Microsoft and Adobe Patch Tuesday, November 2024 Security Update Review

Microsoft has released its November 2024 Patch Tuesday updates, targeting various vulnerabilities that could impact users and organizations worldwide. From zero-day threats to key product patches, here's what's crucial to apply this month. Here's a breakdown of the updates and how they impact your security posture.

Microsoft Patch Tuesday for November 2024

Microsoft Patch's Tuesday, November 2024 edition addressed 92 vulnerabilities, including four critical and 83 important severity vulnerabilities. This month's updates also included one Defense in Depth update for Microsoft SharePoint Server.

In this month's updates, Microsoft has addressed four zero-day vulnerabilities known to be exploited in the wild.

Microsoft has addressed three vulnerabilities in Microsoft Edge (Chromium-based) in this month's updates.

Microsoft Patch Tuesday, November edition includes updates for vulnerabilities in .NET and Visual Studio, Azure Active Directory, Windows Hyper-V, SQL Server, Windows Kerberos, Windows Kernel, Windows NT OS Kernel, and more.

Microsoft has fixed several flaws in multiple software, including Spoofing, Denial of Service (DoS), Elevation of Privilege (EoP), Information Disclosure, Security Feature Bypass, and Remote Code Execution (RCE).

The November 2024 Microsoft vulnerabilities are classified as follows:

Adobe Patches for November 2024

Adobe has released eight security advisories to address 48 vulnerabilities in Adobe Bridge, Adobe Audition, Adobe After Effects, Substance 3D Painter, Adobe Illustrator, Adobe InDesign, Adobe Photoshop, and Adobe Commerce. 28 vulnerabilities are given critical severity ratings. Successful exploitation of these vulnerabilities may lead to arbitrary code execution.

Zero-day Vulnerabilities Patched in November Patch Tuesday Edition

An NTLM hash is a cryptographic format that stores user passwords on Windows systems. It's a key part of the authentication process for users and computers on domains, home networks, and workgroup networks.

Upon successful exploitation, an attacker may disclose a user's NTLMv2 hash to the attacker, who could use this to authenticate as the user.

Microsoft Exchange Server is a mail and calendaring server that runs exclusively on Windows. Exchange Server includes calendaring software, email, and a place to manage contacts.

Microsoft has not provided any information about the vulnerability.

Active Directory Certificate Services (AD CS) is a Windows server role that manages and issues public key infrastructure (PKI) certificates. These certificates authenticate users, devices, and computers on a network and encrypt and digitally sign messages and documents.

An attacker may gain domain administrator privileges on successful exploitation.

Task Scheduler is a built-in Windows utility that allows users to automate the execution of programs, scripts, and various tasks at specific intervals or specific events. It simplifies the process of running repetitive tasks, managing background processes, and scheduling maintenance activities on a computer.

An authenticated attacker may exploit the vulnerability to run a specially crafted application on the target system. Upon successful exploitation, an attacker may execute RPC functions restricted to privileged accounts only.

Critical Severity Vulnerabilities Patched in November Patch Tuesday Edition

A Microsoft Windows VMSwitch, or virtual switch, is a software program that allows virtual machines (VMs) to communicate with each other and physical networks. VMSwitches are available in Hyper-V Manager when the Hyper-V server role is installed.

Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and prepare the target environment. Upon successful exploitation, an attacker may gain SYSTEM privileges.

Windows Kerberos is a protocol that verifies user and host identities on a network. Kerberos uses a Key Distribution Center (KDC) and symmetric key cryptography to authenticate users. It assumes that transactions between clients and servers occur on an open network, where packets can be monitored and modified.

An unauthenticated attacker could use a specially crafted application to exploit a cryptographic protocol vulnerability in Windows Kerberos to perform remote code execution against the target.

The authentication bypass vulnerability by assumed-immutable data on airlift.microsoft.com may allow an authorized attacker to elevate privileges over a network.

A remote unauthenticated attacker may exploit this vulnerability by sending specially crafted requests to a vulnerable .NET webapp or loading a specially crafted file into a vulnerable desktop app.

Other Microsoft Vulnerability Highlights

• CVE-2024-43623 is an elevation of privilege vulnerability in Windows NT OS Kernel. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
• CVE-2024-43630 is an elevation of privilege vulnerability in Windows Kernel. Upon successful exploitation, an attacker may gain SYSTEM privileges.
• CVE-2024-43629 is an elevation of privilege vulnerability in Windows DWM Core Library. An attacker may exploit the vulnerability to gain SYSTEM privileges.
• CVE-2024-43636 is an elevation of privilege vulnerability in Win32k. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges.
• CVE-2024-43642 is a denial-of-service vulnerability in Windows SMB. An attacker may exploit the vulnerability to create a denial-of-service (DoS) attack.
• CVE-2024-49033 is a security feature bypass vulnerability in Microsoft Word. Successful exploitation of the vulnerability may allow an attacker to bypass specific functionality of the Office Protected View.

Microsoft Release Summary

This month's release notes cover multiple Microsoft product families and products/versions affected, including, but not limited to, Windows Package Library Manager, SQL Server, Microsoft Virtual Hard Drive, Windows SMBv3 Client/Server, Windows USB Video Driver, Microsoft Windows DNS, Windows NTLM, Windows Registry, .NET and Visual Studio, Windows Update Stack, LightGBM, Azure CycleCloud, Azure Database for PostgreSQL, Windows Telephony Service, Windows NT OS Kernel, Windows Hyper-V, Windows VMSwitch, Windows DWM Core Library, Windows Kernel, Windows Secure Kernel Mode, Windows Kerberos, Windows SMB, Windows CSC Service, Windows Defender Application Control (WDAC), Windows Active Directory Certificate Services, Microsoft Office Excel, Microsoft Graphics Component, Microsoft Office Word, Windows Task Scheduler, Microsoft Exchange Server, Visual Studio, Windows Win32 Kernel Subsystem, TorchGeo, Visual Studio Code, Microsoft PC Manager, Airlift.microsoft.com, Microsoft Edge (Chromium-based), and Microsoft Defender for Endpoint.

The next Patch Tuesday falls on December 10, and we'll be back with details and patch analysis. Until next Patch Tuesday, stay safe and secure. Be sure to subscribe to "This Month in Vulnerabilities and Patch's webinar.'

Qualys Monthly Webinar Series

The Qualys Research team hosts a monthly webinar series to help our existing customers leverage the seamless integration between Qualys Vulnerability Management Detection Response (VMDR) and Qualys Patch Management. Combining these two solutions can reduce the median time to remediate critical vulnerabilities.

During the webcast, we will discuss this month's high-impact vulnerabilities, including those that are a part of this month's Patch Tuesday alert. We will walk you through the necessary steps to address the key vulnerabilities using Qualys VMDR and Qualys Patch Management.

Join the webinar

This Month in Vulnerabilities & Patches

Related

Public link

Please use the above public link if you want to share this noodl on another website.