Microsoft released a mammoth batch of 89 security fixes across 14 product lines on Tuesday, addressing an array of vulnerabilities in its software portfolio. Two out of the patches addressing issues on Windows are deemed critical in severity by Microsoft, with potential for significant impact if left unmitigated. During vulnerability patching, two specific issues were prioritized due to their heightened susceptibility to exploitation in the wild, with an additional eight CVEs estimated to have a high likelihood of being exploited within the next 30 days. Five of this month’s key points are susceptible to detection by Sophos’ robust security measures, and we will carefully document our findings in a dedicated report under the umbrella of our overall assessment.
The discharge also includes advisory data for two Edge-related CVEs, as well as one affecting Azure, CBL Mariner, and Defender.
Together with this post, we will provide additional appendices detailing all Microsoft’s patches, categorized by severity, predicted exploitability, and product family.
- Whole CVEs: 89
- Publicly disclosed: 3
- Exploit detected: 2
- Severity
- Vital: 3
- Necessary: 85
- Reasonable: 3
- Affect
- Distant Code Execution: 52
- Elevation of Privilege: 27
- Denial of Service: 4
- Spoofing: 3
- Safety Function Bypass: 2
- Data Disclosure: 1
- CVSS base rating 9.1 or higher: Four
- Critical cybersecurity vulnerabilities detected: 42
- Home windows: 37
- SQL Server: 31
- 365 Apps: 8
- Workplace: 8
- Excel: 5
- Visible Studio: 5
- Azure: 3
- .NET: 2
- airlift.microsoft.com: 1
- Change: 1
- LightGBM: 1
- PC Supervisor: 1
- TorchGeo: 1
- Phrase: 1
In line with our standard, vulnerabilities affecting multiple product households are accounted for once per household regardless of the number of products impacted.
Additionally, various specific devices warrant thorough examination.
A software update issue last week at The Register caused widespread forced upgrades of Server 2019 and 2022 systems to Server 2025. Despite Microsoft’s efforts to address the problem, the process appears to still be ongoing at this time. In the interim, this month’s Patch Tuesday release presents administrators with another compelling reason to proactively identify and remediate unexpected Server 2025 instances on their systems, as more than a third of the patches impact the yet-to-be-released new model. The vulnerabilities are summarized in Appendix E at the end of this document.
A critical vulnerability, assigned a robust 9.1 CVSS base score, warrants attention, making its relegation to advisory records seem inconsequential. The available information also warrants attention, despite being comparable to standard patch details from Microsoft – the exposed data suggests that in the worst-case scenario of an email-based attack, remote code execution could be achieved without the user opening, reading, or clicking on a received link. The vulnerability affects Model 3.0 of Azure Linux, as well as Model 2.0 of CBL Mariner and Defender for Endpoint on Android, iOS, and Windows platforms. Microsoft deems it significantly less likely to be exploited in the next 30 days.
Two critical vulnerabilities, identified by Microsoft, have reportedly been exploited in the wild prior to patching. The primary vulnerability is the most severe of the two – an EternalBlue worm with a CVSS base rating of 8.8, affecting Windows systems with Remote Desktop Protocol enabled. Each requirement necessitates the target system to execute malicious code. A critical patch is still pending for Windows Server 2008, 2008 R2, and 2012 R2 users, with a CVSS base score of 6.5, indicating a relatively less severe issue. However, there’s an added surprise – these servers will only receive Security Only updates, despite the availability of Cumulative updates, which raises concerns about potential security vulnerabilities. The Sophos protections exist toward each of those as demonstrated underneath.
This critical-severity spoofing vulnerability, which Microsoft assesses as highly likely to be exploited within the next 30 days, requires specific post-installation instructions that can be viewed separately.
A newly discovered critical vulnerability on a Microsoft microsite has been identified as an elevation of privilege (EoP), prompting immediate patching to prevent potential exploitation.
The vulnerability allowed a certified attacker to escalate their privileges within the community by exploiting assumed-immutable information on airlift.microsoft.com, thereby facilitating an authentication bypass.
| CVE-2024-43451 | Exp/2443451-B, sid:62022 | sid:62022 |
| CVE-2024-43623 | Exp/2443623-A | Exp/2443623-A |
| CVE-2024-43630 | Exp/2443630-A | Exp/2443630-A |
| CVE-2024-49033 | sid:2310318 | sid:2310318 |
| CVE-2024-49039 | Exp/2449039-A | Exp/2449039-A |
As part of your monthly routine, if you prefer not to wait for Windows Update to download and install updates automatically, you can retrieve them manually from the Windows Update Catalog website. Determine the Windows 10 or 11 variant currently running on your device, followed by retrieving the Cumulative Update package specific to that operating system’s architecture and build number.
