\n<\/p>\n
Today\u2019s VERT Alert addresses Microsoft\u2019s\u00a0November 2024 Security Updates<\/a>. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1132 as soon as coverage is completed.<\/p>\n \u00a0<\/p>\n CVE-2024-43451<\/a><\/p>\n A vulnerability that allows for NTLMv2 hash disclosure has been both publicly disclosed and actively exploited. According to Microsoft, only minimal interaction is required and a user left or right clicking on a malicious file is enough to trigger this vulnerability. Microsoft has reported this vulnerability as Exploitation Detected<\/strong>.<\/p>\n CVE-2024-49039<\/a><\/p>\n Microsoft is reporting that a privilege escalation exists within Windows Task Scheduler that could allow a low privilege user to elevate their permissions to a Medium Integrity Level. For example, an attacker could escalate their permissions from a low privilege AppContainer to a higher integrity level and execute code. Microsoft has reported this vulnerability as Exploitation Detected<\/strong>.<\/p>\n CVE-2024-49040<\/a><\/p>\n A vulnerability in Microsoft Exchange Server allows non-RFC 5322 compliant P2 FROM headers to pass to the email client, which can allow the sender of an email to be spoofed. After installing the Exchange update, a new disclaimer will be prepended to the message body and a new header will be added. Users can then\u00a0follow guidance from Microsoft<\/a> to take additional steps, such as rejecting the email if the header is detected. Users can also disable this functionality. Microsoft has reported this vulnerability as Exploitation More Likely<\/strong>.<\/p>\n CVE-2024-49019<\/a><\/p>\n A vulnerability in Active Directory Certificate Services could allow an attacker to gain domain administrator privileges. According to Microsoft, you may be vulnerable if your PKI environment has the following:<\/p>\n Microsoft has reported this vulnerability as Exploitation More Likely<\/strong>.<\/p>\n \u00a0<\/p>\n While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis. Vulnerabilities are also colour coded to aid with identifying key issues.<\/p>\n \u00a0<\/p>\n At the time of publication, there was one new advisory included with the November Security Guidance.<\/p>\nIn-The-Wild & Disclosed CVEs<\/strong><\/h2>\n
\n
CVE Breakdown by Tag<\/strong><\/h2>\n
\n
\n\n
\n Tag<\/strong><\/td>\n CVE Count<\/strong><\/td>\n CVEs<\/strong><\/td>\n<\/tr>\n \n Windows Update Stack<\/td>\n 1<\/td>\n CVE-2024-43530<\/td>\n<\/tr>\n \n .NET and Visual Studio<\/td>\n 2<\/td>\n CVE-2024-43499, CVE-2024-43498<\/td>\n<\/tr>\n \n Azure CycleCloud<\/span><\/td>\n 1<\/span><\/td>\n CVE-2024-43602<\/span><\/td>\n<\/tr>\n \n Windows NT OS Kernel<\/td>\n 1<\/td>\n CVE-2024-43623<\/td>\n<\/tr>\n \n Windows VMSwitch<\/td>\n 1<\/td>\n CVE-2024-43625<\/td>\n<\/tr>\n \n Windows Telephony Service<\/td>\n 7<\/td>\n CVE-2024-43626, CVE-2024-43627, CVE-2024-43628, CVE-2024-43620, CVE-2024-43621, CVE-2024-43622, CVE-2024-43635<\/td>\n<\/tr>\n \n Windows Kernel<\/td>\n 1<\/td>\n CVE-2024-43630<\/td>\n<\/tr>\n \n Windows Secure Kernel Mode<\/td>\n 