OnlyFm252
Patch Tuesday Archive

Patch Tuesday November 2024

Total CVEs

97

Critical

7

Important

87

Exploited

3

Publicly Disclosed

3

All CVEs this month 97

CVE Title Severity CVSS Product Exploited Disclosed
CVE-2024-43498 .NET and Visual Studio Remote Code Execution Vulnerability Critical 9.8 .NET and Visual Studio - -
CVE-2024-43625 Microsoft Windows VMSwitch Elevation of Privilege Vulnerability Critical 8.1 Windows VMSwitch - -
CVE-2024-43639 Windows KDC Proxy Remote Code Execution Vulnerability Critical 9.8 Windows Kerberos - -
CVE-2024-49035 Partner.Microsoft.Com Elevation of Privilege Vulnerability Critical 8.7 Microsoft Partner Center Yes -
CVE-2024-49038 Microsoft Copilot Studio Elevation Of Privilege Vulnerability Critical 9.3 Copilot Studio - -
CVE-2024-49052 Microsoft Azure PolicyWatch Elevation of Privilege Vulnerability Critical 8.2 Microsoft Azure Functions - -
CVE-2024-49056 Airlift.microsoft.com Elevation of Privilege Vulnerability Critical 7.3 Airlift.microsoft.com - -
CVE-2024-38203 Windows Package Library Manager Information Disclosure Vulnerability Important 6.2 Windows Package Library Manager - -
CVE-2024-38255 SQL Server Native Client Remote Code Execution Vulnerability Important 8.8 SQL Server - -
CVE-2024-38264 Microsoft Virtual Hard Disk (VHDX) Denial of Service Vulnerability Important 5.9 Microsoft Virtual Hard Drive - -
CVE-2024-43447 Windows SMBv3 Server Remote Code Execution Vulnerability Important 8.1 Windows SMBv3 Client/Server - -
CVE-2024-43449 Windows USB Video Class System Driver Elevation of Privilege Vulnerability Important 6.8 Windows USB Video Driver - -
CVE-2024-43450 Windows DNS Spoofing Vulnerability Important 7.5 Microsoft Windows DNS - -
CVE-2024-43451 NTLM Hash Disclosure Spoofing Vulnerability Important 6.5 Windows NTLM Yes Yes
CVE-2024-43452 Windows Registry Elevation of Privilege Vulnerability Important 7.5 Windows Registry - -
CVE-2024-43459 SQL Server Native Client Remote Code Execution Vulnerability Important 8.8 SQL Server - -
CVE-2024-43462 SQL Server Native Client Remote Code Execution Vulnerability Important 8.8 SQL Server - -
CVE-2024-43499 .NET and Visual Studio Denial of Service Vulnerability Important 7.5 .NET and Visual Studio - -
CVE-2024-43530 Windows Update Stack Elevation of Privilege Vulnerability Important 7.8 Windows Update Stack - -
CVE-2024-43598 LightGBM Remote Code Execution Vulnerability Important 8.1 LightGBM - -
CVE-2024-43602 Azure CycleCloud Remote Code Execution Vulnerability Important 9.9 Azure CycleCloud - -
CVE-2024-43613 Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability Important 7.2 Azure Database for PostgreSQL - -
CVE-2024-43620 Windows Telephony Service Remote Code Execution Vulnerability Important 8.8 Windows Telephony Service - -
CVE-2024-43621 Windows Telephony Service Remote Code Execution Vulnerability Important 8.8 Windows Telephony Service - -
CVE-2024-43622 Windows Telephony Service Remote Code Execution Vulnerability Important 8.8 Windows Telephony Service - -
CVE-2024-43623 Windows NT OS Kernel Elevation of Privilege Vulnerability Important 7.8 Windows NT OS Kernel - -
CVE-2024-43624 Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability Important 8.8 Role: Windows Hyper-V - -
CVE-2024-43626 Windows Telephony Service Elevation of Privilege Vulnerability Important 7.8 Windows Telephony Service - -
CVE-2024-43627 Windows Telephony Service Remote Code Execution Vulnerability Important 8.8 Windows Telephony Service - -
CVE-2024-43628 Windows Telephony Service Remote Code Execution Vulnerability Important 8.8 Windows Telephony Service - -
CVE-2024-43629 Windows DWM Core Library Elevation of Privilege Vulnerability Important 7.8 Windows DWM Core Library - -
CVE-2024-43630 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 Windows Kernel - -
CVE-2024-43631 Windows Secure Kernel Mode Elevation of Privilege Vulnerability Important 6.7 Windows Secure Kernel Mode - -
CVE-2024-43633 Windows Hyper-V Denial of Service Vulnerability Important 6.5 Role: Windows Hyper-V - -
CVE-2024-43634 Windows USB Video Class System Driver Elevation of Privilege Vulnerability Important 6.8 Windows USB Video Driver - -
CVE-2024-43635 Windows Telephony Service Remote Code Execution Vulnerability Important 8.8 Windows Telephony Service - -
CVE-2024-43636 Win32k Elevation of Privilege Vulnerability Important 7.8 Windows DWM Core Library - -
CVE-2024-43637 Windows USB Video Class System Driver Elevation of Privilege Vulnerability Important 6.8 Windows USB Video Driver - -
CVE-2024-43638 Windows USB Video Class System Driver Elevation of Privilege Vulnerability Important 6.8 Windows USB Video Driver - -
CVE-2024-43640 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Important 7.8 Windows Secure Kernel Mode - -
CVE-2024-43641 Windows Registry Elevation of Privilege Vulnerability Important 7.8 Windows Registry - -
CVE-2024-43642 Windows SMB Denial of Service Vulnerability Important 7.5 Windows SMB - -
CVE-2024-43643 Windows USB Video Class System Driver Elevation of Privilege Vulnerability Important 6.8 Windows USB Video Driver - -
CVE-2024-43644 Windows Client-Side Caching Elevation of Privilege Vulnerability Important 7.8 Windows Client-Side Caching (CSC) Service - -
CVE-2024-43645 Windows Defender Application Control (WDAC) Security Feature Bypass Vulnerability Important 6.7 Windows Defender Application Control (WDAC) - -
CVE-2024-43646 Windows Secure Kernel Mode Elevation of Privilege Vulnerability Important 6.7 Windows Secure Kernel Mode - -
