{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2024-116.pdf"
    },
    "title": "Microsoft November 2024 Patch Tuesday",
    "serial_number": "2024-116",
    "publish_date": "13-11-2024 16:43:08",
    "description": "Microsoft's November 2024 Patch Tuesday addresses 91 vulnerabilities, including four zero-day vulnerabilities. Two of these zero-days, CVE-2024-43451 (NTLM Hash Disclosure Spoofing) and CVE-2024-49039 (Windows Task Scheduler Elevation of Privilege), have been actively exploited. These vulnerabilities allow attackers to potentially gain unauthorised access or escalate privileges through minimal user interaction or crafted applications.<br>\n",
    "url_title": "2024-116",
    "content_markdown": "---    \ntitle: 'Microsoft November 2024 Patch\u00a0Tuesday'\nnumber: '2024-116'\nversion: '1.0'\noriginal_date: '2024-11-12'\ndate: '2024-11-13'\n---\n\n_History:_\n\n* _13/11/2024 --- v1.0 -- Initial publication_\n\n# Summary\n\nMicrosoft's November 2024 Patch Tuesday addresses 91 vulnerabilities, including four zero-day vulnerabilities. Two of these zero-days, CVE-2024-43451 (NTLM Hash Disclosure Spoofing) and CVE-2024-49039 (Windows Task Scheduler Elevation of Privilege), have been actively exploited. These vulnerabilities allow attackers to potentially gain unauthorised access or escalate privileges through minimal user interaction or crafted applications [1-4].\n\n# Technical Details\n\n- **CVE-2024-43451**: An NTLM Hash Disclosure Spoofing vulnerability allows attackers to capture NTLMv2 hashes through minimal interaction with a malicious file, enabling authentication as the compromised user [3].\n- **CVE-2024-49039**: A Windows Task Scheduler vulnerability allows privilege escalation to Medium Integrity level, enabling attackers to execute RPC functions usually restricted to privileged accounts [2].\n- **CVE-2024-49040**: A spoofing vulnerability in Microsoft Exchange allows manipulation of the `P2 FROM` header, causing spoofed emails to appear legitimate [1].\n- **CVE-2024-49019**: An Active Directory Certificate Services flaw allows domain administrator access by abusing version 1 certificate templates [4].\n\n# Affected Products\n\n- Microsoft Exchange Server (CVE-2024-49040) [1]\n- Microsoft Windows, all versions (CVE-2024-49039 and CVE-2024-43451) [2,3]\n- Active Directory Certificate Services (CVE-2024-49019) [4]\n\n# Recommendations\n\nIt is highly recommended to install the latest patch available to mitigates these vulnerabilities.  \n\n# References\n\n[1] <https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49040>\n\n[2] <https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49039>\n\n[3] <https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43451>\n\n[4] <https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49019>\n",
    "content_html": "<p><em>History:</em></p><ul><li><em>13/11/2024 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>Microsoft's November 2024 Patch Tuesday addresses 91 vulnerabilities, including four zero-day vulnerabilities. Two of these zero-days, CVE-2024-43451 (NTLM Hash Disclosure Spoofing) and CVE-2024-49039 (Windows Task Scheduler Elevation of Privilege), have been actively exploited. These vulnerabilities allow attackers to potentially gain unauthorised access or escalate privileges through minimal user interaction or crafted applications [1-4].</p><h2 id=\"technical-details\">Technical Details</h2><ul><li><strong>CVE-2024-43451</strong>: An NTLM Hash Disclosure Spoofing vulnerability allows attackers to capture NTLMv2 hashes through minimal interaction with a malicious file, enabling authentication as the compromised user [3].</li><li><strong>CVE-2024-49039</strong>: A Windows Task Scheduler vulnerability allows privilege escalation to Medium Integrity level, enabling attackers to execute RPC functions usually restricted to privileged accounts [2].</li><li><strong>CVE-2024-49040</strong>: A spoofing vulnerability in Microsoft Exchange allows manipulation of the <code>P2 FROM</code> header, causing spoofed emails to appear legitimate [1].</li><li><strong>CVE-2024-49019</strong>: An Active Directory Certificate Services flaw allows domain administrator access by abusing version 1 certificate templates [4].</li></ul><h2 id=\"affected-products\">Affected Products</h2><ul><li>Microsoft Exchange Server (CVE-2024-49040) [1]</li><li>Microsoft Windows, all versions (CVE-2024-49039 and CVE-2024-43451) [2,3]</li><li>Active Directory Certificate Services (CVE-2024-49019) [4]</li></ul><h2 id=\"recommendations\">Recommendations</h2><p>It is highly recommended to install the latest patch available to mitigates these vulnerabilities. </p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49040\">https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49040</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49039\">https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49039</a></p><p>[3] <a rel=\"noopener\" target=\"_blank\" href=\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43451\">https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43451</a></p><p>[4] <a rel=\"noopener\" target=\"_blank\" href=\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49019\">https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49019</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}