0 and Visual Studio allows unauthenticated remote attackers to execute arbitrary code by sending specially crafted web requests or loading malicious files, requiring no user interaction or special privileges. The vulnerability's network-based attack vector combined with its low attack complexity enables attackers to potentially achieve complete system compromise, affecting the confidentiality, integrity, and availability of targeted systems. Given the widespread deployment of .NET applications in enterprise environments and the potential for full system access without user engagement, this vulnerability represents a significant risk that could lead to data theft, system manipulation, and service disruption.
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
A Windows Kernel-Mode Driver vulnerability enables local attackers to execute a double-free exploit that requires no user interaction and minimal privileges to achieve SYSTEM-level access. The vulnerability's significance stems from its ability to completely compromise system confidentiality, integrity, and availability through kernel-level access, while only requiring low attack complexity and local access to exploit. Given the potential for complete system takeover through privilege escalation from a low-privileged account to SYSTEM permissions, this kernel driver flaw represents a critical security risk for Windows environments.
CVE ID | CVSS Score | Product | Trend | Exploit |
---|---|---|---|---|
CVE-2024-49056Authentication bypass by assumed-immutable data on airlift.microsoft.com allows an authorized attacker to elevate privileges over a network.
| CVSS 7.3 | - | - | |
CVE-2024-49051Microsoft PC Manager Elevation of Privilege Vulnerability | CVSS 7.8 | pc_manager | - | |
CVE-2024-49050Visual Studio Code Python Extension Remote Code Execution Vulnerability | CVSS 8.8 | python_extension | - | |
CVE-2024-49049Visual Studio Code Remote Extension Elevation of Privilege Vulnerability | CVSS 7.1 | remote_ssh | - | |
CVE-2024-49048TorchGeo Remote Code Execution Vulnerability | CVSS 8.1 | torchgeo | - | |
CVE-2024-49046Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | CVSS 7.8 | windows | - | |
CVE-2024-49044Visual Studio Elevation of Privilege Vulnerability | CVSS 6.7 | visual_studio | - | |
CVE-2024-49043Microsoft.SqlServer.XEvent.Configuration.dll Remote Code Execution Vulnerability | CVSS 7.8 | SQL Server | - | |
CVE-2024-49042Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability | CVSS 7.2 | azure | - | |
CVE-2024-49040Microsoft Exchange Server Spoofing Vulnerability | CVSS 7.5 | exchange_server | Nov 12, 2024 | |
CVE-2024-49039Windows Task Scheduler Elevation of Privilege Vulnerability | CVSS 8.8 | windows | Nov 12, 2024 | |
CVE-2024-49033Microsoft Word Security Feature Bypass Vulnerability | CVSS 7.5 | 365_apps | - | |
CVE-2024-49032Microsoft Office Graphics Remote Code Execution Vulnerability | CVSS 7.8 | 365_apps | - | |
CVE-2024-49031Microsoft Office Graphics Remote Code Execution Vulnerability | CVSS 7.8 | 365_apps | - | |
CVE-2024-49030Microsoft Excel Remote Code Execution Vulnerability | CVSS 7.8 | 365_apps | - | |
CVE-2024-49029Microsoft Excel Remote Code Execution Vulnerability | CVSS 7.8 | 365_apps | - | |
CVE-2024-49028Microsoft Excel Remote Code Execution Vulnerability | CVSS 7.8 | 365_apps | - | |
CVE-2024-49027Microsoft Excel Remote Code Execution Vulnerability | CVSS 7.8 | 365_apps | - | |
CVE-2024-49026Microsoft Excel Remote Code Execution Vulnerability | CVSS 7.8 | 365_apps | - | |
CVE-2024-49021Microsoft SQL Server Remote Code Execution Vulnerability | CVSS 7.8 | sql_server | - | |
CVE-2024-49019Active Directory Certificate Services Elevation of Privilege Vulnerability | CVSS 7.8 | active_directory | - | |
