Skip to content

Patch Tuesday November 2024

Brock Bingham candid headshot
Brock Bingham|November 13, 2024
PatchTuesday lightBlue
PatchTuesday lightBlue

It’s the second Tuesday of November, which means it’s time for another Patch Tuesday recap full of CVE goodness. It also means that Thanksgiving is a couple of short weeks away.

With that in mind, some of the things I’m grateful for at this time of year are stretchy pants, canned cranberry sauce, Stove Top stuffing, and automated patch management — because vulnerabilities ain’t gonna keep me from eating myself into a food coma! Make sure to let me know what you’re grateful for over on our Discord server (and don’t you dare try to say homemade cranberry sauce and stuffing are better).

While you’re considering your gratitude list, let’s dive into the Patch Tuesday details for this month.

  • Total exploits patched: 89

  • Critical patches: 4

  • Already known or exploited: 4

Some highlights (or lowlights)

  • CVE-2024-49039: First up, we have a Windows Task Scheduler elevation of privilege, otherwise known as CVE-2024-49039. Coming in with a CVSS score of 8.8, this vulnerability allows an attacker to elevate their privileges by running a specially crafted application on the target system. Microsoft doesn't provide any details about the specifics of the attack, but this is already being exploited out in the wild, so the bad guys definitely know how it works. The (kind of) good news is that the attack vector is local and requires at least low privilege to initiate the attack.

  • CVE-2024-43639: Moving on to one of our highest-rated vulnerabilities for the month, CVE-2024-43639 is a vulnerability in Kerberos' cryptographic protocol, which allows for remote code execution on the target device. With a network attack vector and low complexity, this wormable CVE is particularly bad. Thankfully, it's all theoretical at this point, and exploitation of this CVE hasn't been detected in the wild ... yet.

  • CVE-2024-43625: For this last highlight, I reached out to PDQ’s senior SOC analyst for a recommendation on what to cover, and she was quick to respond with CVE-2024-43625. I asked her why she recommended covering this one, to which she responded, "I think VM escapes are kinda cool." Spoken like a true security specialist.

    This vulnerability specifically targets the VmSwitch component within Hyper-V, allowing the attacker to gain system privileges. Thankfully, a local attack vector and high complexity mean you probably won't see this CVE exploited any time soon. In fact, if you hurry and patch it, you'll never see it exploited.

Wrapping up

Hopefully, you’ve got all your patching needs automated so you can spend some well-deserved time with family and friends this holiday season. If not, it’s not too late. A really handsome guy put together a video showing how easy it is to build out automations in PDQ Connect!

Live more, patch less 

Automated patch management with PDQ Connect means less time in the office, and more time with family and friends.


Loading...

Brock Bingham candid headshot
Brock Bingham

Born in the '80s and raised by his NES, Brock quickly fell in love with everything tech. With over 15 years of IT experience, Brock now enjoys the life of luxury as a renowned tech blogger and receiver of many Dundie Awards. In his free time, Brock enjoys adventuring with his wife, kids, and dogs, while dreaming of retirement.

Related articles