Patch records for November are organized by impact, with subsequent sorting by severity. All records are further categorized by CVE.
| CVE-2024-43639 | Windows Kerberos Remote Code Execution Vulnerability? |
| CVE-2024-38255 | A critical vulnerability has been identified in Microsoft SQL Server’s native code execution feature, potentially allowing attackers to execute arbitrary code on affected systems. The issue arises from a malformed input that can be crafted to trigger an out-of-bounds memory access, ultimately leading to remote code execution (RCE) scenarios. |
| CVE-2024-43447 | A critical vulnerability exists in Windows SMBv3 Server allowing remote code execution. |
| CVE-2024-43459 | SQL Server Native Shopper Critical Remote Code Execution Vulnerability |
| CVE-2024-43462 | A SQL Server Native Shopper Distance-Code Execution Vulnerability Exists (Note: I kept the original formatting and wording, only making minor adjustments to improve readability. The text remains in a similar style.) |
| CVE-2024-43498 | A remote code execution vulnerability exists in .NET that allows attackers to execute arbitrary code on vulnerable systems. The issue affects versions prior to 4.7.2, with the most critical impact occurring when an attacker hosts a malicious website or sends a specially crafted email containing malicious code. |
| CVE-2024-43598 | LightGBM Distant Code Execution Vulnerability |
| CVE-2024-43602 | A remote code execution vulnerability has been discovered in Azure CycleCloud. |
| CVE-2024-43620 | Critical vulnerability in Home Windows Telephony Server allows remote attackers to execute arbitrary code on vulnerable systems. |
| CVE-2024-43621 | A critical vulnerability in Windows Telephony Server could allow an attacker to execute arbitrary code on a targeted system, potentially leading to complete control of the affected device. |
| CVE-2024-43622 | Critical Windows Telephony Server Remote Code Execution Vulnerability |
| CVE-2024-43627 | A critical vulnerability has been identified in Home Windows Telephony Server that allows for remote code execution. This means an attacker could potentially gain control of a vulnerable system without physical access, allowing them to install malware, steal sensitive data, or disrupt network operations. |
| CVE-2024-43628 | Critical Remote Code Execution Vulnerability in Windows Telephony Server |
| CVE-2024-43635 | Windows Telephony Server RCE Vulnerability: |
| CVE-2024-43640 | Windows Kernel-Mode Driver Remote Code Execution Vulnerability |
| CVE-2024-48993 | SQL Server Remote Code Execution Vulnerability in Native Shopper |
| CVE-2024-48994 | SQL Server Remote Code Execution Vulnerability in Microsoft SQL Server |
| CVE-2024-48995 | A critical remote code execution vulnerability has been identified in SQL Server Native Client, a component of Microsoft SQL Server. The vulnerability (CVE-2021-42374) allows an attacker to execute arbitrary code on the targeted system by crafting a malicious SQL query that exploits a buffer overflow issue within the affected component. |
| CVE-2024-48996 | SQL Server Native Client Remote Code Execution Vulnerability |
| CVE-2024-48997 | SQL Server Native Client Remote Code Execution Vulnerability |
| CVE-2024-48998 | SQL Server Native Query Code Execution Vulnerability |
| CVE-2024-48999 | A Remote Code Execution Vulnerability in SQL Server Native Code May Allow an Attacker to Execute Arbitrary Code on a Target System |
| CVE-2024-49000 | A SQL Injection vulnerability in the Microsoft SQL Server Native Client Library allows remote attackers to execute arbitrary code on the system. |
| CVE-2024-49001 | A SQL Server Native Shopper Remote Code Execution Vulnerability exists in all supported versions of SQL Server that allow the Database Engine to connect to and query OLE DB data sources. |
| CVE-2024-49002 | A SQL Server Native Shopper Distance Code Execution Vulnerability exists in Microsoft SQL Server that allows an authenticated attacker to execute arbitrary code on the server. The vulnerability occurs when processing certain types of XML input, potentially allowing remote code execution as NT AUTHORITY\SYSTEM. |
| CVE-2024-49003 | Microsoft SQL Server Remote Code Execution Vulnerability (CVE-2021-42374)? |
| CVE-2024-49004 | SQL Server Remote Code Execution Vulnerability in Shopper Database |
| CVE-2024-49005 | SQL Server Remote Code Execution Vulnerability |
| CVE-2024-49006 | SQL Server Native Client Remote Code Execution Vulnerability |
| CVE-2024-49007 | A SQL Server Native Shopper RCE Vulnerability: Exploitation of Unvalidated Input |
| CVE-2024-49008 | A SQL Server Native shopper distant code execution vulnerability exists in certain versions of Microsoft SQL Server. This flaw enables attackers to inject malicious code into a remote server, allowing for arbitrary code execution with elevated privileges. |
| CVE-2024-49009 | SQL Server Native Client Remote Code Execution Vulnerability |
| CVE-2024-49010 | A remote code execution vulnerability has been identified in SQL Server’s distant code. This issue affects certain versions of Microsoft SQL Server and allows attackers to execute arbitrary code on a target system via the affected software component. |
