Hey there, folks! It’s that time of the month again when Microsoft rolls out its latest updates. This November, we saw a total of around 90 security vulnerabilities being addressed across various Microsoft products.
Let’s Talk Zero-Day Vulnerabilities
Microsoft didn’t hold back this Patch Tuesday, tackling multiple serious vulnerabilities head-on. Among them were some particularly nasty ones that were actively being exploited.
One of the most critical vulnerabilities patched was CVE-2024-43498. This remote code execution flaw in .NET and Visual Studio could allow attackers to take control of vulnerable systems. While Microsoft didn’t initially label it as a zero-day, security researchers at ZDI believe otherwise.
Microsoft did, however, confirm two zero-day vulnerabilities:
- CVE-2024-43451 (important; CVSS 6.5): A spoofing vulnerability that could lead to unauthorized access.
- CVE-2024-49039 (important; CVSS 8.8): A privilege escalation flaw in Windows Task Scheduler.
- CVE-2024-49019 (important; CVSS 7.8): A privilege escalation vulnerability in Active Directory Certificate Services.
More Updates From Microsoft
Aside from the zero-day fixes, Microsoft also addressed three critical vulnerabilities this month:
- CVE-2024-49056 (critical; CVSS 7.3): An authentication bypass issue affecting airlift.microsoft.com.
- CVE-2024-43625 (critical; CVSS 8.1): A privilege escalation problem in the VmSwitch component within Hyper-V.
- CVE-2024-43639 (critical; CVSS 9.8): A remote code execution flaw in Windows Kerberos.
This month’s patch rollout covered a total of 89 security issues, with 84 important vulnerabilities and one moderate-risk privilege escalation flaw.
Remember, while Microsoft pushes updates automatically, it’s always a good idea to double-check your systems to ensure you’re fully protected. Stay safe out there!
