Skip to main content
To Customer Support To Customer Support

This release consists of the following 89 Microsoft CVEs:

 

Microsoft security update summary for November 2024

November 12, 2024

Here’s a summary of Microsoft security updates released on this date.

Critical security updates

  • .NET 9.0 installed on Linux
  • .NET 9.0 installed on Mac OS
  • .NET 9.0 installed on Windows
  • Microsoft Visual Studio 2022 version 17.10
  • Microsoft Visual Studio 2022 version 17.11
  • Microsoft Visual Studio 2022 version 17.6
  • Microsoft Visual Studio 2022 version 17.8
  • Windows 11 Version 22H2 for ARM64-based Systems
  • Windows 11 Version 22H2 for x64-based Systems
  • Windows 11 Version 23H2 for ARM64-based Systems
  • Windows 11 Version 23H2 for x64-based Systems
  • Windows 11 Version 24H2 for ARM64-based Systems
  • Windows 11 Version 24H2 for x64-based Systems
  • Windows Server 2012
  • Windows Server 2012 (Server Core installation)
  • Windows Server 2012 R2
  • Windows Server 2012 R2 (Server Core installation)
  • Windows Server 2016
  • Windows Server 2016 (Server Core installation)
  • Windows Server 2019
  • Windows Server 2019 (Server Core installation)
  • Windows Server 2022
  • Windows Server 2022 (Server Core installation)
  • Windows Server 2022, 23H2 Edition (Server Core installation)
  • Windows Server 2025
  • Windows Server 2025 (Server Core installation)

Important security updates

  • Azure CycleCloud 80.0
  • Azure CycleCloud 80.1
  • Azure CycleCloud 80.2
  • Azure CycleCloud 81.0
  • Azure CycleCloud 81.1
  • Azure CycleCloud 82.0
  • Azure CycleCloud 82.1
  • Azure CycleCloud 82.2
  • Azure CycleCloud 83.0
  • Azure CycleCloud 84.0
  • Azure CycleCloud 84.1
  • Azure CycleCloud 84.2
  • Azure CycleCloud 85.0
  • Azure CycleCloud 86.0
  • Azure CycleCloud 86.1
  • Azure CycleCloud 86.2
  • Azure CycleCloud 86.3
  • Azure CycleCloud 86.4
  • LightGBM
  • Microsoft 365 Apps for Enterprise for 32-bit Systems
  • Microsoft 365 Apps for Enterprise for 64-bit Systems
  • Microsoft Defender for Endpoint for Android
  • Microsoft Defender for Endpoint for iOS
  • Microsoft Excel 2016 (32-bit edition)
  • Microsoft Excel 2016 (64-bit edition)
  • Microsoft Excel 2016 Click-to-Run (C2R) for 32-bit editions
  • Microsoft Excel 2016 Click-to-Run (C2R) for 64-bit editions
  • Microsoft Exchange Server 2016 Cumulative Update 23
  • Microsoft Exchange Server 2019 Cumulative Update 13
  • Microsoft Exchange Server 2019 Cumulative Update 14
  • Microsoft Office 2016 (32-bit edition)
  • Microsoft Office 2016 (64-bit edition)
  • Microsoft Office 2019 for 32-bit editions
  • Microsoft Office 2019 for 64-bit editions
  • Microsoft Office LTSC 2021 for 32-bit editions
  • Microsoft Office LTSC 2021 for 64-bit editions
  • Microsoft Office LTSC 2024 for 32-bit editions
  • Microsoft Office LTSC 2024 for 64-bit editions
  • Microsoft Office LTSC for Mac 2021
  • Microsoft Office LTSC for Mac 2024
  • Microsoft Office Online Server
  • Microsoft PC Manager
  • Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR)
  • Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack
  • Microsoft SQL Server 2017 for x64-based Systems (CU 31)
  • Microsoft SQL Server 2017 for x64-based Systems (GDR)
  • Microsoft SQL Server 2019 for x64-based Systems (CU 29)
  • Microsoft SQL Server 2019 for x64-based Systems (GDR)
  • Microsoft SQL Server 2022 for x64-based Systems (CU 15)
  • Microsoft SQL Server 2022 for x64-based Systems (GDR)
  • Microsoft TorchGeo
  • Microsoft Word 2016 (32-bit edition)
  • Microsoft Word 2016 (64-bit edition)
  • Python extension for Visual Studio Code
  • Windows 10 for 32-bit Systems
  • Windows 10 for x64-based Systems
  • Windows 10 Version 1607 for 32-bit Systems
  • Windows 10 Version 1607 for x64-based Systems
  • Windows 10 Version 1809 for 32-bit Systems
  • Windows 10 Version 1809 for x64-based Systems
  • Windows 10 Version 21H2 for 32-bit Systems
  • Windows 10 Version 21H2 for ARM64-based Systems
  • Windows 10 Version 21H2 for x64-based Systems
  • Windows 10 Version 22H2 for 32-bit Systems
  • Windows 10 Version 22H2 for ARM64-based Systems
  • Windows 10 Version 22H2 for x64-based Systems
  • Windows Server 2008 for 32-bit Systems Service Pack 2
  • Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
  • Windows Server 2008 for x64-based Systems Service Pack 2
  • Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

