Microsoft’s November Patch Tuesday: Addressing 88 Bugs including 2 Weaponised Threats
Welcome to the November 2024 Microsoft Patch Tuesday Update
This month, Microsoft has delivered a large release of updates, fixing 88 vulnerabilities. Notably, several of these vulnerabilities have been weaponized AND public aware, with some carrying a critical CVSS score of 9.8. The update includes 3 critical patches, 84 important fixes, and the remaining as moderate and low, covering products such as Windows, Windows Components, Hyper-V, Azure, Office, Visual Studio, Exchange, SQL Server and .NET.
Robert Brown, Head of Customer Success at Syxsense, underscores the need for strategic prioritization in vulnerability management. He draws attention to the presence of threats that could potentially serve as Jump Points, urging organizations to maintain heightened vigilance. With a combined CVSS score of 705.1 and an average score of 8.1, the critical nature of these vulnerabilities demands focused and careful remediation efforts.
Based on Vendor Severity and CVSS Scores, we recommend integrating the provided CVE numbers into your Patch Management solution. Once thorough testing is complete, deployment should proceed without delay.
See below for more details on this month’s patches, or join us on Wednesday, November 13 for our Patch Tuesday webinar.
1. CVE-2024-49039: Windows Task Scheduler Elevation of Privilege Vulnerability
This vulnerability in Windows Task Scheduler allows attackers to escalate privileges from a low-privileged AppContainer environment. A successful exploit can grant attackers elevated access, enabling them to execute code or access higher-integrity resources.
Severity: Important
CVSS Score: 8.8
Weaponized: Yes
Publicly Aware: No
Impact: Elevation of Privilege
Exploitability: Exploitation Detected
Syxscore Risk:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Changed
Recommendation: Due to the detection of active exploitation in the wild, organizations should patch this vulnerability immediately, particularly those using Windows Task Scheduler and AppContainer-based isolation. Neglecting this update may result in attackers gaining unauthorized access with elevated privileges.
2. CVE-2024-43451: NTLM Hash Disclosure Spoofing Vulnerability
This spoofing vulnerability exposes a user’s NTLMv2 hash, enabling attackers to authenticate as the user. Despite the deprecation of Internet Explorer 11 and Microsoft Edge Legacy, MSHTML and EdgeHTML platforms remain widely used in legacy applications, increasing the attack surface.
Severity: Important
CVSS Score: 6.5
Weaponized: Yes
Publicly Aware: Yes
Impact: Spoofing
Exploitability: Exploitation Detected
Syxscore Risk:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Recommendation: Systems using MSHTML and EdgeHTML components should prioritize this update to mitigate the risk of credential theft, which can facilitate lateral movement across the network. Given the exploit has already been detected in the wild, prompt action is essential.
3. CVE-2024-49019: Active Directory Certificate Services Elevation of Privilege Vulnerability
Affecting Active Directory Certificate Services, this vulnerability could enable attackers to escalate their privileges within enterprise environments. Given Active Directory’s integral role in managing identity and access, exploitation could lead to significant unauthorized access.
Severity: Important
CVSS Score: 7.8
Weaponized: No
Publicly Aware: Yes
Impact: Elevation of Privilege
Exploitability: Exploitation More Likely
Syxscore Risk:
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
Recommendation: Apply this update as a high priority. The potential for targeted attacks exploiting this vulnerability could severely impact Active Directory environments, leading to unauthorized access to critical systems.
4. CVE-2024-49040: Microsoft Exchange Server Spoofing Vulnerability
This vulnerability in Microsoft Exchange Server could be exploited to spoof emails or manipulate communication channels, posing a significant risk to organizations reliant on email communication for business operations.
Severity: Important
CVSS Score: 7.5
Weaponized: No
Public Disclosure: Yes
Impact: Spoofing
Exploitability: Exploitation More Likely
Syxscore Risk:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: Required
- Scope: Unchanged
Recommendation: Given the potential for phishing and email spoofing attacks, this update should be applied promptly. Ensuring that Exchange Server environments are protected is critical to maintaining secure and reliable communication channels.
5. CVE-2024-43498: .NET and Visual Studio Remote Code Execution Vulnerability
This critical vulnerability affects .NET and Visual Studio, allowing remote, unauthenticated attackers to execute arbitrary code by sending specially crafted requests or loading malicious files. The high CVSS score highlights the potential impact of this flaw.
