Post-Patch Tuesday Roundup: November 2024 | Softcat
Skip to main content

Login to eCAT

Customer Support
Contact Sales
Blog

Post-Patch Tuesday Roundup: November 2024

Welcome to the Softcat Patch Tuesday roundup for November 2024, where we offer insight into the major patches released this month. In this edition, we will focus on the patches by Microsoft, Adobe, Aruba, Cisco, Citrix, Fortinet, Ivanti, Palo Alto, SAP, and Veeam.

Post patch tuesday image 1

Aoibhín Hamill

Cyber Security Sales Engineer

There have been a number of zero-day exploits identified, with some of these known to have been actively exploited in the wild. Additionally, there have been several reports of previously identified and patched vulnerabilities now being actively exploited in the wild.

Microsoft

In their November Patch Tuesday release, Microsoft has addressed 91 vulnerabilities, with 4 of those rated as Critical and 4 being zero-day vulnerabilities. The patches cover a broad array of applications and services, including Windows, Exchange, Visual Studio, Office, SharePoint, Azure, and others. The patches focus on resolving critical and important vulnerabilities that could potentially allow remote code execution, denial of service, and privilege escalation.

This month’s vulnerabilities are particularly centred around privilege escalation and spoofing flaws. Notably, two of the zero-day vulnerabilities have already been exploited in the wild, highlighting the urgency of applying the latest updates.

1. CVE-2024-43451:  This is a Spoofing vulnerability in Microsoft Windows that can allow an attacker to disclose an NTLMv2 hash belonging to the user. Although only having a CVSS score of 6.5 and being rated as "Important," it is known to have been exploited in the wild. For successful exploitation, a user must interact minimally with a malicious file, such as by single-clicking or right-clicking on it, allowing the attacker to capture the NTLMv2 hash for potential unauthorised authentication as the user. Since this is known to have been exploited in the wild, users should look to patch this vulnerability as soon as possible to prevent potential exploitation.

2. CVE-2024-49039: This is an Elevation of Privilege vulnerability in Windows Task Scheduler that can allow an attacker to gain unauthorised access to execute privileged functions. Rated as Important, it has a CVSS score of 8.8 and is known to have been exploited in the wild. To exploit the vulnerability, an attacker would need to run a specially crafted application on the target system, enabling them to elevate privileges from a low-privilege environment, such as an AppContainer, to a medium integrity level and perform actions typically restricted to privileged accounts. Since this is known to have been exploited in the wild, users should look to patch this vulnerability as soon as possible to prevent potential exploitation.

3. CVE-2024-49040: This is a Spoofing vulnerability in Microsoft Exchange Server that can allow an attacker to misrepresent critical UI information to deceive users. It is rated as Important and has a CVSS score of 7.5. To exploit this vulnerability, an attacker could leverage non-RFC-compliant P2 FROM headers in emails, potentially misleading recipients about the sender’s identity. No user interaction or privileges are required, making the exploit relatively straightforward, and it is publicly disclosed with proof-of-concept code available, which increases the likelihood of exploitation.

4. CVE-2024-49019: This is an Elevation of Privilege vulnerability in Microsoft Active Directory Certificate Services that can allow an attacker to gain domain administrator privileges. It is rated as Important and has a CVSS score of 7.8. The attacker would need to exploit weak authentication in the certificate enrolment process, specifically by abusing overly broad enrolment permissions and insecure certificate templates. Since this vulnerability could allow an attacker to escalate their privileges and potentially compromise the system, users should look to patch this vulnerability as soon as possible to prevent potential exploitation.

Adobe

Adobe has released 8 patches this month, addressing 43 vulnerabilities. The applications in question are:

Adobe Bridge  - 2 Important

Adobe Audition – 1 Important

Adobe After Effects – 3 Critical and 3 Important

Adobe Substance 3D Painter – 16 Critical 6 Important   

Adobe Illustrator – 4 Critical and 6 Important

Adobe InDesign – 3 Critical and 3 Important

Adobe Photoshop  - 1 Critical

Adobe Commerce – 1 Critical

Aruba

Aruba has issued a critical security advisory for its Instant AOS-8 and AOS-10 software running on Aruba Access Points (APs). Five vulnerabilities have been addressed, including two critical command injection issues and three high-severity flaws.

Cisco

Cisco has so far released 15 advisories for a large number of vulnerabilities in November, with the impact ratings ranging from Medium to Critical. The Critical vulnerability could allow an unauthenticated, remote attacker to perform command injection attacks with root privileges on the underlying operating system. The following products may be affected:

· Catalyst IW9165D Heavy Duty Access Points

· Catalyst IW9165E Rugged Access Points and Wireless Clients

· Catalyst IW9167E Heavy Duty Access Points

Citrix

Citrix has released three security updates to address five vulnerabilities in November. The products affected are:

· NetScaler ADC and NetScaler Gateway (High)

· XenServer and Citrix Hypervisor (Medium)

· Citrix Session Recording (Medium)

Fortinet

Fortinet has addressed 12 vulnerabilities in November, with only one rated as Critical and one as High.

The Critical vulnerability (CVE-2024-47575) was first published at the end of October, but has recently been updated as it is now known to have been actively exploited in the wild. FortiManager’s fgfmsd daemon could allow remote, unauthenticated attackers to execute arbitrary code via specially crafted requests. Affected versions include FortiManager 6.2 through 7.6.0, with updates available for mitigation. There are also workarounds if it is not possible to upgrade.

Ivanti

Ivanti have released three advisories in their November Security update. This addresses:

· Ivanti Endpoint Manager (Critical)

· Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS) and Ivanti Secure Access Client ISAC (Critical)

· Ivanti Avalanche (High)                

Palo Alto

A Critical vulnerability in Palo Alto Networks Expedition has been flagged as being exploited in the wild. Although this was originally patched in July, it is now incredibly important for those who have not updated their systems to do so.

SAP

SAP has released 8 new security notes and 2 updates to previous security notes. 2 of these CVEs are rated “High” or “Hot News” (Very High). The products affected by the high to very high rated CVEs are:

· SAP Web Dispatcher

· SAP PDCE

Veeam

Veeam has addressed one vulnerability this month, CVE-2024-40715. This vulnerability affects Veeam Backup Enterprise Manager, and may allow attackers to bypass the authentication while performing a Man-in-the-Middle (MITM) attack.

Industrial Control Systems

Any customers utilising industrial control systems (ICS) should be aware of five security advisories regarding:

CISA, FBI, NSA, and other international partners have released a Joint Advisory on 2023 Top Routinely Exploited Vulnerabilities - https://www.cisa.gov/news-events/alerts/2024/11/12/cisa-fbi-nsa-and-international-partners-release-joint-advisory-2023-top-routinely-exploited.

As always, users are recommended to install the latest security updates as soon as possible to protect their systems from potential threats.