No action required security updates

airlift.microsoft.com

 

https://msrc.microsoft.com/update-guide/releaseNote/2024-Nov

CVEs have been published or revised in the Security Update Guide

November 14, 2024

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2024-43511

  • Title: Windows Kernel Elevation of Privilege Vulnerability
  • Version: 2.0
  • Reason for revision: The following updates have been made: 1) To comprehensively address this vulnerability, Microsoft has released October 2024 security updates for all affected client versions of Windows 10 and Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022. Microsoft recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.2) FAQ added to explain further recommended actions to take after installing the November 2024 security update: This update affects a component of Virtualization-based Security (VBS). The policy mitigations described in [KB5042562: Guidance for blocking rollback of Virtualization-based Security (VBS) related security updates - Microsoft Support](https://support.microsoft.com/en-us/topic/kb5042562-guidance-for-blocking-rollback-of-virtualization-based-security-vbs-related-security-updates-b2e7ebf4-f64d-4884-a390-38d63171b8d3) have been updated to accommodate these changes. If you have previously applied the mitigation policies, we recommend that you consider updating to the latest policies.
  • Originally released: October 8, 2024
  • Last updated: November 12, 2024
  • Aggregate CVE severity rating: Important
  • Customer action required: Yes

CVE-2024-43516

  • Title: Windows Secure Kernel Mode Elevation of Privilege Vulnerability
  • Version: 2.0
  • Reason for revision: The following updates have been made: 1) To comprehensively address this vulnerability, Microsoft has released October 2024 security updates for all affected client versions of Windows 10 and Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022. Microsoft recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.2) FAQ added to explain further recommended actions to take after installing the November 2024 security update: This update affects a component of Virtualization-based Security (VBS). The policy mitigations described in [KB5042562: Guidance for blocking rollback of Virtualization-based Security (VBS) related security updates - Microsoft Support](https://support.microsoft.com/en-us/topic/kb5042562-guidance-for-blocking-rollback-of-virtualization-based-security-vbs-related-security-updates-b2e7ebf4-f64d-4884-a390-38d63171b8d3) have been updated to accommodate these changes. If you have previously applied the mitigation policies, we recommend that you consider updating to the latest policies.
  • Originally released: October 8, 2024
  • Last updated: November 12, 2024
  • Aggregate CVE severity rating: Important
  • Customer action required: Yes

CVE-2024-43528

  • Title: Windows Secure Kernel Mode Elevation of Privilege Vulnerability
  • Version: 2.0
  • Reason for revision: The following updates have been made: 1) To comprehensively address this vulnerability, Microsoft has released October 2024 security updates for all affected client versions of Windows 10 and Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022. Microsoft recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.2) FAQ added to explain further recommended actions to take after installing the November 2024 security update: This update affects a component of Virtualization-based Security (VBS). The policy mitigations described in [KB5042562: Guidance for blocking rollback of Virtualization-based Security (VBS) related security updates - Microsoft Support](https://support.microsoft.com/en-us/topic/kb5042562-guidance-for-blocking-rollback-of-virtualization-based-security-vbs-related-security-updates-b2e7ebf4-f64d-4884-a390-38d63171b8d3) have been updated to accommodate these changes. If you have previously applied the mitigation policies, we recommend that you consider updating to the latest policies.
  • Originally released: October 8, 2024
  • Last updated: November 12, 2024
  • Aggregate CVE severity rating: Important
  • Customer action required: Yes

CVE-2024-43639

  • Title: Windows KDC Proxy Remote Code Execution Vulnerability
  • Version: 1.1
  • Reason for revision: Updated the CVE title to better reflect the affected protocol and added an FAQ to explain that only Windows Servers that are configured with the [[MS-KKDCP]: Kerberos Key Distribution Center (KDC) Proxy Protocol](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-kkdcp/5bcebb8d-b747-4ee5-9453-428aec1c5c38) are affected.
  • Originally released: November 12, 2024
  • Last updated: November 13, 2024
  • Aggregate CVE severity rating: Critical
  • Customer action required: Yes
  