Severity: Critical
CVSS Score: 9.8
Weaponized: No
Public Disclosure: No
Impact: Remote Code Execution
Exploitability: Exploitation Less Likely
Syxscore Risk:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Recommendation: Despite a lower likelihood of exploitation, the high severity and potential for remote code execution make this patch a priority. Organizations using .NET-based applications, especially those exposed to the internet, should apply this update to prevent exploitation.
|
Reference |
Description |
Severity |
CVSS Score |
Weaponised |
Publicly Aware |
Countermeasure |
Additional Details |
Impact |
Exploitability Assessment |
|
CVE-2024-49039 |
Windows Task Scheduler Elevation of Privilege Vulnerability |
Important |
8.8 |
Yes |
No |
No |
Scope = Changed, Jump Point = True |
Elevation of Privilege |
Exploitation Detected |
|
CVE-2024-43451 |
NTLM Hash Disclosure Spoofing Vulnerability |
Important |
6.5 |
Yes |
Yes |
No |
This vulnerability discloses a user’s NTLMv2 hash to the attacker who could use this to authenticate as the user. |
Spoofing |
Exploitation Detected |
|
CVE-2024-49019 |
Active Directory Certificate Services Elevation of Privilege Vulnerability |
Important |
7.8 |
No |
Yes |
No |
|
Elevation of Privilege |
Exploitation More Likely |
|
CVE-2024-49040 |
Microsoft Exchange Server Spoofing Vulnerability |
Important |
7.5 |
No |
Yes |
No |
|
Spoofing |
Exploitation More Likely |
|
CVE-2024-43498 |
.NET and Visual Studio Remote Code Execution Vulnerability |
Critical |
9.8 |
No |
No |
No |
A remote unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to a vulnerable .NET webapp or by loading a specially crafted file into a vulnerable desktop app. |
Remote Code Execution |
Exploitation Less Likely |
|
CVE-2024-43639 |
Windows Kerberos Remote Code Execution Vulnerability |
Critical |
9.8 |
No |
No |
No |
An unauthenticated attacker could use a specially crafted application to leverage a cryptographic protocol vulnerability in Windows Kerberos to perform remote code execution against the target. |
Remote Code Execution |
Exploitation Less Likely |
|
CVE-2024-43640 |
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability |
Important |
9.8 |
No |
No |
No |
To successfully exploit this vulnerability, an unauthenticated attacker must send a specially crafted request to a targeted server utilizing the HTTP Protocol Stack (http.sys) to trigger a double free vulnerability which could allow them to perform remote code execution on the target. |
Elevation of Privilege |
Exploitation Less Likely |
|
CVE-2024-38255 |
SQL Server Native Client Remote Code Execution Vulnerability |
Important |
8.8 |
No |
No |
No |
|
Remote Code Execution |
Exploitation Less Likely |
|
CVE-2024-43459 |
SQL Server Native Client Remote Code Execution Vulnerability |
Important |
8.8 |
No |
No |
No |
|
Remote Code Execution |
Exploitation Less Likely |
|
CVE-2024-43462 |
SQL Server Native Client Remote Code Execution Vulnerability |
Important |
8.8 |
No |
No |
No |
|
Remote Code Execution |
Exploitation Less Likely |
|
CVE-2024-43620 |
Windows Telephony Service Remote Code Execution Vulnerability |
Important |
8.8 |
No |
No |
No |
|
Remote Code Execution |
Exploitation Less Likely |
|
CVE-2024-43621 |
Windows Telephony Service Remote Code Execution Vulnerability |
Important |
8.8 |
No |
No |
No |
|
Remote Code Execution |
Exploitation Less Likely |
|
CVE-2024-43622 |
Windows Telephony Service Remote Code Execution Vulnerability |
Important |
8.8 |
No |
No |
No |
|
Remote Code Execution |
Exploitation Less Likely |
|
CVE-2024-43624 |
Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability |
Important |
8.8 |
No |
No |
No |
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
Elevation of Privilege |
Exploitation Less Likely |
|
CVE-2024-43627 |
Windows Telephony Service Remote Code Execution Vulnerability |
Important |
8.8 |
No |
No |
No |
|
Remote Code Execution |
Exploitation Less Likely |
|
CVE-2024-43628 |
Windows Telephony Service Remote Code Execution Vulnerability |
Important |
8.8 |
No |
No |
No |
|
Remote Code Execution |
Exploitation Less Likely |
|
CVE-2024-43635 |
Windows Telephony Service Remote Code Execution Vulnerability |
Important |
8.8 |
No |
No |
No |
|
Remote Code Execution |
Exploitation Less Likely |
|
CVE-2024-48993 |
SQL Server Native Client Remote Code Execution Vulnerability |
Important |
8.8 |
No |
No |
No |
|
Remote Code Execution |
Exploitation Less Likely |
|
CVE-2024-48994 |
SQL Server Native Client Remote Code Execution Vulnerability |
Important |
8.8 |
No |
No |
No |
|
Remote Code Execution |
Exploitation Less Likely |
|
CVE-2024-48995 |
SQL Server Native Client Remote Code Execution Vulnerability |
Important |
8.8 |
No |
No |
No |
|
Remote Code Execution |
