Threat intelligence
Microsoft Security Bulletin Coverage for November 2024
Overview
Microsoft’s November 2024 Patch Tuesday has 89 vulnerabilities, of which 51 are Remote Code Execution. SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of November2024 and has produced coverage for 6 of the reported vulnerabilities
Vulnerabilities with Detections
| CVE | CVE Title | Signature |
| CVE-2024-43451 | NTLM Hash Disclosure Spoofing Vulnerability | ASPY 7021 Malformed-url url.MP_1 |
| CVE-2024-43623 | Windows NT OS Kernel Elevation of Privilege Vulnerability | ASPY 7018 Exploit-exe exe.MP_417 |
| CVE-2024-43629 | Windows DWM Core Library Elevation of Privilege Vulnerability | ASPY 7019 Exploit-exe exe.MP_418 |
| CVE-2024-43630 | Windows Kernel Elevation of Privilege Vulnerability | ASPY 7020 Exploit-exe exe.MP_419 |
| CVE-2024-49019 | Active Directory Certificate Services Elevation of Privilege Vulnerability | IPS 4339 Microsoft Active Directory Certificate Services EoP (CVE-2024-49019) |
| CVE-2024-49033 | Microsoft Word Security Feature Bypass Vulnerability | IPS 4338 Microsoft Word Security Feature Bypass (CVE-2024-49033) |
Release Breakdown
The vulnerabilities can be classified into following categories:
For November there are 4 critical, 84 Important and 1 moderate vulnerability.
Microsoft tracks vulnerabilities that are being actively exploited at the time of discovery and those that have been disclosed publicly before the patch Tuesday release for each month. The above chart displays these metrics as seen each month.
Release Detailed Breakdown
Defense in Depth Vulnerabilities| CVE | CVE Title |
| CVE-2024-49049 | Visual Studio Code Remote Extension Elevation of Privilege Vulnerability |
| CVE | CVE Title |
| CVE-2024-38264 | Microsoft Virtual Hard Disk (VHDX) Denial of Service Vulnerability |
| CVE-2024-43499 | .NET and Visual Studio Denial of Service Vulnerability |
| CVE-2024-43633 | Windows Hyper-V Denial of Service Vulnerability |
| CVE-2024-43642 | Windows SMB Denial of Service Vulnerability |
| CVE | CVE Title |
| CVE-2024-43449 | Windows USB Video Class System Driver Elevation of Privilege Vulnerability |
| CVE-2024-43452 | Windows Registry Elevation of Privilege Vulnerability |
| CVE-2024-43530 | Windows Update Stack Elevation of Privilege Vulnerability |
| CVE-2024-43613 | Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability |
| CVE-2024-43623 | Windows NT OS Kernel Elevation of Privilege Vulnerability |
| CVE-2024-43624 | Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability |
| CVE-2024-43625 | Microsoft Windows VMSwitch Elevation of Privilege Vulnerability |
| CVE-2024-43626 | Windows Telephony Service Elevation of Privilege Vulnerability |
| CVE-2024-43629 | Windows DWM Core Library Elevation of Privilege Vulnerability |
| CVE-2024-43630 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2024-43631 | Windows Secure Kernel Mode Elevation of Privilege Vulnerability |
| CVE-2024-43634 | Windows USB Video Class System Driver Elevation of Privilege Vulnerability |
| CVE-2024-43636 | Win32k Elevation of Privilege Vulnerability |
| CVE-2024-43637 | Windows USB Video Class System Driver Elevation of Privilege Vulnerability |
| CVE-2024-43638 | Windows USB Video Class System Driver Elevation of Privilege Vulnerability |
| CVE-2024-43640 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability |
| CVE-2024-43641 | Windows Registry Elevation of Privilege Vulnerability |
| CVE-2024-43643 | Windows USB Video Class System Driver Elevation of Privilege Vulnerability |
| CVE-2024-43644 | Windows Client-Side Caching Elevation of Privilege Vulnerability |
| CVE-2024-43646 | Windows Secure Kernel Mode Elevation of Privilege Vulnerability |
| CVE-2024-49019 | Active Directory Certificate Services Elevation of Privilege Vulnerability |
| CVE-2024-49039 | Windows Task Scheduler Elevation of Privilege Vulnerability |
| CVE-2024-49042 | Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability |
| CVE-2024-49044 | Visual Studio Elevation of Privilege Vulnerability |
| CVE-2024-49046 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability |
| CVE-2024-49051 | Microsoft PC Manager Elevation of Privilege Vulnerability |
| CVE-2024-49056 | Airlift.microsoft.com Elevation of Privilege Vulnerability |
| CVE | CVE Title |
| CVE-2024-38203 | Windows Package Library Manager Information Disclosure Vulnerability |
| CVE | CVE Title |
| CVE-2024-38255 | SQL Server Native Client Remote Code Execution Vulnerability |