CVEs have been published or revised in the Security Update Guide

November 14, 2024

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2024-49040

Customer action required: Yes

CVEs have been published or revised in the Security Update Guide

November 14, 2024

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2013-3900

  • Title: WinVerifyTrust Signature Validation Vulnerability
  • Version: 2.3
  • Reason for revision: **Corrected** Correcting the published information from the previous revision. EnableCertPaddingCheck is data type REG_DWORD (an integer value) and not data type string: "EnableCertPaddingCheck"=dword:1. The FAQ section has been updated accordingly. This is an informational change only.
  • Originally released: January 21, 2022
  • Last updated: November 12, 2024
  • Aggregate CVE severity rating: Moderate

Customer action required: Yes

CVEs have been published or revised in the Security Update Guide

November 15, 2024

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2024-11110

  • Title: Chromium: CVE-2024-11110 Inappropriate implementation in Blink
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: November 14, 2024
  • Last updated: November 14, 2024
  • Aggregate CVE severity rating:
  • Customer action required: Yes

CVE-2024-11111

  • Title: Chromium: CVE-2024-11111 Inappropriate implementation in Autofill
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: November 14, 2024
  • Last updated: November 14, 2024
  • Aggregate CVE severity rating:
  • Customer action required: Yes

CVE-2024-11112

  • Title: Chromium: CVE-2024-11112 Use after free in Media
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: November 14, 2024
  • Last updated: November 14, 2024
  • Aggregate CVE severity rating:
  • Customer action required: Yes

CVE-2024-11113

  • Title: Chromium: CVE-2024-11113 Use after free in Accessibility
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: November 14, 2024
  • Last updated: November 14, 2024
  • Aggregate CVE severity rating:
  • Customer action required: Yes

CVE-2024-11114

  • Title: Chromium: CVE-2024-11114 Inappropriate implementation in Views
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: November 14, 2024
  • Last updated: November 14, 2024
  • Aggregate CVE severity rating:
  • Customer action required: Yes

CVE-2024-11115

  • Title: Chromium: CVE-2024-11115 Insufficient policy enforcement in Navigation
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: November 14, 2024
  • Last updated: November 14, 2024
  • Aggregate CVE severity rating:
  • Customer action required: Yes

CVE-2024-11116

  • Title: Chromium: CVE-2024-11116 Inappropriate implementation in Paint
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: November 14, 2024
  • Last updated: November 14, 2024
  • Aggregate CVE severity rating:
  • Customer action required: Yes

CVE-2024-11117

  • Title: Chromium: CVE-2024-11117 Inappropriate implementation in FileSystem
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: November 14, 2024
  • Last updated: November 14, 2024
  • Aggregate CVE severity rating:
  • Customer action required: Yes

CVE-2024-49025

  • Title: Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: November 14, 2024
  • Last updated: November 14, 2024
  • Aggregate CVE severity rating: Moderate
  • Customer action required: Yes

CVE-2024-49060

  • Title: Azure Stack HCI Elevation of Privilege Vulnerability
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: November 15, 2024
  • Last updated: November 15, 2024
  • Aggregate CVE severity rating: Important
  • Customer action required: Yes
  

CVEs have been published or revised in the Security Update Guide

November 18, 2024

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2024-43639

  • Title: Windows KDC Proxy Remote Code Execution Vulnerability
  • Version: 1.2
  • Reason for revision: Added FAQs to explain the mitigating circumstances for this vulnerability. KPSSVC is an additional feature Microsoft has been providing since Windows Server 2012. If customers do not have it configured in their environment, then this vulnerability is not exploitable. This is an informational change only.
  • Originally released: November 12, 2024
  • Last updated: November 18, 2024
  • Aggregate CVE severity rating: Critical

Customer action required: Yes

CVEs have been published or revised in the Security Update Guide

November 22, 2024

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2024-11395

  • Title: Chromium: CVE-2024-11395 Type Confusion in V8
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: November 21, 2024
  • Last updated: November 21, 2024
  • Aggregate CVE severity rating:
  • Customer action required: Yes

CVE-2024-49054

  • Title: Microsoft Edge (Chromium-based) Spoofing Vulnerability
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: November 21, 2024
  • Last updated: November 21, 2024
  • Aggregate CVE severity rating: Low
  • Customer action required: Yes
  

CVEs have been published or revised in the Security Update Guide

December 6, 2024

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2024-12053

· Title: Chromium: CVE-2024-12053 Type Confusion in V8

· Version: 1.0

· Reason for revision: Information published.

· Originally released: December 6, 2024

· Last updated: December 6, 2024

· Aggregate CVE severity rating:

· Customer action required: Yes

CVE-2024-49041

· Title: Microsoft Edge (Chromium-based) Spoofing Vulnerability

· Version: 1.0

· Reason for revision: Information published.

· Originally released: December 5, 2024

· Last updated: December 5, 2024

· Aggregate CVE severity rating: Moderate

· Customer action required: Yes

 

 

 

Reply


Terms & Conditions