Patch Tuesday November 2024

***If you are receiving this email, it is because you subscribed to it. If you have not subscribed and want to unsubscribe, click here. Please do not mark as spam instead. We've had some problems lately with email blacklisting. We'd appreciate if you unsubscribe if you don't want mailings from us.***

Welcome to my November Patch Tuesday newsletter. Today Microsoft released updates for 90 CVE's. Since our last Patch Tuesday newsletter last month there are also an additional 35 updates totaling 125 CVE's patched this month. Of these we have 3 that are zero days:

CVE-2024-43451 (public and exploited)
CVE-2024-49019 (public)
CVE-2024-49040 (public)

CVE-2024-43451 and CVE-2024-49040 are both spoofing vulnerabilities. CVE-2024-49040 affects Exchange 2016 and 2019. CVE-2024-43451 affects Windows OS's including the latest Server 2025. CVE-2024-49019 is an elevation of privilege also affecting all flavors of Windows OS's. Microsoft rates these three as only "Important" severity but get these updated as soon as you can.

One thing to keep in mind is that CVE's from previous months are now public as well. We have CVE-2024-38202 from August and also CVE-2024-43583 and CVE-2024-6197 from last month. So please, please, please, if you haven't deployed these updates from the previous months, do so ASAP.

Of this months patches only 8 are critical and 88 important. CVE-2024-43639 and CVE-2024-43498 are the two highest rated critical updates with CVSS scores of 9.8. So you'll want to update these ASAP as well.

Besides these there is not much to talk about this month. It's a fairly light month with the usual being released. I have a webinar next Tuesday that I think you might be interested in. The title is "Identity-First Incident Response: A Look at Using the Identity Attack Path to Stop and Remediate Cyberattacks". Our sponsor will be performing a live identity-based incident response demonstration covering the full identity-first IR lifecycle that includes containment, investigation, attack path disclosure and controlled recovery. It's a webinar you won't want to miss. Register for the live event here.

I recently had a webinar showing how my Supercharger product can help you collect the events you need from your domain controllers to detect malicious activity. Unfortunately, our webinar service provider had a few audio issues. We still managed to do the live event but if you missed it or were there and want to see a recording of it you can register for it here.

Happy patching!

So, without further ado, here’s the chart of MS patches that affect Windows platforms in the past month.

