Webinar Library
Welcome to my November Patch Tuesday newsletter. Today Microsoft released updates for 90 CVE's. Since our last Patch Tuesday newsletter last month there are also an additional 35 updates totaling 125 CVE's patched this month. Of these we have 3 that are zero days:
CVE-2024-43451 and CVE-2024-49040 are both spoofing vulnerabilities. CVE-2024-49040 affects Exchange 2016 and 2019. CVE-2024-43451 affects Windows OS's including the latest Server 2025. CVE-2024-49019 is an elevation of privilege also affecting all flavors of Windows OS's. Microsoft rates these three as only "Important" severity but get these updated as soon as you can. One thing to keep in mind is that CVE's from previous months are now public as well. We have CVE-2024-38202 from August and also CVE-2024-43583 and CVE-2024-6197 from last month. So please, please, please, if you haven't deployed these updates from the previous months, do so ASAP. Of this months patches only 8 are critical and 88 important. CVE-2024-43639 and CVE-2024-43498 are the two highest rated critical updates with CVSS scores of 9.8. So you'll want to update these ASAP as well.
Patch data provided by:
Technology
Products Affected
Severity
Reference
Workaround/ Exploited / Publicly Disclosed
Vulnerability Info
Windows
Windows 10, 11
Server 2008 SP2, 2008 R2 SP1, 2012, 2012 R2, 2016, 2019, 2022, 2025 including Server Core Installations
Critical
CVE-2024-38203 CVE-2024-38264 CVE-2024-43447 CVE-2024-43449 CVE-2024-43450 CVE-2024-43451* CVE-2024-43452 CVE-2024-43530 CVE-2024-43620 CVE-2024-43621 CVE-2024-43622 CVE-2024-43623 CVE-2024-43624 CVE-2024-43625 CVE-2024-43626 CVE-2024-43627 CVE-2024-43628 CVE-2024-43629 CVE-2024-43630 CVE-2024-43631 CVE-2024-43633 CVE-2024-43634 CVE-2024-43635 CVE-2024-43636 CVE-2024-43637 CVE-2024-43638 CVE-2024-43639 CVE-2024-43640 CVE-2024-43641 CVE-2024-43642 CVE-2024-43643 CVE-2024-43644 CVE-2024-43645 CVE-2024-43646 CVE-2024-49019* CVE-2024-49039 CVE-2024-49046
Denial of Service
Elevation of Privilege
Information Disclosure
Remote Code Execution Security Feature Bypass Spoofing
Edge
Chromium-based
Moderate
CVE-2024-10229 CVE-2024-10230 CVE-2024-10231 CVE-2024-10487 CVE-2024-10488 CVE-2024-10826 CVE-2024-10827 CVE-2024-43566 CVE-2024-43577 CVE-2024-43578 CVE-2024-43579 CVE-2024-43580 CVE-2024-43587 CVE-2024-43595 CVE-2024-43596 CVE-2024-49023 CVE-2024-9602 CVE-2024-9603 CVE-2024-9954 CVE-2024-9955 CVE-2024-9956 CVE-2024-9957 CVE-2024-9958 CVE-2024-9959 CVE-2024-9960 CVE-2024-9961 CVE-2024-9962 CVE-2024-9963 CVE-2024-9964 CVE-2024-9965 CVE-2024-9966
Workaround: No Exploited: No Public: No
Remote Code Execution Spoofing
Office
365 Apps for Enterprise Office 2016, 2019 LTSC 2021, 2024 including for Mac Excel/Word 2016 Online Server
Important
CVE-2024-49026 CVE-2024-49027 CVE-2024-49028 CVE-2024-49029 CVE-2024-49030 CVE-2024-49031 CVE-2024-49032 CVE-2024-49033 CVE-2024-43609 CVE-2024-43616
Remote Code Execution Security Feature Bypass
SharePoint
Enterprise Server 2016 Server 2019 Server Subscription Edition
None Listed
ADV240001
Defense in Depth
SQL Server
2016 SP3 (GDR) 2016 SP3 Azure Connect Feature Pack 2017 CU31 and GDR 2019 CU29 and GDR 2022 CU15 and GDR
CVE-2024-38255 CVE-2024-43459 CVE-2024-43462 CVE-2024-48993 CVE-2024-48994 CVE-2024-48995 CVE-2024-48996 CVE-2024-48997 CVE-2024-48998 CVE-2024-48999 CVE-2024-49000 CVE-2024-49001 CVE-2024-49002 CVE-2024-49003 CVE-2024-49004 CVE-2024-49005 CVE-2024-49006 CVE-2024-49007 CVE-2024-49008 CVE-2024-49009 CVE-2024-49010 CVE-2024-49011 CVE-2024-49012 CVE-2024-49013 CVE-2024-49014 CVE-2024-49015 CVE-2024-49016 CVE-2024-49017 CVE-2024-49018 CVE-2024-49021 CVE-2024-49043
Exchange
Server 2016 CU23 Server 2019 CU 13 and CU14
CVE-2024-49040*
Workaround: No Exploited: No Public: Yes*
Azure
airlift.microsoft.com CycleCloud 8.0.0 - 8.6.4 Database for PostgreSQL Flexible Server 12 - 16 Kubernetes Service Node on Azure Linux and Ubuntu Linux Azure Functions
CVE-2024-38097 CVE-2024-38179 CVE-2024-43480 CVE-2024-43591
Elevation of Privilege Information Disclosure Remote Code Execution
Apps
PC Manager
CVE-2024-49051
.NET
9.0 installed on Linux, Windows, Mac OS
CVE-2024-43498 CVE-2024-43499
Denial of Service Remote Code Execution
Visual Studio
2022 17.6-17.11 Python Extension for Visual Studio Code Code Remote - SSH Extension
CVE-2024-43498 CVE-2024-43499 CVE-2024-49044 CVE-2024-49049 CVE-2024-49050
Denial of Service Elevation of Privilege Remote Code Execution
Mariner
Azure Linux 3.0 x64/ARM CBL Mariner 2.0 x64/ARM
CVE-2024-0132 CVE-2024-5535
System Center
Defender for EndPoint for iOS/Android
CVE-2024-5535
Dynamics
MS Power Platform MS Dataverse
CVE-2024-38139 CVE-2024-38190
Elevation of Privilege Information Disclosure
Open Source Software
MS TorchGeo LightGBM
CVE-2024-43598 CVE-2024-49048
Remote Code Execution