Microsoft’s Patch Tuesday for November 2024 addresses over 90 vulnerabilities across the company’s software products, including two actively exploited zero-day flaws.
One of the zero-days, CVE-2024-43451, is a spoofing vulnerability that targets the NTLM (NT LAN Manager) authentication protocol. This flaw enables attackers to extract NTLM hashes from remote users with only minimal interaction.
The second actively exploited vulnerability, CVE-2024-49039, is an elevation of privilege flaw within Windows Task Scheduler. Attackers exploiting this vulnerability can elevate their privileges from a low-level AppContainer environment to Medium Integrity, gaining unauthorized access to resources and RPC (Remote Procedure Call) functions normally restricted to higher privilege accounts.
Alongside the actively exploited flaws, Microsoft has also addressed two publicly disclosed vulnerabilities that had not yet been exploited in attacks but could pose significant risks if left unpatched.
CVE-2024-49040: Microsoft Exchange Server Spoofing Vulnerability affects Microsoft Exchange Server, allowing threat actors to spoof sender email addresses in emails sent to local recipients.
CVE-2024-49019: Active Directory Certificate Services Elevation of Privilege Vulnerability. The vulnerability allows attackers to gain domain administrator privileges by leveraging built-in default version 1 certificate templates. Successful exploitation would give attackers unrestricted access to domain resources, potentially compromising sensitive data and internal systems.
Additionally, the Windows maker patched a slew of high-risk flaws impacting Microsoft Windows Kerberos, Microsoft Office Graphics, Microsoft .NET and Visual Studio, and other components.