Source URL: https://blog.talosintelligence.com/november-patch-tuesday-release/
Source: Cisco Talos Blog
Title: November Patch Tuesday release contains three critical remote code execution vulnerabilities
Feedly Summary: The Patch Tuesday for November of 2024 includes 91 vulnerabilities, including two that Microsoft marked as “critical.” The remaining 89 vulnerabilities listed are classified as “important.”
AI Summary and Description: Yes
Summary: The text details the vulnerabilities disclosed by Microsoft in their November 2024 Patch Tuesday, highlighting critical and important vulnerabilities, their potential impact, and the associated risk of exploitation. This information is crucial for security professionals who need to prioritize remediation efforts in organizations relying on Microsoft products and services.
Detailed Description:
The Patch Tuesday for November 2024 introduced a total of 89 vulnerabilities, with significant emphasis on four specifically classified as “critical.” Although all vulnerabilities are important to monitor, the critical vulnerabilities involve remote code execution and privilege escalation, posing a notable risk if exploited. The text outlines the nature of each critical vulnerability, their potential for exploitation, and the current assessment from Microsoft regarding the likelihood of attempted attacks.
Key highlights from the vulnerability disclosure include:
– **CVE-2024-43639**: A remote code execution vulnerability in Windows Kerberos; exploitation is deemed “less likely.”
– **CVE-2024-43625**: A privilege escalation vulnerability in a VMSwitch driver of Hyper-V; complexity of attack is high but deemed “less likely” to be exploited.
– **CVE-2024-43602**: In Azure CycleCloud, if manipulated, this vulnerability can allow an attacker with basic privileges to escalate to root privileges.
– **CVE-2024-43498**: Present in .NET and Visual Studio; attackers could exploit this via specifically crafted packets or files, but exploitation is also termed as “less likely.”
Additionally, several vulnerabilities classified as “important” exhibit a higher likelihood of exploitation, including those in Microsoft Word, Windows NT OS Kernel, and Active Directory Certificate Services.
– Notable “important” vulnerabilities with a likelihood of exploitation include:
– **CVE-2024-49033**: Microsoft Word Security Feature Bypass
– **CVE-2024-43623**: Windows NT OS Kernel Elevation of Privilege
– **CVE-2024-43629**: Windows DWM Core Library Elevation of Privilege
– **CVE-2024-43642**: Windows SMB Denial of Service Vulnerability
– **CVE-2024-49039**: Windows Task Scheduler Elevation of Privilege
Furthermore, Cisco’s Talos has released a new Snort rule set designed to detect attempts to exploit some of these vulnerabilities. Security professionals are advised to update their rulesets and stay informed about subsequent updates that may include additional detection capabilities and vulnerabilities.
– **Recommendations for Security Professionals**:
– Prioritize patching critical vulnerabilities in Microsoft products.
– Stay updated with new Snort rules to monitor and detect potential exploit attempts.
– Regularly review and assess any exploitability of the important vulnerabilities to mitigate risks effectively.
This vulnerability disclosure serves as a reminder of the ongoing necessity for vigilance in monitoring systems for emerging threats and ensuring compliance with security best practices.