November 2024 Patch Tuesday: 10 Critical Vulnerabilities Amid 89 CVEs

Published on Nov 12, 2024 • Last updated on Nov 14, 2024

Total vulnerabilities
89
Critical vulnerabilities
10
Exploited vulnerabilities
3

November 2024 Risk Analysis

Most impacted products
SQL Server
35%
Windows Telephony Service
8%
Windows USB Video Driver
6%
Microsoft Office Excel
6%
Windows Secure Kernel Mode
3%
Attribution of Malware Families
SparkRAT
100%

No attribution of threat actors available at the moment.

Critical Vulnerabilities

CVE-2024-43451

NTLM Hash Disclosure Spoofing Vulnerability

CVSS 6.5CWE-73

Exploit

This NTLM Hash Disclosure vulnerability allows attackers to capture user NTLMv2 hashes through minimal user interaction with malicious files, requiring only actions such as file selection or right-clicking rather than execution. The captured hashes can be leveraged for authentication bypass, potentially giving attackers unauthorized access to affected Windows systems and sensitive data. Given that this vulnerability affects multiple Windows versions and is being actively exploited in the wild, including both modern Windows environments and legacy systems utilizing MSHTML platform components, it represents a significant security risk requiring immediate attention.

CVE-2024-43462

SQL Server Native Client Remote Code Execution Vulnerability

CVSS 8.8CWE-122

A critical heap-based buffer overflow vulnerability in Microsoft SQL Server Native Client enables remote code execution when an authenticated user connects to a malicious SQL server database through OLE DB drivers. An attacker can exploit this flaw by returning malicious data through the connection driver, potentially gaining complete system control, access to sensitive data, and the ability to disrupt operations with minimal attack complexity and no special privileges required. The combination of low attack complexity, network-based attack vector, and severe potential impact on system confidentiality, integrity, and availability makes this vulnerability particularly concerning for organizations running SQL Server installations.

CVE-2024-43639

Windows Kerberos Remote Code Execution Vulnerability

CVSS 9.8CWE-197

A critical remote code execution vulnerability in Windows Kerberos enables unauthenticated attackers to exploit a cryptographic protocol weakness in systems configured as KDC Proxy servers, requiring no user interaction or special privileges. The flaw allows attackers to achieve complete system compromise, potentially affecting the confidentiality, integrity, and availability of the target system while enabling unauthorized access to sensitive data. Given Kerberos's fundamental role in Windows authentication infrastructure, successful exploitation could serve as a foothold for broader network compromise, making immediate remediation crucial for affected systems.

CVE-2024-43602

Azure CycleCloud Remote Code Execution Vulnerability

CVSS 9.9CWE-285

A critical remote code execution vulnerability in Azure CycleCloud enables attackers with basic user permissions to manipulate cluster configurations through specially crafted network requests, allowing unauthorized elevation to Root privileges across multiple clusters. The vulnerability requires no user interaction and can lead to complete system compromise, potentially exposing administrator credentials and enabling arbitrary command execution across affected instances. Given the ability to pivot across clusters and achieve full system control with minimal prerequisites, this high-severity vulnerability poses an immediate threat to operational security and requires urgent attention.

CVE-2024-38255

SQL Server Native Client Remote Code Execution Vulnerability

CVSS 8.8CWE-122

A remote code execution vulnerability in SQL Server Native Client allows attackers to execute arbitrary code by tricking authenticated users into connecting to a malicious SQL server database through OLE DB drivers, requiring minimal attack complexity and user interaction. The vulnerability enables complete system compromise through unauthorized access and data manipulation, with severe impacts to system confidentiality, integrity, and availability. Given the widespread use of SQL Server in enterprise environments and the potential for attackers to gain full control over affected systems through malicious database connections, this vulnerability poses a significant risk to organizational security.

CVE-2024-43459

SQL Server Native Client Remote Code Execution Vulnerability

CVSS 8.8CWE-416

A remote code execution vulnerability in SQL Server Native Client enables attackers to execute arbitrary code by tricking authenticated users into connecting to a malicious SQL server database via OLE DB drivers, requiring no special privileges but needing user interaction. The vulnerability poses a significant risk as successful exploitation could lead to complete system compromise, potentially impacting data confidentiality, integrity, and system availability through arbitrary code execution on the client side. Given SQL Server's widespread enterprise adoption and the severe potential impact on business operations, this high-severity vulnerability requires immediate attention, particularly in environments using affected versions of SQL Server or related OLE DB drivers.

