VERT Threat Alert: November 2024 Patch Tuesday Analysis


Today’s VERT Alert addresses Microsoft’s November 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1132 as soon as coverage is completed.

 

In-The-Wild & Disclosed CVEs

CVE-2024-43451

A vulnerability that allows for NTLMv2 hash disclosure has been both publicly disclosed and actively exploited. According to Microsoft, only minimal interaction is required and a user left or right clicking on a malicious file is enough to trigger this vulnerability. Microsoft has reported this vulnerability as Exploitation Detected.

CVE-2024-49039

Microsoft is reporting that a privilege escalation exists within Windows Task Scheduler that could allow a low privilege user to elevate their permissions to a Medium Integrity Level. For example, an attacker could escalate their permissions from a low privilege AppContainer to a higher integrity level and execute code. Microsoft has reported this vulnerability as Exploitation Detected.

CVE-2024-49040

A vulnerability in Microsoft Exchange Server allows non-RFC 5322 compliant P2 FROM headers to pass to the email client, which can allow the sender of an email to be spoofed. After installing the Exchange update, a new disclaimer will be prepended to the message body and a new header will be added. Users can then follow guidance from Microsoft to take additional steps, such as rejecting the email if the header is detected. Users can also disable this functionality. Microsoft has reported this vulnerability as Exploitation More Likely.

CVE-2024-49019

A vulnerability in Active Directory Certificate Services could allow an attacker to gain domain administrator privileges. According to Microsoft, you may be vulnerable if your PKI environment has the following:

  • A published certificate using the version 1 certificate template.
  • The Source of subject name is set to “Supplied in the request”
  • The Enroll permissions are granted to a broad set of accounts,

Microsoft has reported this vulnerability as Exploitation More Likely.

 

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis. Vulnerabilities are also colour coded to aid with identifying key issues.

  • Traditional Software
  • Mobile Software
  • Cloud or Cloud Adjacent
  • Vulnerabilities that are being exploited or that have been disclosed will be highlighted

 

Tag CVE Count CVEs
Windows Update Stack 1 CVE-2024-43530
.NET and Visual Studio 2 CVE-2024-43499, CVE-2024-43498
Azure CycleCloud 1 CVE-2024-43602
Windows NT OS Kernel 1 CVE-2024-43623
Windows VMSwitch 1 CVE-2024-43625
Windows Telephony Service 7 CVE-2024-43626, CVE-2024-43627, CVE-2024-43628, CVE-2024-43620, CVE-2024-43621, CVE-2024-43622, CVE-2024-43635
Windows Kernel 1 CVE-2024-43630
Windows Secure Kernel Mode 3 CVE-2024-43631, CVE-2024-43646, CVE-2024-43640
Windows USB Video Driver 5 CVE-2024-43634, CVE-2024-43637, CVE-2024-43638, CVE-2024-43643, CVE-2024-43449
Windows CSC Service 1 CVE-2024-43644
Windows Defender Application Control (WDAC) 1 CVE-2024-43645
Windows SMBv3 Client/Server 1 CVE-2024-43447
Microsoft Windows DNS 1 CVE-2024-43450
Windows NTLM 1 CVE-2024-43451
Windows Registry 2 CVE-2024-43452, CVE-2024-43641
SQL Server 31 CVE-2024-38255, CVE-2024-43459, CVE-2024-43462, CVE-2024-48994, CVE-2024-48995, CVE-2024-48996, CVE-2024-49043, CVE-2024-48993, CVE-2024-48997, CVE-2024-48998, CVE-2024-48999, CVE-2024-49000, CVE-2024-49001, CVE-2024-49002, CVE-2024-49003, CVE-2024-49004, CVE-2024-49005, CVE-2024-49007, CVE-2024-49006, CVE-2024-49008, CVE-2024-49009, CVE-2024-49010, CVE-2024-49011, CVE-2024-49012, CVE-2024-49013, CVE-2024-49014, CVE-2024-49015, CVE-2024-49016, CVE-2024-49017, CVE-2024-49018, CVE-2024-49021
Microsoft Virtual Hard Drive 1 CVE-2024-38264
Microsoft Defender for Endpoint 1 CVE-2024-5535
Microsoft Exchange Server 1 CVE-2024-49040
Visual Studio 1 CVE-2024-49044
Windows Win32 Kernel Subsystem 1 CVE-2024-49046
Visual Studio Code 2 CVE-2024-49049, CVE-2024-49050
Airlift.microsoft.com 1 CVE-2024-49056
LightGBM 1 CVE-2024-43598
Role: Windows Hyper-V 2 CVE-2024-43624, CVE-2024-43633
Windows DWM Core Library 2 CVE-2024-43629, CVE-2024-43636
Windows Kerberos 1 CVE-2024-43639
Windows SMB 1 CVE-2024-43642
Windows Package Library Manager 1 CVE-2024-38203
Role: Windows Active Directory Certificate Services 1 CVE-2024-49019
Microsoft Office Excel 5 CVE-2024-49026, CVE-2024-49027, CVE-2024-49028, CVE-2024-49029, CVE-2024-49030
Microsoft Graphics Component 2 CVE-2024-49031, CVE-2024-49032
Microsoft Office Word 1 CVE-2024-49033
Windows Task Scheduler 1 CVE-2024-49039
TorchGeo 1 CVE-2024-49048
Microsoft PC Manager 1 CVE-2024-49051
Microsoft Edge (Chromium-based) 2 CVE-2024-10826, CVE-2024-10827

Other Information

At the time of publication, there was one new advisory included with the November Security Guidance.

Microsoft SharePoint Server Defense in Depth Update [ADV240001]

Microsoft has published an advisory related to Microsoft SharePoint Server that provides a defense in depth update regarding redirections. Microsoft SharePoint Server Subscriber Edition, 2019, and 2016 have updates available for them. 



Source link

Leave a Comment