CVE-2024-48993 SQL Server Native Client Remote Code Execution Vulnerability Important 8.8 SQL Server - -
CVE-2024-48994 SQL Server Native Client Remote Code Execution Vulnerability Important 8.8 SQL Server - -
CVE-2024-48995 SQL Server Native Client Remote Code Execution Vulnerability Important 8.8 SQL Server - -
CVE-2024-48996 SQL Server Native Client Remote Code Execution Vulnerability Important 8.8 SQL Server - -
CVE-2024-48997 SQL Server Native Client Remote Code Execution Vulnerability Important 8.8 SQL Server - -
CVE-2024-48998 SQL Server Native Client Remote Code Execution Vulnerability Important 8.8 SQL Server - -
CVE-2024-48999 SQL Server Native Client Remote Code Execution Vulnerability Important 8.8 SQL Server - -
CVE-2024-49000 SQL Server Native Client Remote Code Execution Vulnerability Important 8.8 SQL Server - -
CVE-2024-49001 SQL Server Native Client Remote Code Execution Vulnerability Important 8.8 SQL Server - -
CVE-2024-49002 SQL Server Native Client Remote Code Execution Vulnerability Important 8.8 SQL Server - -
CVE-2024-49003 SQL Server Native Client Remote Code Execution Vulnerability Important 8.8 SQL Server - -
CVE-2024-49004 SQL Server Native Client Remote Code Execution Vulnerability Important 8.8 SQL Server - -
CVE-2024-49005 SQL Server Native Client Remote Code Execution Vulnerability Important 8.8 SQL Server - -
CVE-2024-49006 SQL Server Native Client Remote Code Execution Vulnerability Important 8.8 SQL Server - -
CVE-2024-49007 SQL Server Native Client Remote Code Execution Vulnerability Important 8.8 SQL Server - -
CVE-2024-49008 SQL Server Native Client Remote Code Execution Vulnerability Important 8.8 SQL Server - -
CVE-2024-49009 SQL Server Native Client Remote Code Execution Vulnerability Important 8.8 SQL Server - -
CVE-2024-49010 SQL Server Native Client Remote Code Execution Vulnerability Important 8.8 SQL Server - -
CVE-2024-49011 SQL Server Native Client Remote Code Execution Vulnerability Important 8.8 SQL Server - -
CVE-2024-49012 SQL Server Native Client Remote Code Execution Vulnerability Important 8.8 SQL Server - -
CVE-2024-49013 SQL Server Native Client Remote Code Execution Vulnerability Important 8.8 SQL Server - -
CVE-2024-49014 SQL Server Native Client Remote Code Execution Vulnerability Important 8.8 SQL Server - -
CVE-2024-49015 SQL Server Native Client Remote Code Execution Vulnerability Important 8.8 SQL Server - -
CVE-2024-49016 SQL Server Native Client Remote Code Execution Vulnerability Important 8.8 SQL Server - -
CVE-2024-49017 SQL Server Native Client Remote Code Execution Vulnerability Important 8.8 SQL Server - -
CVE-2024-49018 SQL Server Native Client Remote Code Execution Vulnerability Important 8.8 SQL Server - -
CVE-2024-49019 Active Directory Certificate Services Elevation of Privilege Vulnerability Important 7.8 Role: Windows Active Directory Certificate Services - Yes
CVE-2024-49021 Microsoft SQL Server Remote Code Execution Vulnerability Important 7.8 SQL Server - -
CVE-2024-49026 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 Microsoft Office Excel - -
CVE-2024-49027 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 Microsoft Office Excel - -
CVE-2024-49028 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 Microsoft Office Excel - -
CVE-2024-49029 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 Microsoft Office Excel - -
CVE-2024-49030 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 Microsoft Office Excel - -
CVE-2024-49031 Microsoft Office Graphics Remote Code Execution Vulnerability Important 7.8 Microsoft Graphics Component - -
CVE-2024-49032 Microsoft Office Graphics Remote Code Execution Vulnerability Important 7.8 Microsoft Graphics Component - -
CVE-2024-49033 Microsoft Word Security Feature Bypass Vulnerability Important 7.5 Microsoft Office Word - -
CVE-2024-49039 Windows Task Scheduler Elevation of Privilege Vulnerability Important 8.8 Windows Task Scheduler Yes -
CVE-2024-49040 Microsoft Exchange Server Spoofing Vulnerability Important 7.5 Microsoft Exchange Server - Yes
CVE-2024-49042 Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability Important 7.2 Azure Database for PostgreSQL - -
CVE-2024-49043 Microsoft.SqlServer.XEvent.Configuration.dll Remote Code Execution Vulnerability Important 7.8 SQL Server - -
CVE-2024-49044 Visual Studio Elevation of Privilege Vulnerability Important 6.7 Visual Studio - -
CVE-2024-49046 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability Important 7.8 Windows Win32 Kernel Subsystem - -
CVE-2024-49048 TorchGeo Remote Code Execution Vulnerability Important 8.1 TorchGeo - -
CVE-2024-49050 Visual Studio Code Python Extension Remote Code Execution Vulnerability Important 8.8 Visual Studio Code - -
CVE-2024-49051 Microsoft PC Manager Elevation of Privilege Vulnerability Important 7.8 Microsoft PC Manager - -
CVE-2024-49053 Microsoft Dynamics 365 Sales Spoofing Vulnerability Important 7.6 Microsoft Dynamics 365 Sales - -
CVE-2024-49054 Microsoft Edge (Chromium-based) Spoofing Vulnerability Important 4.3 Microsoft Edge (Chromium-based) - -
CVE-2024-49060 Azure Stack HCI Elevation of Privilege Vulnerability Important 8.8 Azure Stack - -
CVE-2024-49025 Microsoft Edge (Chromium-based) Information Disclosure Vulnerability Moderate 5.4 Microsoft Edge (Chromium-based) - -
CVE-2024-49049 Visual Studio Code Remote Extension Elevation of Privilege Vulnerability Moderate 7.1 Visual Studio Code - -
ADV240001 Microsoft SharePoint Server Defense in Depth Update None - Microsoft Office SharePoint - -