CVE-2024-43620

Windows Telephony Service Remote Code Execution Vulnerability

CVSS 8.8CWE-122

A remote code execution vulnerability in the Windows Telephony Service can be exploited when users are tricked into connecting to a malicious server, leveraging a heap-based buffer overflow condition to execute arbitrary code with service-level privileges. The network-based attack vector, combined with low attack complexity, enables attackers to potentially gain system control and compromise confidentiality, integrity, and availability of affected systems despite requiring user interaction. The high-severity impact across all security metrics and the ability to execute code with elevated privileges makes this vulnerability particularly concerning for organizations with systems exposed to untrusted networks.

CVE-2024-49039

Windows Task Scheduler Elevation of Privilege Vulnerability

CVSS 8.8CWE-287

Exploit

A privilege escalation vulnerability in the Windows Task Scheduler component allows authenticated attackers to execute restricted RPC functions by running a specially crafted application to elevate from AppContainer to Medium Integrity Level privileges. The vulnerability is particularly severe as it enables attackers to break out of the AppContainer isolation boundary and execute code with elevated privileges, potentially leading to full system compromise with high impacts on confidentiality, integrity, and availability. Given that this vulnerability is being actively exploited in the wild and requires minimal complexity to execute, immediate attention is critical for maintaining system security.

CVE-2024-43498

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 9.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A remote unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to a .NET vulnerable webapp or loading a specially crafted file into a vulnerable application.

CVSS 9.8CWE-843CWE-704

A critical type confusion vulnerability in .NET 9.0 and Visual Studio allows unauthenticated remote attackers to execute arbitrary code by sending specially crafted web requests or loading malicious files, requiring no user interaction or special privileges. The vulnerability's network-based attack vector combined with its low attack complexity enables attackers to potentially achieve complete system compromise, affecting the confidentiality, integrity, and availability of targeted systems. Given the widespread deployment of .NET applications in enterprise environments and the potential for full system access without user engagement, this vulnerability represents a significant risk that could lead to data theft, system manipulation, and service disruption.

CVE-2024-43640

Windows Kernel-Mode Driver Elevation of Privilege Vulnerability

CVSS 7.8CWE-415

A Windows Kernel-Mode Driver vulnerability enables local attackers to execute a double-free exploit that requires no user interaction and minimal privileges to achieve SYSTEM-level access. The vulnerability's significance stems from its ability to completely compromise system confidentiality, integrity, and availability through kernel-level access, while only requiring low attack complexity and local access to exploit. Given the potential for complete system takeover through privilege escalation from a low-privileged account to SYSTEM permissions, this kernel driver flaw represents a critical security risk for Windows environments.

All vulnerabilities

CVE ID
CVSS Score
ProductTrend
Exploit
CVE-2024-49056Authentication bypass by assumed-immutable data on airlift.microsoft.com allows an authorized attacker to elevate privileges over a network.
CVSS 7.3--
CVE-2024-49051Microsoft PC Manager Elevation of Privilege Vulnerability
CVSS 7.8

pc_manager

-
CVE-2024-49050Visual Studio Code Python Extension Remote Code Execution Vulnerability
CVSS 8.8

python_extension

+1 more

-
CVE-2024-49049Visual Studio Code Remote Extension Elevation of Privilege Vulnerability
CVSS 7.1

remote_ssh

+1 more

-
CVE-2024-49048TorchGeo Remote Code Execution Vulnerability
CVSS 8.1

torchgeo

-
CVE-2024-49046Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
CVSS 7.8

windows

+15 more

-
CVE-2024-49044Visual Studio Elevation of Privilege Vulnerability
CVSS 6.7

visual_studio

+1 more

-
CVE-2024-49043Microsoft.SqlServer.XEvent.Configuration.dll Remote Code Execution Vulnerability
CVSS 7.8

SQL Server

+4 more

-
CVE-2024-49042Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability
CVSS 7.2

azure

-
CVE-2024-49040Microsoft Exchange Server Spoofing Vulnerability
CVSS 7.5

exchange_server

Nov 12, 2024
CVE-2024-49039Windows Task Scheduler Elevation of Privilege Vulnerability
CVSS 8.8

windows

+13 more

Nov 12, 2024
CVE-2024-49033Microsoft Word Security Feature Bypass Vulnerability
CVSS 7.5

365_apps

+3 more

-
CVE-2024-49032Microsoft Office Graphics Remote Code Execution Vulnerability
CVSS 7.8

365_apps

+2 more

-
CVE-2024-49031Microsoft Office Graphics Remote Code Execution Vulnerability
CVSS 7.8

