On 12 November 2024, Microsoft released its monthly security update, addressing 89 newly identified vulnerabilities. Among these vulnerabilities, Arctic Wolf has highlighted five that were classified as critical or have been reported as actively exploited in the wild.
Impacted Product #1: Windows
Vulnerabilities Impacting Windows:
| CVE-2024-43451 | CVSS: 6.5 – Medium
MS Severity: Important |
Exploitation Detected |
| NTLM Hash Disclosure Spoofing Vulnerability – This vulnerability exposes a user’s NTLMv2 hash, enabling an attacker to authenticate as the user. Exploitation requires only minimal user interaction, such as single-clicking or right-clicking a malicious file. | ||
| CVE-2024-49039 | CVSS: 8.8 – High
MS Severity: Important |
Exploitation Detected |
| Windows Task Scheduler Elevation of Privilege Vulnerability – An attacker could exploit this vulnerability by running a specially crafted application on the target system to elevate their privileges to a Medium Integrity Level. The attack can be initiated from a low-privilege AppContainer, allowing the attacker to gain access to resources or execute code at a higher integrity level. If successful, the attacker could also execute Remote Procedure Call (RPC) functions typically reserved for privileged accounts. | ||
| CVE-2024-43639 | CVSS: 9.8 – Critical
MS Severity: Critical |
No Exploitation Detected |
| Windows Kerberos Remote Code Execution Vulnerability – An unauthenticated attacker could exploit this vulnerability by using a specially crafted application to exploit the flaw in the Windows Kerberos cryptographic protocol, allowing them to remotely execute code on the target system. | ||
Impacted Product #2: Visual Studio/.NET
Vulnerability Impacting Visual Studio/.NET:
| CVE-2024-43498 | CVSS: 9.8 – Critical
MS Severity: Critical |
No Exploitation Detected |
| .NET and Visual Studio Remote Code Execution Vulnerability – An unauthenticated remote attacker could exploit this vulnerability by sending crafted requests to a vulnerable .NET web application or by loading a maliciously crafted file into a vulnerable desktop application. | ||
Impacted Product #3: Microsoft Exchange Server
Vulnerability Impacting Microsoft Exchange Sharepoint:
| CVE-2024-49040 | CVSS: 7.5 – High
MS Severity: Important |
No Exploitation Detected |
| Microsoft Exchange Server Spoofing Vulnerability – A remote attacker can exploit CVE-2024-49040 in Microsoft Exchange Server to spoof the sender’s email address in messages to local recipients by using non-RFC 5322 compliant P2 FROM headers. Microsoft has addressed this issue in the November 2024 Security Update, enabling Exchange Server to detect and flag emails with potentially malicious headers. Microsoft has stated a proof of concept is available for this vulnerability. | ||
Recommendation
Upgrade to Latest Fixed Version
Arctic Wolf strongly recommends that customers upgrade to the latest fixed version.
| Product | Vulnerability | Article |
| Windows Server 2025 | CVE-2024-43451, CVE-2024-49039, CVE-2024-43639 | 5046617, 5046696 |
| Windows Server 2022, 23H2 Edition | CVE-2024-43451, CVE-2024-49039, CVE-2024-43639 | 5046618 |
| Windows Server 2022 | CVE-2024-43451, CVE-2024-49039, CVE-2024-43639 | 5046616 |
| Windows Server 2019 | CVE-2024-43451, CVE-2024-49039, CVE-2024-43639 | 5046615 |
| Windows Server 2016 | CVE-2024-43451, CVE-2024-49039, CVE-2024-43639 | 5046612 |
| Windows Server 2012 R2 | CVE-2024-43451, CVE-2024-43639 | 5046682, 5046630 |
| Windows Server 2012 | CVE-2024-43451, CVE-2024-43639 | 5046697 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | CVE-2024-43451 | 5046687, 5046705, 5046630 |
| Windows Server 2008 for x64-based and 32-bit Systems Service Pack 2 | CVE-2024-43451 | 5046661, 5046639, 5046630 |
| Windows 11 Version 24H2 for x64-based and ARM64-based Systems | CVE-2024-43451, CVE-2024-49039 | 5046617, 5046696 |
| Windows 11 Version 23H2 for x64-based and ARM64-based Systems | CVE-2024-43451, CVE-2024-49039 | 5046633 |
| Windows 11 Version 22H2 for x64-based and ARM64-based Systems | CVE-2024-43451, CVE-2024-49039 | 5046633 |
| Windows 10 Version 22H2 for x64-based, ARM64-based, and 32-bit Systems | CVE-2024-43451, CVE-2024-49039 | 5046613 |
| Windows 10 Version 21H2 for x64-based, ARM64-based, and 32-bit Systems | CVE-2024-43451, CVE-2024-49039 | 5046613 |
| Windows 10 Version 1809 for x64-based and 32-bit Systems | CVE-2024-43451, CVE-2024-49039 | 5046615 |
| Windows 10 Version 1607 for x64-based and 32-bit Systems | CVE-2024-43451, CVE-2024-49039 | 5046612 |
| Windows 10 for x64-based and 32-bit Systems | CVE-2024-43451, CVE-2024-49039 | 5046665 |
| Microsoft Visual Studio 2022 version 17.8, 17.6, 17.11 and 17.10 | CVE-2024-43498 | Release Notes |
| .NET 9.0 installed on Windows, Mac OS, and Linux | CVE-2024-43498 | Release Notes |
| Microsoft Exchange Server 2016 Cumulative Update 23 | CVE-2024-49090 | 5044062 |
| Microsoft Exchange Server 2019 Cumulative Update 13 and 14 | CVE-2024-49090 | 5044062 |
Please follow your organisation’s patching and testing guidelines to minimise potential operational impact.
References
Microsoft November 2024 Security Update