Patch data provided by:
Technology	Products Affected	Severity	Reference	Workaround/ Exploited / Publicly Disclosed	Vulnerability Info
Windows	Windows 10, 11 Server 2008 SP2, 2008 R2 SP1, 2012, 2012 R2, 2016, 2019, 2022, 2025 including Server Core Installations	Critical	CVE-2024-38203 CVE-2024-38264 CVE-2024-43447 CVE-2024-43449 CVE-2024-43450 CVE-2024-43451* CVE-2024-43452 CVE-2024-43530 CVE-2024-43620 CVE-2024-43621 CVE-2024-43622 CVE-2024-43623 CVE-2024-43624 CVE-2024-43625 CVE-2024-43626 CVE-2024-43627 CVE-2024-43628 CVE-2024-43629 CVE-2024-43630 CVE-2024-43631 CVE-2024-43633 CVE-2024-43634 CVE-2024-43635 CVE-2024-43636 CVE-2024-43637 CVE-2024-43638 CVE-2024-43639 CVE-2024-43640 CVE-2024-43641 CVE-2024-43642 CVE-2024-43643 CVE-2024-43644 CVE-2024-43645 CVE-2024-43646 CVE-2024-49019* CVE-2024-49039 CVE-2024-49046	Workaround: No *Exploited: Yes* Public: Yes*	Denial of Service Elevation of Privilege Information Disclosure Remote Code Execution Security Feature Bypass Spoofing
Edge	Chromium-based	Moderate	CVE-2024-10229 CVE-2024-10230 CVE-2024-10231 CVE-2024-10487 CVE-2024-10488 CVE-2024-10826 CVE-2024-10827 CVE-2024-43566 CVE-2024-43577 CVE-2024-43578 CVE-2024-43579 CVE-2024-43580 CVE-2024-43587 CVE-2024-43595 CVE-2024-43596 CVE-2024-49023 CVE-2024-9602 CVE-2024-9603 CVE-2024-9954 CVE-2024-9955 CVE-2024-9956 CVE-2024-9957 CVE-2024-9958 CVE-2024-9959 CVE-2024-9960 CVE-2024-9961 CVE-2024-9962 CVE-2024-9963 CVE-2024-9964 CVE-2024-9965 CVE-2024-9966	Workaround: No Exploited: No Public: No	Remote Code Execution Spoofing
Office	365 Apps for Enterprise Office 2016, 2019 LTSC 2021, 2024 including for Mac Excel/Word 2016 Online Server	Important	CVE-2024-49026 CVE-2024-49027 CVE-2024-49028 CVE-2024-49029 CVE-2024-49030 CVE-2024-49031 CVE-2024-49032 CVE-2024-49033 CVE-2024-43609 CVE-2024-43616	Workaround: No Exploited: No Public: No	Remote Code Execution Security Feature Bypass
SharePoint	Enterprise Server 2016 Server 2019 Server Subscription Edition	None Listed	ADV240001	Workaround: No Exploited: No Public: No	Defense in Depth
SQL Server	2016 SP3 (GDR) 2016 SP3 Azure Connect Feature Pack 2017 CU31 and GDR 2019 CU29 and GDR 2022 CU15 and GDR	Important	CVE-2024-38255 CVE-2024-43459 CVE-2024-43462 CVE-2024-48993 CVE-2024-48994 CVE-2024-48995 CVE-2024-48996 CVE-2024-48997 CVE-2024-48998 CVE-2024-48999 CVE-2024-49000 CVE-2024-49001 CVE-2024-49002 CVE-2024-49003 CVE-2024-49004 CVE-2024-49005 CVE-2024-49006 CVE-2024-49007 CVE-2024-49008 CVE-2024-49009 CVE-2024-49010 CVE-2024-49011 CVE-2024-49012 CVE-2024-49013 CVE-2024-49014 CVE-2024-49015 CVE-2024-49016 CVE-2024-49017 CVE-2024-49018 CVE-2024-49021 CVE-2024-49043	Workaround: No Exploited: No Public: No	Remote Code Execution
Exchange	Server 2016 CU23 Server 2019 CU 13 and CU14	Important	CVE-2024-49040*	Workaround: No Exploited: No Public: Yes*	Spoofing
Azure	airlift.microsoft.com CycleCloud 8.0.0 - 8.6.4 Database for PostgreSQL Flexible Server 12 - 16 Kubernetes Service Node on Azure Linux and Ubuntu Linux Azure Functions	Critical	CVE-2024-38097 CVE-2024-38179 CVE-2024-43480 CVE-2024-43591	Workaround: No Exploited: No Public: No	Elevation of Privilege Information Disclosure Remote Code Execution
Apps	PC Manager	Important	CVE-2024-49051	Workaround: No Exploited: No Public: No	Elevation of Privilege
.NET	9.0 installed on Linux, Windows, Mac OS	Critical	CVE-2024-43498 CVE-2024-43499	Workaround: No Exploited: No Public: No	Denial of Service Remote Code Execution
Visual Studio	2022 17.6-17.11 Python Extension for Visual Studio Code Code Remote - SSH Extension	Critical	CVE-2024-43498 CVE-2024-43499 CVE-2024-49044 CVE-2024-49049 CVE-2024-49050	Workaround: No Exploited: No Public: No	Denial of Service Elevation of Privilege Remote Code Execution
Mariner	Azure Linux 3.0 x64/ARM CBL Mariner 2.0 x64/ARM	Critical	CVE-2024-0132 CVE-2024-5535	Workaround: No Exploited: No Public: No	Remote Code Execution
System Center	Defender for EndPoint for iOS/Android	Important	CVE-2024-5535	Workaround: No Exploited: No Public: No	Remote Code Execution Spoofing
Dynamics	MS Power Platform MS Dataverse	Critical	CVE-2024-38139 CVE-2024-38190	Workaround: No Exploited: No Public: No	Elevation of Privilege Information Disclosure
Open Source Software	MS TorchGeo LightGBM	Important	CVE-2024-43598 CVE-2024-49048	Workaround: No Exploited: No Public: No	Remote Code Execution

Thanks as always for reading and best wishes on security,

Randy Franklin Smith

Click here to unsubscribe

Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2024 Monterey Technology Group, All rights reserved. You may forward this email in its entirety but all other rights reserved.

9450 SW Gemini Drive #53822, Beaverton, OR 97008

Note: We do our best to provide quality information and expert commentary but use all information at your own risk.