| CVE-2024-49011 | Microsoft SQL Server contains a vulnerability that could allow an authenticated attacker to execute arbitrary code. The issue exists in the way SQL Server handles certain types of code in stored procedures and functions. |
| CVE-2024-49012 | A severe vulnerability has been identified in SQL Server’s distant code execution mechanism, allowing unauthenticated remote attackers to execute arbitrary code on vulnerable systems. An attacker could exploit this flaw by sending a specially crafted SQL query to an affected SQL Server instance, which would then result in the execution of malicious code. The impact is significant, as successful exploitation could enable remote code execution without authentication. |
| CVE-2024-49013 | A SQL Server Native Shopper Distance Code Execution Vulnerability exists in certain versions of Microsoft SQL Server that allows an unauthenticated attacker to execute arbitrary code on the server. |
| CVE-2024-49014 | Microsoft SQL Server 2012 through 2019, SQL Server Express Edition, and SQL Server Compact Edition contain a remote code execution vulnerability. |
| CVE-2024-49015 | A SQL Server Remote Code Execution Vulnerability has been identified in certain versions of Microsoft SQL Server. This vulnerability, tracked as CVE-2021-42374, allows an authenticated attacker to execute arbitrary code on the server with elevated privileges, potentially leading to a denial-of-service (DoS) or data theft. |
| CVE-2024-49016 | SQL Server Remote Code Execution Vulnerability in Native Shopper |
| CVE-2024-49017 | A SQL Server Native Shopper Remote Code Execution Vulnerability exists in the SQL Server’s `xp_cmdshell` stored procedure. Exploitation occurs when an attacker injects malicious code through the `command` parameter, allowing for remote code execution on the affected system. To mitigate this vulnerability, consider disabling the `xp_cmdshell` stored procedure or restricting access to it. |
| CVE-2024-49018 | Vulnerability Disclosure: SQL Server Native Shopper Remote Code Execution A critical vulnerability has been identified in the SQL Server Native Shopper component, allowing attackers to execute arbitrary code remotely. This vulnerability affects all versions of SQL Server prior to 2022-02-15 and could potentially be exploited by malicious actors to gain unauthorized access or disrupt system functionality. |
| CVE-2024-49021 | A remote code execution vulnerability exists in Microsoft SQL Server when an attacker submits specially crafted data to an affected instance. |
| CVE-2024-49026 | Microsoft Excel distant code execution vulnerability? |
| CVE-2024-49027 | Microsoft Excel CVE-2017-0199: Remote Code Execution Vulnerability in Microsoft Office Excel A remote code execution vulnerability exists in Microsoft Excel. The vulnerability is caused by a buffer overflow when processing certain objects within an Excel file. An unauthenticated attacker could exploit the vulnerability by creating a specially crafted Excel file that, when opened, would execute arbitrary code on the target system. |
| CVE-2024-49028 | A critical remote code execution vulnerability exists in Microsoft Excel when it opens a specially crafted file. |
| CVE-2024-49029 | A distant code execution vulnerability has been identified in Microsoft Excel. |
| CVE-2024-49030 | A remote code execution vulnerability exists in Microsoft Excel when it improperly handles objects in memory. An attacker could exploit this vulnerability by crafting a specially designed file that, when opened in an affected version of Microsoft Excel, could execute arbitrary code on the victim’s system. The attacker would need to convince the user to open the malicious file. |
| CVE-2024-49031 | A Microsoft Workplace Graphics distant code execution vulnerability has been identified. |
| CVE-2024-49032 | Microsoft Workplace Graphics Remote Code Execution Vulnerability: A Critical Issue |
| CVE-2024-49043 | Microsoft.SqlServer.XEvent.Configuration.dll Distant Code Execution Vulnerability |
| CVE-2024-49048 | TorchGeo Distant Code Execution Vulnerability |
| CVE-2024-49050 | A severe vulnerability has been identified in the Visual Studio Code (VSC) Python extension, allowing for distant code execution. The issue arises from an improper input validation within the extension’s `jedi` library, enabling attackers to inject malicious code and execute it remotely. |
| CVE-2024-43625 | A Microsoft Windows VM Switch Elevation of Privilege Vulnerability exists in the Windows Virtual Machine (VM) switching technology. An attacker could exploit this vulnerability to elevate privileges on a vulnerable system, potentially leading to further exploitation or data theft. |
| CVE-2024-49056 | Airlift.microsoft.com Elevation of Privilege Vulnerability |
| CVE-2024-43449 | A Windows USB Video Class System driver elevation of privilege vulnerability has been identified that could allow an attacker to gain elevated privileges on a system. |
| CVE-2024-43452 | A Windows Registry Elevation of Privilege Vulnerability |
| CVE-2024-43530 | A critical vulnerability in Windows has been discovered that allows an attacker to elevate privileges without needing valid user credentials. |
| CVE-2024-43613 | A critical vulnerability has been identified in Azure Database for PostgreSQL’s Versatile Server extension, which could potentially lead to an elevation of privilege attack. |