365_apps

+2 more

-
CVE-2024-49030Microsoft Excel Remote Code Execution Vulnerability
CVSS 7.8

365_apps

+3 more

-
CVE-2024-49029Microsoft Excel Remote Code Execution Vulnerability
CVSS 7.8

365_apps

+3 more

-
CVE-2024-49028Microsoft Excel Remote Code Execution Vulnerability
CVSS 7.8

365_apps

+3 more

-
CVE-2024-49027Microsoft Excel Remote Code Execution Vulnerability
CVSS 7.8

365_apps

+3 more

-
CVE-2024-49026Microsoft Excel Remote Code Execution Vulnerability
CVSS 7.8

365_apps

+4 more

-
CVE-2024-49021Microsoft SQL Server Remote Code Execution Vulnerability
CVSS 7.8

sql_server

+4 more

-
CVE-2024-49019Active Directory Certificate Services Elevation of Privilege Vulnerability
CVSS 7.8

active_directory

+7 more

-
CVE-2024-49018SQL Server Native Client Remote Code Execution Vulnerability
CVSS 8.8

sql_server

+3 more

-
CVE-2024-49017SQL Server Native Client Remote Code Execution Vulnerability
CVSS 8.8

sql_server

+3 more

-
CVE-2024-49016SQL Server Native Client Remote Code Execution Vulnerability
CVSS 8.8

sql_server

+3 more

-
CVE-2024-49015SQL Server Native Client Remote Code Execution Vulnerability
CVSS 8.8

sql_server

+3 more

-
CVE-2024-49014SQL Server Native Client Remote Code Execution Vulnerability
CVSS 8.8

sql_server

+3 more

-
CVE-2024-49013SQL Server Native Client Remote Code Execution Vulnerability
CVSS 8.8

sql_server

+3 more

-
CVE-2024-49012SQL Server Native Client Remote Code Execution Vulnerability
CVSS 8.8

sql_server

+3 more

-
CVE-2024-49011SQL Server Native Client Remote Code Execution Vulnerability
CVSS 8.8

sql_server

+3 more

-
CVE-2024-49010SQL Server Native Client Remote Code Execution Vulnerability
CVSS 8.8

sql_server

+3 more

-
CVE-2024-49009SQL Server Native Client Remote Code Execution Vulnerability
CVSS 8.8

sql_server

+3 more

-
CVE-2024-49008SQL Server Native Client Remote Code Execution Vulnerability
CVSS 8.8

sql_server

+3 more

-
CVE-2024-49007SQL Server Native Client Remote Code Execution Vulnerability
CVSS 8.8

sql_server

+3 more

-
CVE-2024-49006SQL Server Native Client Remote Code Execution Vulnerability
CVSS 8.8

sql_server

+3 more

-
CVE-2024-49005SQL Server Native Client Remote Code Execution Vulnerability
CVSS 8.8

sql_server

+3 more

-
CVE-2024-49004SQL Server Native Client Remote Code Execution Vulnerability
CVSS 8.8

sql_server

+3 more

-
CVE-2024-49003SQL Server Native Client Remote Code Execution Vulnerability
CVSS 8.8

sql_server

+3 more

-
CVE-2024-49002SQL Server Native Client Remote Code Execution Vulnerability
CVSS 8.8

sql_server

+3 more

-
CVE-2024-49001SQL Server Native Client Remote Code Execution Vulnerability
CVSS 8.8

sql_server

+3 more

-
CVE-2024-49000SQL Server Native Client Remote Code Execution Vulnerability
CVSS 8.8

sql_server

+3 more

-
CVE-2024-48999SQL Server Native Client Remote Code Execution Vulnerability
CVSS 8.8

sql_server

+3 more

-
CVE-2024-48998SQL Server Native Client Remote Code Execution Vulnerability
CVSS 8.8

sql_server

+3 more

-
CVE-2024-48997SQL Server Native Client Remote Code Execution Vulnerability
CVSS 8.8

sql_server

+3 more

-
CVE-2024-48996SQL Server Native Client Remote Code Execution Vulnerability
CVSS 8.8

sql_server

+3 more

-
CVE-2024-48995SQL Server Native Client Remote Code Execution Vulnerability
CVSS 8.8

sql_server

+3 more

-
CVE-2024-48994SQL Server Native Client Remote Code Execution Vulnerability
CVSS 8.8

sql_server

+3 more

-
CVE-2024-48993SQL Server Native Client Remote Code Execution Vulnerability
CVSS 8.8

sql_server

+3 more

-
CVE-2024-43646Windows Secure Kernel Mode Elevation of Privilege Vulnerability
CVSS 6.7

windows

+12 more

-
CVE-2024-43645Windows Defender Application Control (WDAC) Security Feature Bypass Vulnerability
CVSS 6.7

windows

+5 more

-
CVE-2024-43644Windows Client-Side Caching Elevation of Privilege Vulnerability
CVSS 7.8

windows_10_1507

+15 more

-
CVE-2024-43643Windows USB Video Class System Driver Elevation of Privilege Vulnerability
CVSS 6.8

