Microsoft November 2024 Patch Tuesday- Critical Updates and Key Vulnerabilities
Introduction
Microsoft’s November 2024 Patch Tuesday addresses 87 vulnerabilities across its software suite, including critical zero-day vulnerabilities actively exploited in the wild. This update includes important security fixes for Windows components, Microsoft Exchange, Windows Task Scheduler, and NTLM protocols, which are vital for enhancing security resilience across enterprise and individual systems.
Key Highlights of November Patch Tuesday
This month’s release targets a range of vulnerabilities, focusing on remote code execution (RCE), privilege escalation, information disclosure, and spoofing. Key fixes include-
- Total Vulnerabilities– 87
- Zero-Day Vulnerabilities– Two, both actively exploited.
High-Risk Areas– Critical flaws in Windows Task Scheduler, NTLM protocol, and Microsoft Exchange Server.
Zero-Day Vulnerabilities in Focus
Microsoft’s November release includes two zero-day vulnerabilities, which have been observed in active exploitation.
- CVE-2024-43451– NTLM Hash Disclosure Vulnerability
This vulnerability in the NTLM (NT LAN Manager) protocol could expose sensitive NTLMv2 hash information. With minimal user interaction, such as right-clicking a malicious file, attackers could potentially capture NTLM hashes for unauthorized access. NTLM vulnerabilities are particularly concerning due to their use in authentication within Windows networks, making this fix critical for corporate environments. - CVE-2024-49039– Windows Task Scheduler Privilege Escalation Vulnerability
Affecting Windows Task Scheduler, this flaw allows attackers to execute remote procedure calls (RPC) reserved for privileged accounts, enabling unauthorized access or actions within the system. Due to the essential role of Task Scheduler in system operations, this vulnerability could serve as a launchpad for broader attacks.
Additional Noteworthy Vulnerabilities
Apart from the zero-days, several other vulnerabilities are crucial for system security-
- CVE-2024-49040– Microsoft Exchange Server Spoofing
A spoofing vulnerability in Microsoft Exchange allows attackers to impersonate sender email addresses. This can facilitate phishing or social engineering attacks by making emails appear legitimate, posing risks for organizations relying on Exchange for communication. - CVE-2024-49041– MSHTML Platform Spoofing
This vulnerability in Windows’ MSHTML platform allows attackers to deceive users, potentially leading them to interact with malicious content. Given MSHTML’s use in rendering HTML content within applications, patching this vulnerability is essential to prevent exploitation through phishing and other deception-based attacks.
Vulnerability Categories
Microsoft’s latest release breaks down vulnerabilities into various categories, reflecting the types of security risks that organizations need to mitigate-
- Remote Code Execution– 52 vulnerabilities
- Elevation of Privilege– 26 vulnerabilities
- Spoofing– 3 vulnerabilities
- Denial of Service– 4 vulnerabilities
- Information Disclosure– 1 vulnerability
- Security Feature Bypass– 2 vulnerabilities
The focus on remote code execution (RCE) and privilege escalation demonstrates the priority Microsoft places on preventing unauthorized control over systems and ensuring secure access permissions.
Update Specifics for Windows Versions
This Patch Tuesday includes updates for both Windows 10 and Windows 11-
- Windows 11– Cumulative updates KB5046617 and KB5046633 address security vulnerabilities and improve functionality, such as fixing Alt-Tab issues and Task Manager display errors.
- Windows 10– Update KB5046613 brings similar security enhancements to Windows 10 versions 21H2 and 22H2, focusing on both patching and improving system stability.
Recommendations for System Administrators and Users
- Immediate Patch Deployment– Given the presence of actively exploited vulnerabilities, it is crucial for system administrators to prioritize these updates, especially within environments where NTLM and Task Scheduler are integral.
- Network Segmentation and Access Control– Limiting access to critical network areas where privileged tasks are performed can help mitigate risks associated with privilege escalation vulnerabilities.
- Phishing Awareness Training– With spoofing vulnerabilities addressed in Exchange and MSHTML, user education remains essential. Regular phishing awareness training can help users identify malicious emails, reducing the risk of exploitation.