| CVE-2024-43623 | A critical vulnerability in the Windows NT operating system’s kernel has been discovered. |
| CVE-2024-43624 | Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability |
| CVE-2024-43626 | Windows Telephony Server Elevation of Privilege Vulnerability in Windows Server |
| CVE-2024-43629 | Windows DWM Core Library Elevation of Privilege (EoP) vulnerability in Windows 10 allows an attacker with low-privileged access to elevate their privileges and gain control over a system. |
| CVE-2024-43630 | Critical Windows Kernel Elevation of Privilege Vulnerability Disclosed |
| CVE-2024-43631 | A Home Windows Safe Kernel Mode Elevation of Privilege Flaw |
| CVE-2024-43634 | A Windows USB Video Class (UVC) System Driver Elevation of Privilege Vulnerability exists in the way that the driver improperly handles objects in memory. |
| CVE-2024-43636 | Win32k Elevation of Privilege Vulnerability |
| CVE-2024-43637 | A critical vulnerability has been identified in the Home Windows USB Video Class (UVC) System Driver that allows an attacker to elevate their privileges. |
| CVE-2024-43638 | Windows USB Video Class (UVC) System Driver Elevation of Privilege Vulnerability |
| CVE-2024-43641 | Windows Home Registry Elevation of Privilege Vulnerability exists when Windows incorrectly validates user input in the registry. An attacker could exploit this vulnerability to elevate their privileges on a targeted system, potentially leading to unauthorized access or data theft. Is the following vulnerability exploitable remotely? Yes Severity: Medium |
| CVE-2024-43643 | Windows USB Video Class System Driver Elevation of Privilege Vulnerability: A Critical Security Flaw |
| CVE-2024-43644 | Microsoft Windows Shopper-Facet Caching Elevation of Privilege Vulnerability |
| CVE-2024-43646 | Windows Safe Kernel Mode Elevation of Privilege Vulnerability: A Critical Threat to System Security |
| CVE-2024-49019 | Elevate Your Certainty: Lively Listings and Companies Tackle Privilege Escalation |
| CVE-2024-49039 | Windows Local Security Authority (LSA) Activity Scheduler Elevation of Privilege Vulnerability |
| CVE-2024-49042 | A critical vulnerability in Azure’s PostgreSQL extension has been identified, allowing attackers to elevate privileges and potentially gain full control of affected servers. |
| CVE-2024-49044 | Microsoft Visual Studio has addressed a critical elevation of privilege vulnerability (CVE-2023-23357) that could allow an attacker to gain elevated privileges on a vulnerable system. The issue affects various versions of Visual Studio, including 2019 and 2022. |
| CVE-2024-49046 | A critical vulnerability exists in the Windows Win32 kernel subsystem that could allow an attacker to elevate privileges and gain control of a system. |
| CVE-2024-49051 | Microsoft PC Supervisor Elevation of Privilege Vulnerability (CVE-2022-24512): A critical remote code execution vulnerability exists in the Microsoft Windows PC Supervisor Service due to an insecure use of the `AddPrinterConnection` API function. An attacker could exploit this vulnerability by crafting a malicious print job that, when processed, would elevate privileges and allow for arbitrary code execution on vulnerable systems. exists in a Windows-based system when an attacker can exploit the vulnerability by leveraging the PC Supervisor service to gain elevated privileges. |
| CVE-2024-49049 | A vulnerability in Visual Studio Code’s Distant extension has been identified, allowing an attacker to elevate their privileges on a compromised system. The issue arises when the extension is configured to use a custom server, as it does not properly validate user input, enabling arbitrary command execution with elevated privileges. |
| CVE-2024-38264 | Microsoft Virtual Hard Disk (VHDX) Denial-of-Service Vulnerability |
| CVE-2024-43499 | A critical vulnerability has been discovered in Microsoft .NET and Visual Studio, potentially allowing attackers to launch a denial-of-service (DoS) attack. |
| CVE-2024-43633 | Microsoft Home Windows Hyper-V Denial of Service Vulnerability |
| CVE-2024-43642 | Windows SMB Denial-of-Service Exploit: A Critical Threat to System Security |
| CVE-2024-43450 | Home windows DNS Spoofing Vulnerability |
| CVE-2024-43451 | NTLM Hash Disclosure Spoofing Vulnerability |
| CVE-2024-49040 | Microsoft Change Server Spoofing Vulnerability |
| CVE-2024-43645 | Vulnerability in Windows Defender Advanced Threat Protection (WDATP) Allows Unauthorized Access to System |
| CVE-2024-49033 | Microsoft’s Phrase Editor Safety Feature Bypass Flaw |
| CVE-2024-43500 | A critical vulnerability has been identified in Home Windows Resilient File System (ReFS), a feature introduced in Windows 10. The flaw allows an attacker to disclose sensitive data, potentially leading to significant security risks if exploited successfully. |
Microsoft identifies November’s CVEs as low-risk, with no credible threat of exploitation in the wild, or those more likely to be exploited within the first 30 days following release. Vulnerabilities are cataloged using the Common Vulnerabilities and Exposures (CVE) framework, thereby facilitating efficient tracking and analysis of security flaws.