| CVE-2024-43447 | Windows SMBv3 Server Remote Code Execution Vulnerability |
| CVE-2024-43459 | SQL Server Native Client Remote Code Execution Vulnerability |
| CVE-2024-43462 | SQL Server Native Client Remote Code Execution Vulnerability |
| CVE-2024-43498 | .NET and Visual Studio Remote Code Execution Vulnerability |
| CVE-2024-43598 | LightGBM Remote Code Execution Vulnerability |
| CVE-2024-43602 | Azure CycleCloud Remote Code Execution Vulnerability |
| CVE-2024-43620 | Windows Telephony Service Remote Code Execution Vulnerability |
| CVE-2024-43621 | Windows Telephony Service Remote Code Execution Vulnerability |
| CVE-2024-43622 | Windows Telephony Service Remote Code Execution Vulnerability |
| CVE-2024-43627 | Windows Telephony Service Remote Code Execution Vulnerability |
| CVE-2024-43628 | Windows Telephony Service Remote Code Execution Vulnerability |
| CVE-2024-43635 | Windows Telephony Service Remote Code Execution Vulnerability |
| CVE-2024-43639 | Windows Kerberos Remote Code Execution Vulnerability |
| CVE-2024-48993 | SQL Server Native Client Remote Code Execution Vulnerability |
| CVE-2024-48994 | SQL Server Native Client Remote Code Execution Vulnerability |
| CVE-2024-48995 | SQL Server Native Client Remote Code Execution Vulnerability |
| CVE-2024-48996 | SQL Server Native Client Remote Code Execution Vulnerability |
| CVE-2024-48997 | SQL Server Native Client Remote Code Execution Vulnerability |
| CVE-2024-48998 | SQL Server Native Client Remote Code Execution Vulnerability |
| CVE-2024-48999 | SQL Server Native Client Remote Code Execution Vulnerability |
| CVE-2024-49000 | SQL Server Native Client Remote Code Execution Vulnerability |
| CVE-2024-49001 | SQL Server Native Client Remote Code Execution Vulnerability |
| CVE-2024-49002 | SQL Server Native Client Remote Code Execution Vulnerability |
| CVE-2024-49003 | SQL Server Native Client Remote Code Execution Vulnerability |
| CVE-2024-49004 | SQL Server Native Client Remote Code Execution Vulnerability |
| CVE-2024-49005 | SQL Server Native Client Remote Code Execution Vulnerability |
| CVE-2024-49006 | SQL Server Native Client Remote Code Execution Vulnerability |
| CVE-2024-49007 | SQL Server Native Client Remote Code Execution Vulnerability |
| CVE-2024-49008 | SQL Server Native Client Remote Code Execution Vulnerability |
| CVE-2024-49009 | SQL Server Native Client Remote Code Execution Vulnerability |
| CVE-2024-49010 | SQL Server Native Client Remote Code Execution Vulnerability |
| CVE-2024-49011 | SQL Server Native Client Remote Code Execution Vulnerability |
| CVE-2024-49012 | SQL Server Native Client Remote Code Execution Vulnerability |
| CVE-2024-49013 | SQL Server Native Client Remote Code Execution Vulnerability |
| CVE-2024-49014 | SQL Server Native Client Remote Code Execution Vulnerability |
| CVE-2024-49015 | SQL Server Native Client Remote Code Execution Vulnerability |
| CVE-2024-49016 | SQL Server Native Client Remote Code Execution Vulnerability |
| CVE-2024-49017 | SQL Server Native Client Remote Code Execution Vulnerability |
| CVE-2024-49018 | SQL Server Native Client Remote Code Execution Vulnerability |
| CVE-2024-49021 | Microsoft SQL Server Remote Code Execution Vulnerability |
| CVE-2024-49026 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2024-49027 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2024-49028 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2024-49029 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2024-49030 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2024-49031 | Microsoft Office Graphics Remote Code Execution Vulnerability |
| CVE-2024-49032 | Microsoft Office Graphics Remote Code Execution Vulnerability |
| CVE-2024-49043 | Microsoft.SqlServer.XEvent.Configuration.dll Remote Code Execution Vulnerability |
| CVE-2024-49048 | TorchGeo Remote Code Execution Vulnerability |
| CVE-2024-49050 | Visual Studio Code Python Extension Remote Code Execution Vulnerability |
| CVE | CVE Title |
| CVE-2024-43645 | Windows Defender Application Control (WDAC) Security Feature Bypass Vulnerability |
| CVE-2024-49033 | Microsoft Word Security Feature Bypass Vulnerability |
| CVE | CVE Title |
| CVE-2024-43450 | Windows DNS Spoofing Vulnerability |
| CVE-2024-43451 | NTLM Hash Disclosure Spoofing Vulnerability |
| CVE-2024-49040 | Microsoft Exchange Server Spoofing Vulnerability |
Share This Article
An Article By
An Article By
Security News
Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.
