Microsoft recently released its November patch, which addresses a total of 89 vulnerabilities across Windows and its various applications and services.
Among these vulnerabilities, four have been classified as “severe,” while the majority are rated as “high risk.” Notably, Microsoft reported that two vulnerabilities within Windows have already been exploited in the wild, contributing to a total of six zero-day vulnerabilities that were resolved in this update. As of now, 2024 is on track to become the year with the second-highest number of patched vulnerabilities before December.
As part of this update, Microsoft also introduced a new version of the Windows Malicious Software Removal Tool, designed to help users detect and mitigate threats from malware.
Out of the 89 vulnerabilities addressed, 37 are associated with various versions of Windows, including Windows 10, Windows 11, and Windows Server. It is important to note that Windows 7 and Windows 8.1 no longer receive security updates, so users are encouraged to upgrade to Windows 10 (22H2) or Windows 11 (23H2) to ensure continuous security support. Given that support for Windows 10 is set to end next year, users should seriously consider transitioning directly to Windows 11.
Among the critical vulnerabilities identified by Microsoft are CVE-2024-43451, which enables attackers to impersonate users, and CVE-2024-49039, which permits malicious code to escape application containers. Additionally, an RCE (remote code execution) vulnerability in the Kerberos protocol, labeled as CVE-2024-43639, is critical due to the potential for attackers to execute code without user interaction.
Furthermore, another RCE vulnerability, CVE-2024-43498, was found in .NET and Visual Studio, allowing attackers to send specially crafted requests to vulnerable .NET web applications to execute malicious code.
In the realm of Office products, Microsoft patched eight vulnerabilities, including five in Excel and one Security Feature Bypass (SFB) vulnerability in Word that permits bypassing the protected view.
Notably, SQL Server accounted for more than a third of the vulnerabilities patched this month, with 31 RCE of these vulnerabilities categorized as high risk. Although most of the attacks necessitate the vulnerable system to connect to a prepared database, users are advised to stay vigilant and monitor security reports for updates related to OLE drivers and third-party vendor updates.