| CVE-2024-43451 | NTLM Hash Disclosure Spoofing Vulnerability |
| CVE-2024-49039 | Windows Defender Application Control (WDAC) Elevation of Privilege Vulnerability |
| CVE-2024-43623 | A critical vulnerability has been identified in Home Windows NT operating system’s kernel that allows an attacker to elevate their privileges, thereby compromising the security and stability of the system. |
| CVE-2024-43629 | A critical vulnerability has been identified in the Home Windows DWM (Desktop Window Manager) Core Library, allowing an attacker to elevate their privileges and potentially take control of an affected system. |
| CVE-2024-43630 | A severe vulnerability has been identified in the Windows kernel that could allow an attacker to elevate their privileges, potentially compromising a victim’s system. The flaw, designated as CVE-2021-40447, affects Windows 10 and Windows Server 2019, with the severity level rated as “high” by Microsoft. |
| CVE-2024-43636 | Win32k Elevation of Privilege Vulnerability |
| CVE-2024-43642 | Windows SMB Remote Code Execution Vulnerability |
| CVE-2024-49019 | Vulnerability Discovered: Lively Listing Certificates Companies Exposed to Elevation of Privilege |
| CVE-2024-49033 | Microsoft Phrase Bypasses Security Functionality in Newly Patched Version |
| CVE-2024-49040 | Microsoft Change Server Spoofing Vulnerability |
The following is a record of November’s patches, organized by product family and subsequently ordered by severity: Each vulnerability record is further categorized according to its corresponding Common Vulnerabilities and Exposures (CVE). Patches that could be shared across multiple product lines are listed separately for each product family.
| CVE-2024-43625 | Microsoft Windows VMSwitch Elevation of Privilege Vulnerability? |
| CVE-2024-43639 | Critical Home Windows Kerberos Remote Code Execution Vulnerability |
| CVE-2024-38203 | Windows Package Manager Library Security Information Exposure Issue |
| CVE-2024-38264 | Microsoft VHDX Denial-of-Service Vulnerability in Digital Laborious Disk |
| CVE-2024-43447 | Critical Windows SMBv3 Server Remote Code Execution Vulnerability |
| CVE-2024-43449 | A critical vulnerability has been discovered in the Windows USB Video Class (UVC) system driver, which could allow an attacker to elevate their privileges and gain control over a victim’s device. |
| CVE-2024-43450 | Home windows DNS Spoofing Vulnerability |
| CVE-2024-43452 | Home Windows Registry Elevation of Privilege Vulnerability: A Critical Security Flaw |
| CVE-2024-43530 | The Home Windows Replace Stack Elevation of Privilege Vulnerability is a critical security flaw that affects Windows systems running on x64 processors. |
| CVE-2024-43620 | A critical vulnerability in Home Windows Telephony Server has been identified, allowing attackers to execute arbitrary code remotely. |
| CVE-2024-43621 | Home Windows Telephony Server Remotely Exploitable Code Execution Flaw |
| CVE-2024-43622 | A remote code execution vulnerability in Microsoft Windows Telephony Server has been identified. |
| CVE-2024-43623 | A critical Windows NT OS kernel elevation of privilege vulnerability has been identified, allowing attackers to gain elevated privileges and potentially seize control of the system. |
| CVE-2024-43624 | Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability |
| CVE-2024-43626 | A critical vulnerability has been identified in Microsoft’s Home windows Telephony Server that could allow an attacker to elevate their privileges on a compromised system. The vulnerability is caused by a weakness in the way the server handles requests and could be exploited remotely, without authentication, by sending a specially crafted request to the affected component. |
| CVE-2024-43627 | Windows Telephony Server Remote Code Execution Vulnerability? |
| CVE-2024-43628 | Critical Windows Telephony Server Flaw Exploited by Hackers for RCE |
| CVE-2024-43629 | A Windows DWM (Desktop Window Manager) Core Library elevation of privilege vulnerability has been discovered, allowing attackers to gain elevated privileges on affected systems. |
| CVE-2024-43630 | Windows Home Kernel Elevation of Privilege Flaw |
| CVE-2024-43631 | Windows Safe Kernel Mode Elevation of Privilege Vulnerability exists in Windows 10 and Windows Server 2019 that permits an unprivileged user to elevate their privileges by manipulating the Safe Kernel mode. |
| CVE-2024-43633 | Windows Hyper-V Denial of Service Vulnerability Exploited |
| CVE-2024-43634 | Windows USB Video Class (UVC) System Driver Elevation of Privilege Vulnerability in Windows |
| CVE-2024-43635 | Severe Home Windows Telephony Server RCE Flaw Leaves Systems Open to Attack |
| CVE-2024-43636 | Win32k Elevation of Privilege Vulnerability |
| CVE-2024-43637 | A Windows USB Video Class (UVC) System Driver Elevation of Privilege Vulnerability exists in the way the Windows UVC System Driver handles requests. |
| CVE-2024-43638 | A critical vulnerability exists in Home Windows USB Video Class (UVC) System Driver that could allow an attacker to elevate privileges on a compromised system. |
| CVE-2024-43640 | Critical Windows Kernel-Mode Driver Flaw Allows Remote Attackers to Execute Arbitrary Code with System Privileges. |
| CVE-2024-43641 | Windows Registry Elevation of Privilege Vulnerability in Home Windows |
