- Sneaky Log Phishing Scheme Targets Two-Factor Security
- These are the only earbuds you should be exercising in this year
- Samsung likely won't unveil a Galaxy Ring 2 tomorrow - but you can look forward to this instead
- This surprise Android phone gives the Samsung Galaxy S25 Ultra a run for its money
- How to remove software from a Mac - and why you should do so regularly
Tripwire Patch Priority Index for November 2024
Tripwire’s November 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft and Google Chromium.
First on the list are patches for Microsoft Edge, Excel, and Word that resolve remote code execution and security feature bypass vulnerabilities.
Next are patches that affect components of the core Windows operating system. These patches resolve over 35 vulnerabilities, including elevation of privilege, information disclosure, denial of service, and remote code execution vulnerabilities. These vulnerabilities affect core Windows, Kernel, Win32k, Graphics Component, Secure Kernel Mode, Telephony Service, SMBv3, VMSwitch, DWM core, USB Video Class System Driver, Kerberos, Virtual Hard Disk (VHDX), and others.
After core Windows are patches for Windows Defender Application Control (WDAC) and Microsoft Defender for Endpoint that resolve security feature bypass and information disclosure (or possibly denial of service via system crash) vulnerabilities.
Up next are patches for Visual Studio, Visual Studio Code, and .NET. These patches resolve remote code execution, elevation of privilege, and denial of service vulnerabilities.
Lastly, administrators should focus on server-side patches for Active Directory Certificate Services, Hyper-V, SQL Server, Exchange Server, and DNS Server. These patches resolve denial of service, remote code execution, and elevation of privilege vulnerabilities. Note that there are over 30 patches for SQL Server.
| BULLETIN | CVE |
|---|---|
| Microsoft Edge (Chromium-based) | CVE-2024-10826, CVE-2024-10827 |
| Microsoft Office Excel | CVE-2024-49027, CVE-2024-49026, CVE-2024-49029, CVE-2024-49028, CVE-2024-49030 |
| Microsoft Office Word | CVE-2024-49033 |
| Windows | CVE-2024-49039, CVE-2024-43626, CVE-2024-43635, CVE-2024-43621, CVE-2024-43620, CVE-2024-43622, CVE-2024-43627, CVE-2024-43628, CVE-2024-43447, CVE-2024-43625, CVE-2024-49032, CVE-2024-49031, CVE-2024-49046, CVE-2024-43630, CVE-2024-43636, CVE-2024-43629, CVE-2024-43640, CVE-2024-43631, CVE-2024-43646, CVE-2024-49051, CVE-2024-43452, CVE-2024-43641, CVE-2024-43451, CVE-2024-43598, CVE-2024-43637, CVE-2024-43634, CVE-2024-43638, CVE-2024-43449, CVE-2024-43643, CVE-2024-43639, CVE-2024-43530, CVE-2024-38264, CVE-2024-43623, CVE-2024-38203, CVE-2024-43644, CVE-2024-43642 |
| Windows Defender Application Control (WDAC) and Microsoft Defender for Endpoint | CVE-2024-43645, CVE-2024-5535 |
| .NET, Visual Studio, and Visual Studio Code | CVE-2024-43499, CVE-2024-43498, CVE-2024-49044, VE-2024-49050, CVE-2024-49049 |
| Windows Active Directory Certificate Services | CVE-2024-49019 |
| Windows Hyper-V | CVE-2024-43633, CVE-2024-43624 |
| SQL Server | CVE-2024-49021, CVE-2024-49043, CVE-2024-49010, CVE-2024-49011, CVE-2024-49012, CVE-2024-49013, CVE-2024-49018, CVE-2024-49014, CVE-2024-49015, CVE-2024-49016, CVE-2024-49017, CVE-2024-49009, CVE-2024-49008, CVE-2024-49007, CVE-2024-49006, CVE-2024-49005, CVE-2024-48993, CVE-2024-49004, CVE-2024-49003, CVE-2024-49002, CVE-2024-49001, CVE-2024-48996, CVE-2024-48997, CVE-2024-48994, CVE-2024-48995, CVE-2024-48998, CVE-2024-43462, CVE-2024-48999, CVE-2024-43459, CVE-2024-49000, CVE-2024-38255 |
| Microsoft Exchange Server | CVE-2024-49040 |
| Microsoft Windows DNS | CVE-2024-43450 |