CVE-2024-49018SQL Server Native Client Remote Code Execution Vulnerability | CVSS 8.8 | sql_server | - | |
CVE-2024-49017SQL Server Native Client Remote Code Execution Vulnerability | CVSS 8.8 | sql_server | - | |
CVE-2024-49016SQL Server Native Client Remote Code Execution Vulnerability | CVSS 8.8 | sql_server | - | |
CVE-2024-49015SQL Server Native Client Remote Code Execution Vulnerability | CVSS 8.8 | sql_server | - | |
CVE-2024-49014SQL Server Native Client Remote Code Execution Vulnerability | CVSS 8.8 | sql_server | - | |
CVE-2024-49013SQL Server Native Client Remote Code Execution Vulnerability | CVSS 8.8 | sql_server | - | |
CVE-2024-49012SQL Server Native Client Remote Code Execution Vulnerability | CVSS 8.8 | sql_server | - | |
CVE-2024-49011SQL Server Native Client Remote Code Execution Vulnerability | CVSS 8.8 | sql_server | - | |
CVE-2024-49010SQL Server Native Client Remote Code Execution Vulnerability | CVSS 8.8 | sql_server | - | |
CVE-2024-49009SQL Server Native Client Remote Code Execution Vulnerability | CVSS 8.8 | sql_server | - | |
CVE-2024-49008SQL Server Native Client Remote Code Execution Vulnerability | CVSS 8.8 | sql_server | - | |
CVE-2024-49007SQL Server Native Client Remote Code Execution Vulnerability | CVSS 8.8 | sql_server | - | |
CVE-2024-49006SQL Server Native Client Remote Code Execution Vulnerability | CVSS 8.8 | sql_server | - | |
CVE-2024-49005SQL Server Native Client Remote Code Execution Vulnerability | CVSS 8.8 | sql_server | - | |
CVE-2024-49004SQL Server Native Client Remote Code Execution Vulnerability | CVSS 8.8 | sql_server | - | |
CVE-2024-49003SQL Server Native Client Remote Code Execution Vulnerability | CVSS 8.8 | sql_server | - | |
CVE-2024-49002SQL Server Native Client Remote Code Execution Vulnerability | CVSS 8.8 | sql_server | - | |
CVE-2024-49001SQL Server Native Client Remote Code Execution Vulnerability | CVSS 8.8 | sql_server | - | |
CVE-2024-49000SQL Server Native Client Remote Code Execution Vulnerability | CVSS 8.8 | sql_server | - | |
CVE-2024-48999SQL Server Native Client Remote Code Execution Vulnerability | CVSS 8.8 | sql_server | - | |
CVE-2024-48998SQL Server Native Client Remote Code Execution Vulnerability | CVSS 8.8 | sql_server | - | |
CVE-2024-48997SQL Server Native Client Remote Code Execution Vulnerability | CVSS 8.8 | sql_server | - | |
CVE-2024-48996SQL Server Native Client Remote Code Execution Vulnerability | CVSS 8.8 | sql_server | - | |
CVE-2024-48995SQL Server Native Client Remote Code Execution Vulnerability | CVSS 8.8 | sql_server | - | |
CVE-2024-48994SQL Server Native Client Remote Code Execution Vulnerability | CVSS 8.8 | sql_server | - | |
CVE-2024-48993SQL Server Native Client Remote Code Execution Vulnerability | CVSS 8.8 | sql_server | - | |
CVE-2024-43646Windows Secure Kernel Mode Elevation of Privilege Vulnerability | CVSS 6.7 | windows | - | |
CVE-2024-43645Windows Defender Application Control (WDAC) Security Feature Bypass Vulnerability | CVSS 6.7 | windows | - | |
CVE-2024-43644Windows Client-Side Caching Elevation of Privilege Vulnerability | CVSS 7.8 | windows_10_1507 | - | |
CVE-2024-43643Windows USB Video Class System Driver Elevation of Privilege Vulnerability | CVSS 6.8 | windows | - | |
CVE-2024-43642Windows SMB Denial of Service Vulnerability | CVSS 7.5 | windows | - | |
CVE-2024-43641Windows Registry Elevation of Privilege Vulnerability | CVSS 7.8 | windows | - | |
CVE-2024-43640Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | CVSS 7.8 | windows | - | |
CVE-2024-43639Windows Kerberos Remote Code Execution Vulnerability | CVSS 9.8 | windows | - | |
CVE-2024-43638Windows USB Video Class System Driver Elevation of Privilege Vulnerability | CVSS 6.8 | windows | - | |