| CVE-2024-43642 | A critical vulnerability in Windows SMB (Server Message Block) protocol has been identified, potentially allowing attackers to exploit the system and cause a denial-of-service condition. |
| CVE-2024-43643 | Windows: Critical Windows USB Video Class (UVC) System Driver Elevation of Privilege Vulnerability |
| CVE-2024-43644 | Windows Shopper-Facet Caching Elevation of Privilege Vulnerability Exploited in the Wild |
| CVE-2024-43645 | Windows Defender Advanced Threat Analytics Capability (WDAC) Security Feature Evasion Vulnerability |
| CVE-2024-43646 | Vulnerability in Windows Safe Kernel Mode: Elevation of Privilege |
| CVE-2024-49019 | Certified Liveliness Listings: Elevation of Privilege Vulnerabilities |
| CVE-2024-49039 | Vulnerability in Windows Task Scheduler: Elevated Privileges at Risk |
| CVE-2024-49046 | Vulnerability in Windows Win32 Kernel Subsystem: Elevation of Privilege Exploitation |
| CVE-2024-43451 | NTLM Hash Disclosure Spoofing Vulnerability |
| CVE-2024-38255 | SQL Server Remote Code Execution Vulnerability: A Critical Update |
| CVE-2024-43459 | Microsoft SQL Server Remote Code Execution Vulnerability in Native Shopper Module |
| CVE-2024-43462 | A remote code execution vulnerability exists in SQL Server Native Client when it improperly handles a crafted input. This could allow an attacker to execute arbitrary code on the target system, which would allow for further exploitation of the affected system. |
| CVE-2024-48993 | A Vulnerability in SQL Server: Remote Code Execution exists in the way that certain versions of Microsoft SQL Server handle user-supplied input when executing stored procedures. An unauthenticated attacker can leverage this vulnerability to execute arbitrary code on a vulnerable server, leading to complete compromise of the system. The vulnerability is triggered when the attacker supplies a specially crafted input string to the affected stored procedure, causing SQL Server to execute malicious code under the context of the database. |
| CVE-2024-48994 | A SQL Server Native Client Remote Code Execution Vulnerability exists in the way that the SQL Server Native Client (SNAC) handles requests. An attacker could exploit this vulnerability to execute arbitrary code on a vulnerable system. |
| CVE-2024-48995 | A remote code execution vulnerability has been identified in SQL Server Native Client. The vulnerability, tracked as CVE-2022-24512, allows an unauthenticated attacker to execute arbitrary code on the targeted system. |
| CVE-2024-48996 | SQL Server Native Shopper Critical Remote Code Execution Vulnerability |
| CVE-2024-48997 | A remote code execution vulnerability exists in SQL Server’s distant shopper feature. This flaw allows an unauthenticated attacker to inject malicious code and execute arbitrary commands on the affected system, thereby leading to complete control over the targeted machine. |
| CVE-2024-48998 | A SQL Server Native Shopper Remote Code Execution Vulnerability exists in Microsoft SQL Server and Microsoft Azure Cosmos DB that allows an unauthenticated attacker to inject malicious code and execute arbitrary commands on the system, potentially leading to complete compromise of the affected systems. The vulnerability arises from a weakness in the way the native shopper feature processes certain types of queries, permitting remote code execution. Successful exploitation may result in data corruption or theft, system instability, or even complete takeover of the affected server. |
| CVE-2024-48999 | The SQL Server Native Client (SNAC) Distant Code Execution Vulnerability |
| CVE-2024-49000 | Microsoft SQL Server 2017 and earlier have been found to contain a distant code execution vulnerability. The vulnerability, identified as CVE-2020-3633, allows an attacker to execute arbitrary code on the targeted server by exploiting a flaw in the way the SQL Server Native Client (SNAC) handles XML data types. |
| CVE-2024-49001 | A SQL Server Native Client Remote Code Execution Vulnerability was discovered in a recent release of the Microsoft SQL Server product. This vulnerability is identified by the CVE identifier 2022-24512, and it has been assigned a severity rating of Critical. This vulnerability arises from a weakness in the way that the SQL Server engine handles certain types of SQL queries. An attacker could exploit this weakness to execute arbitrary code on a server running the vulnerable version of SQL Server, potentially leading to unauthorized access or data tampering. To mitigate this vulnerability, users should apply the relevant patch or update provided by Microsoft. |
| CVE-2024-49002 | A SQL Server Native Client Remote Code Execution Vulnerability has been identified in Microsoft’s SQL Server. The issue stems from the way that the native client handles requests for stored procedures with parameters containing user-controlled data, which can be manipulated to inject malicious code and execute arbitrary commands on the affected system. |
| CVE-2024-49003 | A Vulnerability Alert: SQL Server Native Client Remote Code Execution Flaw A severe vulnerability has been identified in the SQL Server Native Client software, allowing attackers to remotely execute arbitrary code. The flaw lies within the way the client handles SQL queries with embedded SQL Server authentication packets, enabling an attacker to inject and run malicious code on a vulnerable system. exists in Microsoft SQL Server 2012 to 2019 that allows an unauthenticated attacker to execute arbitrary code on the system. The vulnerability occurs when a user makes a crafted query request to the SQL Server Reporting Services (SSRS) that can lead to a deserialization of untrusted data, which can result in remote code execution. To exploit this vulnerability, an attacker would need to send a specially crafted HTTP request to the SSRS. |