windows

+15 more

-
CVE-2024-43642Windows SMB Denial of Service Vulnerability
CVSS 7.5

windows

+6 more

-
CVE-2024-43641Windows Registry Elevation of Privilege Vulnerability
CVSS 7.8

windows

+15 more

-
CVE-2024-43640Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
CVSS 7.8

windows

+5 more

-
CVE-2024-43639Windows Kerberos Remote Code Execution Vulnerability
CVSS 9.8

windows

+6 more

-
CVE-2024-43638Windows USB Video Class System Driver Elevation of Privilege Vulnerability
CVSS 6.8

windows

+15 more

-
CVE-2024-43637Windows USB Video Class System Driver Elevation of Privilege Vulnerability
CVSS 6.8

windows

+15 more

-
CVE-2024-43636Win32k Elevation of Privilege Vulnerability
CVSS 7.8

windows

+14 more

-
CVE-2024-43635Windows Telephony Service Remote Code Execution Vulnerability
CVSS 8.8

windows

+15 more

-
CVE-2024-43634Windows USB Video Class System Driver Elevation of Privilege Vulnerability
CVSS 6.8

windows

+15 more

-
CVE-2024-43633Windows Hyper-V Denial of Service Vulnerability
CVSS 6.5

windows

+3 more

-
CVE-2024-43631Windows Secure Kernel Mode Elevation of Privilege Vulnerability
CVSS 6.7

windows

+8 more

-
CVE-2024-43630Windows Kernel Elevation of Privilege Vulnerability
CVSS 7.8

windows

+6 more

-
CVE-2024-43629Windows DWM Core Library Elevation of Privilege Vulnerability
CVSS 7.8

windows

+10 more

-
CVE-2024-43628Windows Telephony Service Remote Code Execution Vulnerability
CVSS 8.8

windows

+15 more

-
CVE-2024-43627Windows Telephony Service Remote Code Execution Vulnerability
CVSS 8.8

windows

+15 more

-
CVE-2024-43626Windows Telephony Service Elevation of Privilege Vulnerability
CVSS 7.8

windows

+15 more

-
CVE-2024-43625Microsoft Windows VMSwitch Elevation of Privilege Vulnerability
CVSS 8.1

windows

+6 more

-
CVE-2024-43624Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability
CVSS 8.8

windows

+10 more

-
CVE-2024-43623Windows NT OS Kernel Elevation of Privilege Vulnerability
CVSS 7.8

windows_10_1507

+15 more

-
CVE-2024-43622Windows Telephony Service Remote Code Execution Vulnerability
CVSS 8.8

windows

+15 more

-
CVE-2024-43621Windows Telephony Service Remote Code Execution Vulnerability
CVSS 8.8

windows

+15 more

-
CVE-2024-43620Windows Telephony Service Remote Code Execution Vulnerability
CVSS 8.8

windows

+15 more

-
CVE-2024-43613Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability
CVSS 7.2

azure

-
CVE-2024-43602Azure CycleCloud Remote Code Execution Vulnerability
CVSS 9.9

azure_cyclecloud

-
CVE-2024-43598LightGBM Remote Code Execution Vulnerability
CVSS 8.1

lightgbm

+1 more

-
CVE-2024-43530Windows Update Stack Elevation of Privilege Vulnerability
CVSS 7.8

windows

+5 more

-
CVE-2024-43499Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 9.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. The NrbfDecoder component in .NET 9 contains a denial of service vulnerability due to incorrect input validation.
CVSS 7.5-
CVE-2024-43498Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 9.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A remote unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to a .NET vulnerable webapp or loading a specially crafted file into a vulnerable application.
CVSS 9.8-
CVE-2024-43462SQL Server Native Client Remote Code Execution Vulnerability
CVSS 8.8

sql_server

+3 more

-
CVE-2024-43459SQL Server Native Client Remote Code Execution Vulnerability
CVSS 8.8

sql_server

+3 more

-
CVE-2024-43452Windows Registry Elevation of Privilege Vulnerability
CVSS 7.5

windows

+11 more

-
CVE-2024-43451NTLM Hash Disclosure Spoofing Vulnerability
CVSS 6.5

windows

+15 more

Nov 12, 2024
CVE-2024-43450Windows DNS Spoofing Vulnerability
CVSS 7.5

windows

+7 more

-
CVE-2024-43449Windows USB Video Class System Driver Elevation of Privilege Vulnerability
CVSS 6.8

windows

+15 more

-
CVE-2024-43447Windows SMBv3 Server Remote Code Execution Vulnerability
CVSS 8.1

windows

+1 more

-
CVE-2024-38264Microsoft Virtual Hard Disk (VHDX) Denial of Service Vulnerability
CVSS 5.9

windows_11_22h2

+4 more

-
CVE-2024-38255SQL Server Native Client Remote Code Execution Vulnerability
CVSS 8.8

sql_server

+3 more

-
CVE-2024-38203Windows Package Library Manager Information Disclosure Vulnerability
CVSS 6.2

windows

+15 more

-