CVE-2024-43637Windows USB Video Class System Driver Elevation of Privilege Vulnerability | CVSS 6.8 | windows | - | |
CVE-2024-43636Win32k Elevation of Privilege Vulnerability | CVSS 7.8 | windows | - | |
CVE-2024-43635Windows Telephony Service Remote Code Execution Vulnerability | CVSS 8.8 | windows | - | |
CVE-2024-43634Windows USB Video Class System Driver Elevation of Privilege Vulnerability | CVSS 6.8 | windows | - | |
CVE-2024-43633Windows Hyper-V Denial of Service Vulnerability | CVSS 6.5 | windows | - | |
CVE-2024-43631Windows Secure Kernel Mode Elevation of Privilege Vulnerability | CVSS 6.7 | windows | - | |
CVE-2024-43630Windows Kernel Elevation of Privilege Vulnerability | CVSS 7.8 | windows | - | |
CVE-2024-43629Windows DWM Core Library Elevation of Privilege Vulnerability | CVSS 7.8 | windows | - | |
CVE-2024-43628Windows Telephony Service Remote Code Execution Vulnerability | CVSS 8.8 | windows | - | |
CVE-2024-43627Windows Telephony Service Remote Code Execution Vulnerability | CVSS 8.8 | windows | - | |
CVE-2024-43626Windows Telephony Service Elevation of Privilege Vulnerability | CVSS 7.8 | windows | - | |
CVE-2024-43625Microsoft Windows VMSwitch Elevation of Privilege Vulnerability | CVSS 8.1 | windows | - | |
CVE-2024-43624Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability | CVSS 8.8 | windows | - | |
CVE-2024-43623Windows NT OS Kernel Elevation of Privilege Vulnerability | CVSS 7.8 | windows_10_1507 | - | |
CVE-2024-43622Windows Telephony Service Remote Code Execution Vulnerability | CVSS 8.8 | windows | - | |
CVE-2024-43621Windows Telephony Service Remote Code Execution Vulnerability | CVSS 8.8 | windows | - | |
CVE-2024-43620Windows Telephony Service Remote Code Execution Vulnerability | CVSS 8.8 | windows | - | |
CVE-2024-43613Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability | CVSS 7.2 | azure | - | |
CVE-2024-43602Azure CycleCloud Remote Code Execution Vulnerability | CVSS 9.9 | azure_cyclecloud | - | |
CVE-2024-43598LightGBM Remote Code Execution Vulnerability | CVSS 8.1 | lightgbm | - | |
CVE-2024-43530Windows Update Stack Elevation of Privilege Vulnerability | CVSS 7.8 | windows | - | |
CVE-2024-43499Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 9.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. The NrbfDecoder component in .NET 9 contains a denial of service vulnerability due to incorrect input validation. | CVSS 7.5 | .net | - | |
CVE-2024-43498Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 9.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A remote unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to a .NET vulnerable webapp or loading a specially crafted file into a vulnerable application. | CVSS 9.8 | .net | - | |
CVE-2024-43462SQL Server Native Client Remote Code Execution Vulnerability | CVSS 8.8 | sql_server | - | |
CVE-2024-43459SQL Server Native Client Remote Code Execution Vulnerability | CVSS 8.8 | sql_server | - | |
CVE-2024-43452Windows Registry Elevation of Privilege Vulnerability | CVSS 7.5 | windows | - | |
CVE-2024-43451NTLM Hash Disclosure Spoofing Vulnerability | CVSS 6.5 | windows | Nov 12, 2024 | |
CVE-2024-43450Windows DNS Spoofing Vulnerability | CVSS 7.5 | windows | - | |
CVE-2024-43449Windows USB Video Class System Driver Elevation of Privilege Vulnerability | CVSS 6.8 | windows | - | |
CVE-2024-43447Windows SMBv3 Server Remote Code Execution Vulnerability | CVSS 8.1 | windows | - | |
CVE-2024-38264Microsoft Virtual Hard Disk (VHDX) Denial of Service Vulnerability | CVSS 5.9 | windows_11_22h2 | - | |
CVE-2024-38255SQL Server Native Client Remote Code Execution Vulnerability | CVSS 8.8 | sql_server | - | |
CVE-2024-38203Windows Package Library Manager Information Disclosure Vulnerability | CVSS 6.2 | windows | - |