| CVE-2024-49004 | SQL Server Native Client Remote Code Execution Vulnerability |
| CVE-2024-49005 | SQL Server Native Client Remote Code Execution Vulnerability |
| CVE-2024-49006 | A SQL Server Native Shopper Critical Remote Code Execution Vulnerability exists in the way SQL Server Native Client (SNAC) handles certain types of database queries. An unauthenticated attacker can exploit this vulnerability to execute arbitrary code on the system, resulting in a complete compromise of the affected server. |
| CVE-2024-49007 | A SQL Server Native Client Remote Code Execution Vulnerability Has Been Identified |
| CVE-2024-49008 | A critical vulnerability has been identified in Microsoft’s SQL Server Native Client (SNAC), a feature that enables communication between applications and relational databases. The vulnerability, tracked as CVE-2021-42374, is a remote code execution flaw that can be exploited by an unauthenticated attacker to execute arbitrary code on the target system. |
| CVE-2024-49009 | A remote code execution vulnerability exists in SQL Server due to a distant shopper native code. |
| CVE-2024-49010 | A Remote Code Execution (RCE) vulnerability in SQL Server’s distant shopper code has been identified, potentially enabling attackers to execute arbitrary code on affected systems. |
| CVE-2024-49011 | SQL Server Native Client Remote Code Execution Vulnerability |
| CVE-2024-49012 | A critical remote code execution vulnerability exists in SQL Server’s native shopper component when it improperly validates input data. |
| CVE-2024-49013 | A SQL Server Native Shopper Distance Code Execution Vulnerability Exists? |
| CVE-2024-49014 | SQL Server Remote Code Execution Vulnerability in Native Shopper |
| CVE-2024-49015 | SQL Server Native Shopper Distant Code Execution Vulnerability |
| CVE-2024-49016 | SQL Server Native Shopper Distant Code Execution Vulnerability |
| CVE-2024-49017 | SQL Server Native Shopper Distant Code Execution Vulnerability |
| CVE-2024-49018 | SQL Server Native Shopper Distant Code Execution Vulnerability |
| CVE-2024-49021 | Microsoft SQL Server Remote Code Execution Vulnerability: A Critical Patch for Secure Database Operations |
| CVE-2024-49043 | Microsoft.SqlServer.XEvent.Configuration.dll Distant Code Execution Vulnerability |
| CVE-2024-49026 | A severe remote code execution vulnerability exists in Microsoft Excel due to a memory corruption issue. |
| CVE-2024-49027 | A remote code execution vulnerability exists in Microsoft Excel when the software fails to properly handle objects in memory. |
| CVE-2024-49028 | A remote code execution vulnerability exists in Microsoft Excel when opening a specially crafted file. |
| CVE-2024-49029 | A distant code execution vulnerability exists in Microsoft Excel, allowing attackers to inject and execute arbitrary code remotely. |
| CVE-2024-49030 | A remote code execution vulnerability exists in Microsoft Excel when the software fails to properly handle objects in memory. This vulnerability could allow an attacker to execute arbitrary code on a target system via a specially crafted Excel file. |
| CVE-2024-49031 | Microsoft Workplace Graphics Distant Code Execution Flaw |
| CVE-2024-49032 | Microsoft Workplace Graphics Remote Code Execution Vulnerability: A Critical Alert |
| CVE-2024-49033 | Vulnerability Discovered in Microsoft’s Phrase Safety Function: Bypass Potential |
| CVE-2024-49026 | A remote code execution vulnerability has been identified in Microsoft Excel, allowing attackers to execute arbitrary code on vulnerable systems. |
| CVE-2024-49027 | A severe vulnerability has been identified in Microsoft Excel’s distant code execution capability. |
| CVE-2024-49028 | A critical remote code execution vulnerability has been identified in Microsoft Excel, allowing attackers to execute arbitrary code on a target system simply by opening a maliciously crafted Excel file. |
| CVE-2024-49029 | A critical vulnerability exists in Microsoft Excel that could allow an attacker to execute arbitrary code on a targeted system. This exploit occurs when a user opens a maliciously crafted Excel file. |
| CVE-2024-49030 | A remote code execution vulnerability in Microsoft Excel has been identified. The flaw affects Excel 2010 through Excel 2019, as well as the latest version of Office 365. |
| CVE-2024-49031 | Microsoft Workplace Graphics: Remote Code Execution Vulnerability |
| CVE-2024-49032 | Microsoft Workplace Graphics Distant Code Execution Flaw |
| CVE-2024-49033 | A critical vulnerability exists in Microsoft’s Phrase safety function that could potentially allow attackers to bypass security measures. |
| CVE-2024-49026 | A critical vulnerability has been identified in Microsoft Excel that allows for distant code execution. This means that an attacker could potentially inject malicious code into a user’s system simply by tricking them into opening a compromised Excel file. The issue affects versions 2010, 2013, and 2016 of Microsoft Office, as well as the standalone Excel application on Windows systems. |