3<\/td>\n CVE-2024-43631, CVE-2024-43646, CVE-2024-43640<\/td>\n<\/tr>\n \n Windows USB Video Driver<\/td>\n 5<\/td>\n CVE-2024-43634, CVE-2024-43637, CVE-2024-43638, CVE-2024-43643, CVE-2024-43449<\/td>\n<\/tr>\n \n Windows CSC Service<\/td>\n 1<\/td>\n CVE-2024-43644<\/td>\n<\/tr>\n \n Windows Defender Application Control (WDAC)<\/td>\n 1<\/td>\n CVE-2024-43645<\/td>\n<\/tr>\n \n Windows SMBv3 Client\/Server<\/td>\n 1<\/td>\n CVE-2024-43447<\/td>\n<\/tr>\n \n Microsoft Windows DNS<\/td>\n 1<\/td>\n CVE-2024-43450<\/td>\n<\/tr>\n \n Windows NTLM<\/td>\n 1<\/td>\n CVE-2024-43451<\/span><\/td>\n<\/tr>\n \n Windows Registry<\/td>\n 2<\/td>\n CVE-2024-43452, CVE-2024-43641<\/td>\n<\/tr>\n \n SQL Server<\/td>\n 31<\/td>\n CVE-2024-38255, CVE-2024-43459, CVE-2024-43462, CVE-2024-48994, CVE-2024-48995, CVE-2024-48996, CVE-2024-49043, CVE-2024-48993, CVE-2024-48997, CVE-2024-48998, CVE-2024-48999, CVE-2024-49000, CVE-2024-49001, CVE-2024-49002, CVE-2024-49003, CVE-2024-49004, CVE-2024-49005, CVE-2024-49007, CVE-2024-49006, CVE-2024-49008, CVE-2024-49009, CVE-2024-49010, CVE-2024-49011, CVE-2024-49012, CVE-2024-49013, CVE-2024-49014, CVE-2024-49015, CVE-2024-49016, CVE-2024-49017, CVE-2024-49018, CVE-2024-49021<\/td>\n<\/tr>\n \n Microsoft Virtual Hard Drive<\/td>\n 1<\/td>\n CVE-2024-38264<\/td>\n<\/tr>\n \n Microsoft Defender for Endpoint<\/td>\n 1<\/td>\n CVE-2024-5535<\/td>\n<\/tr>\n \n Microsoft Exchange Server<\/td>\n 1<\/td>\n CVE-2024-49040<\/span><\/td>\n<\/tr>\n \n Visual Studio<\/td>\n 1<\/td>\n CVE-2024-49044<\/td>\n<\/tr>\n \n Windows Win32 Kernel Subsystem<\/td>\n 1<\/td>\n CVE-2024-49046<\/td>\n<\/tr>\n \n Visual Studio Code<\/td>\n 2<\/td>\n CVE-2024-49049, CVE-2024-49050<\/td>\n<\/tr>\n \n Airlift.microsoft.com<\/span><\/td>\n 1<\/span><\/td>\n CVE-2024-49056<\/span><\/td>\n<\/tr>\n \n LightGBM<\/td>\n 1<\/td>\n CVE-2024-43598<\/td>\n<\/tr>\n \n Role: Windows Hyper-V<\/td>\n 2<\/td>\n CVE-2024-43624, CVE-2024-43633<\/td>\n<\/tr>\n \n Windows DWM Core Library<\/td>\n 2<\/td>\n CVE-2024-43629, CVE-2024-43636<\/td>\n<\/tr>\n \n Windows Kerberos<\/td>\n 1<\/td>\n CVE-2024-43639<\/td>\n<\/tr>\n \n Windows SMB<\/td>\n 1<\/td>\n CVE-2024-43642<\/td>\n<\/tr>\n \n Windows Package Library Manager<\/td>\n 1<\/td>\n CVE-2024-38203<\/td>\n<\/tr>\n \n Role: Windows Active Directory Certificate Services<\/td>\n 1<\/td>\n CVE-2024-49019<\/span><\/td>\n<\/tr>\n \n Microsoft Office Excel<\/td>\n 5<\/td>\n CVE-2024-49026, CVE-2024-49027, CVE-2024-49028, CVE-2024-49029, CVE-2024-49030<\/td>\n<\/tr>\n \n Microsoft Graphics Component<\/td>\n 2<\/td>\n CVE-2024-49031, CVE-2024-49032<\/td>\n<\/tr>\n \n Microsoft Office Word<\/td>\n 1<\/td>\n CVE-2024-49033<\/td>\n<\/tr>\n \n Windows Task Scheduler<\/td>\n 1<\/td>\n CVE-2024-49039<\/span><\/td>\n<\/tr>\n \n TorchGeo<\/td>\n 1<\/td>\n CVE-2024-49048<\/td>\n<\/tr>\n \n Microsoft PC Manager<\/td>\n 1<\/td>\n CVE-2024-49051<\/td>\n<\/tr>\n \n Microsoft Edge (Chromium-based)<\/td>\n 2<\/td>\n CVE-2024-10826, CVE-2024-10827<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n Other Information<\/strong><\/h2>\n