    Threat Categories 7

    Threat Category CVEs Critical
    Remote Code Execution 51 2
    Elevation of Privilege 32 5
    Spoofing 5 -
    Denial of Service 4 -
    Information Disclosure 2 -
    Security Feature Bypass 2 -
    Defense in Depth 1 -

    Affected Products 43

    Product CVEs Exploited
    SQL Server 31 -
    Windows Telephony Service 7 -
    Windows USB Video Driver 5 -
    Microsoft Office Excel 5 -
    Windows Secure Kernel Mode 3 -
    .NET and Visual Studio 2 -
    Windows Registry 2 -
    Azure Database for PostgreSQL 2 -
    Role: Windows Hyper-V 2 -
    Windows DWM Core Library 2 -
    Microsoft Graphics Component 2 -
    Visual Studio Code 2 -
    Microsoft Edge (Chromium-based) 2 -
    Windows VMSwitch 1 -
    Windows Kerberos 1 -
    Microsoft Partner Center 1 1
    Copilot Studio 1 -
    Microsoft Azure Functions 1 -
    Airlift.microsoft.com 1 -
    Windows Package Library Manager 1 -
    Microsoft Virtual Hard Drive 1 -
    Windows SMBv3 Client/Server 1 -
    Microsoft Windows DNS 1 -
    Windows NTLM 1 1
    Windows Update Stack 1 -
    LightGBM 1 -
    Azure CycleCloud 1 -
    Windows NT OS Kernel 1 -
    Windows Kernel 1 -
    Windows SMB 1 -
    Windows Client-Side Caching (CSC) Service 1 -
    Windows Defender Application Control (WDAC) 1 -
    Role: Windows Active Directory Certificate Services 1 -
    Microsoft Office Word 1 -
    Windows Task Scheduler 1 1
    Microsoft Exchange Server 1 -
    Visual Studio 1 -
    Windows Win32 Kernel Subsystem 1 -
    TorchGeo 1 -
    Microsoft PC Manager 1 -
    Microsoft Dynamics 365 Sales 1 -
    Azure Stack 1 -
    Microsoft Office SharePoint 1 -