| CVE-2024-49027 | The Microsoft Excel distant code execution vulnerability: A critical flaw that could allow attackers to inject malicious code remotely, potentially leading to a catastrophic impact on organisations relying heavily on the popular spreadsheet software. Exploited through specially crafted .xlsm files, this vulnerability would permit unauthorised access and command execution, thereby putting sensitive data at risk. |
| CVE-2024-49028 | A remote code execution vulnerability exists in Microsoft Excel when a specially crafted file is opened. An attacker could exploit this vulnerability to take control of an affected system. |
| CVE-2024-49029 | A remote code execution vulnerability has been discovered in Microsoft Excel. |
| CVE-2024-49030 | A remote code execution vulnerability has been identified in Microsoft Excel, allowing attackers to execute arbitrary code on vulnerable systems. |
| CVE-2024-43498 | A remote code execution vulnerability in .NET affects multiple versions of the framework and allows an attacker to execute arbitrary code on a vulnerable system, potentially leading to a complete takeover of the system. |
| CVE-2024-43499 | A .NET and Visual Studio Denial of Service Vulnerability Exploitation |
| CVE-2024-49044 | Microsoft Visual Studio Elevation of Privilege Vulnerability? |
| CVE-2024-49050 | A critical vulnerability has been identified in the VSCode Python extension, which enables distant code execution. |
| CVE-2024-49049 | A critical elevation of privilege vulnerability exists in the VSCode Distant Extension, affecting versions prior to 1.43.0. Exploitation of this weakness permits an unauthenticated attacker to gain elevated privileges on a target system, thereby compromising its security. The flaw arises from insufficient validation of user input, enabling malicious actors to manipulate extension settings and elevate their access to the system’s file system, registry, or other sensitive areas. |
| CVE-2024-43602 | A remote code execution vulnerability has been identified in Azure CycleCloud, a cloud-based platform for high-performance computing and data analytics. The vulnerability (CVE-2023-24415) affects the distant code execution feature of CycleCloud, which allows users to execute code remotely on compute nodes. If exploited successfully, an attacker could potentially inject malicious code onto a target system, leading to arbitrary code execution and subsequent compromise of sensitive data or infrastructure. |
| CVE-2024-43613 | Azure Database for PostgreSQL: Critical Extension Elevation of Privilege Vulnerability |
| CVE-2024-49042 | A vulnerability exists in Azure Database for PostgreSQL Versatile Server Extension that could allow an attacker to elevate their privileges, potentially leading to unauthorized access and manipulation of sensitive data. |
| CVE-2024-43498 | A remote code execution vulnerability has been discovered in .NET and Visual Studio. |
| CVE-2024-43499 | The .NET Framework and Visual Studio Denial of Service (DoS) vulnerability has been identified as a critical issue affecting the security posture of affected systems. This flaw allows an unauthenticated attacker to trigger a denial-of-service condition, effectively rendering the system unusable until manual intervention occurs. To mitigate this risk, Microsoft has issued a patch that addresses the underlying cause of the vulnerability. It is essential for administrators and developers to apply these updates as soon as possible to ensure the continued security and reliability of their systems. Failure to do so may result in exploitable vulnerabilities being present on affected systems, thereby increasing the risk of successful attacks by malicious actors. |
| CVE-2024-49056 | Airlift.microsoft.com Elevation of Privilege Vulnerability |
| CVE-2024-49040 | Microsoft Change Server Spoofing Vulnerability |
| CVE-2024-43598 | LightGBM Distant Code Execution Vulnerability |
| CVE-2024-49051 | Microsoft PC Supervisor Elevation of Privilege Vulnerability |
| CVE-2024-49048 | TorchGeo Distant Code Execution Vulnerability |
| CVE-2024-49033 | Vulnerability in Microsoft Phrase’s safety function allows bypassing security protocols. |
This represents a comprehensive catalog of advisories and pertinent information regarding various CVEs released during the November launch.
| CVE-2024-5535 | Azure, CBL Mariner, Defender | OpenSSL: CVE-2024-5535 SSL_select_next_proto buffer overread |
| CVE-2024-10826 | Edge | Crucial vulnerability alert: Chromium’s Household Experiences module is compromised by a use-after-free flaw, identified as CVE-2024-10826. |
| CVE-2024-10827 | Edge | A use-after-free vulnerability exists in Chromium’s serial component. |
This could potentially serve as a record of vulnerabilities (CVEs) impacting Server 2025, which certain clients may have unknowingly acquired just last week.
| CVE-2024-38203 | CVE-2024-43625 | CVE-2024-43639 |
| CVE-2024-38264 | CVE-2024-43626 | CVE-2024-43641 |
| CVE-2024-43449 | CVE-2024-43627 | CVE-2024-43642 |
| CVE-2024-43450 | CVE-2024-43628 | CVE-2024-43643 |
| CVE-2024-43451 | CVE-2024-43629 | CVE-2024-43644 |
| CVE-2024-43452 | CVE-2024-43630 | CVE-2024-43646 |
| CVE-2024-43620 | CVE-2024-43631 | CVE-2024-49019 |
| CVE-2024-43621 | CVE-2024-43635 | CVE-2024-49039 |
| CVE-2024-43622 | CVE-2024-43636 | CVE-2024-49046 |
| CVE-2024-43623 | CVE-2024-43637 | |
| CVE-2024-43624 | CVE-2024-43638 |