Exploitation Less Likely |
|
CVE-2024-48996 |
SQL Server Native Client Remote Code Execution Vulnerability |
Important |
8.8 |
No |
No |
No |
|
Remote Code Execution |
Exploitation Less Likely |
|
CVE-2024-48997 |
SQL Server Native Client Remote Code Execution Vulnerability |
Important |
8.8 |
No |
No |
No |
|
Remote Code Execution |
Exploitation Less Likely |
|
CVE-2024-48998 |
SQL Server Native Client Remote Code Execution Vulnerability |
Important |
8.8 |
No |
No |
No |
|
Remote Code Execution |
Exploitation Less Likely |
|
CVE-2024-48999 |
SQL Server Native Client Remote Code Execution Vulnerability |
Important |
8.8 |
No |
No |
No |
|
Remote Code Execution |
Exploitation Less Likely |
|
CVE-2024-49000 |
SQL Server Native Client Remote Code Execution Vulnerability |
Important |
8.8 |
No |
No |
No |
|
Remote Code Execution |
Exploitation Less Likely |
|
CVE-2024-49001 |
SQL Server Native Client Remote Code Execution Vulnerability |
Important |
8.8 |
No |
No |
No |
|
Remote Code Execution |
Exploitation Less Likely |
|
CVE-2024-49002 |
SQL Server Native Client Remote Code Execution Vulnerability |
Important |
8.8 |
No |
No |
No |
|
Remote Code Execution |
Exploitation Less Likely |
|
CVE-2024-49003 |
SQL Server Native Client Remote Code Execution Vulnerability |
Important |
8.8 |
No |
No |
No |
|
Remote Code Execution |
Exploitation Less Likely |
|
CVE-2024-49004 |
SQL Server Native Client Remote Code Execution Vulnerability |
Important |
8.8 |
No |
No |
No |
|
Remote Code Execution |
Exploitation Less Likely |
|
CVE-2024-49005 |
SQL Server Native Client Remote Code Execution Vulnerability |
Important |
8.8 |
No |
No |
No |
|
Remote Code Execution |
Exploitation Less Likely |
|
CVE-2024-49006 |
SQL Server Native Client Remote Code Execution Vulnerability |
Important |
8.8 |
No |
No |
No |
|
Remote Code Execution |
Exploitation Less Likely |
|
CVE-2024-49007 |
SQL Server Native Client Remote Code Execution Vulnerability |
Important |
8.8 |
No |
No |
No |
|
Remote Code Execution |
Exploitation Less Likely |
|
CVE-2024-49008 |
SQL Server Native Client Remote Code Execution Vulnerability |
Important |
8.8 |
No |
No |
No |
|
Remote Code Execution |
Exploitation Less Likely |
|
CVE-2024-49009 |
SQL Server Native Client Remote Code Execution Vulnerability |
Important |
8.8 |
No |
No |
No |
|
Remote Code Execution |
Exploitation Less Likely |
|
CVE-2024-49010 |
SQL Server Native Client Remote Code Execution Vulnerability |
Important |
8.8 |
No |
No |
No |
|
Remote Code Execution |
Exploitation Less Likely |
|
CVE-2024-49011 |
SQL Server Native Client Remote Code Execution Vulnerability |
Important |
8.8 |
No |
No |
No |
|
Remote Code Execution |
Exploitation Less Likely |
|
CVE-2024-49012 |
SQL Server Native Client Remote Code Execution Vulnerability |
Important |
8.8 |
No |
No |
No |
|
Remote Code Execution |
Exploitation Less Likely |
|
CVE-2024-49013 |
SQL Server Native Client Remote Code Execution Vulnerability |
Important |
8.8 |
No |
No |
No |
|
Remote Code Execution |
Exploitation Less Likely |
|
CVE-2024-49014 |
SQL Server Native Client Remote Code Execution Vulnerability |
Important |
8.8 |
No |
No |
No |
|
Remote Code Execution |
Exploitation Less Likely |
|
CVE-2024-49015 |
SQL Server Native Client Remote Code Execution Vulnerability |
Important |
8.8 |
No |
No |
No |
|
Remote Code Execution |
Exploitation Less Likely |
|
CVE-2024-49016 |
SQL Server Native Client Remote Code Execution Vulnerability |
Important |
8.8 |
No |
No |
No |
|
Remote Code Execution |
Exploitation Less Likely |
|
CVE-2024-49017 |
SQL Server Native Client Remote Code Execution Vulnerability |
Important |
8.8 |
No |
No |
No |
|
Remote Code Execution |
Exploitation Less Likely |
|
CVE-2024-49018 |
SQL Server Native Client Remote Code Execution Vulnerability |
Important |
8.8 |
No |
No |
No |
|
Remote Code Execution |
Exploitation Less Likely |
|
CVE-2024-49050 |
Visual Studio Code Python Extension Remote Code Execution Vulnerability |
Important |
8.8 |
No |
No |
No |
|
Remote Code Execution |
Exploitation Less Likely |
|
CVE-2024-49051 |
Microsoft PC Manager Elevation of Privilege Vulnerability |
Important |
8.4 |
No |
No |
No |
|
Elevation of Privilege |
Exploitation Less Likely |
|
CVE-2024-43625 |
Microsoft Windows VMSwitch Elevation of Privilege Vulnerability |
Critical |
8.1 |
No |
No |
No |
Scope = Changed, Jump Point = True |
Elevation of Privilege |
Exploitation Less Likely |
|
CVE-2024-43447 |
Windows SMBv3 Server Remote Code Execution Vulnerability |
Important |
8.1 |
No |
No |
No |
To successfully exploit this vulnerability, an attacker would need to use a malicious SMB client to mount an attack against the SMB server. This exploit is only applicable to SMB over QUIC. |
Remote Code Execution |
Exploitation Less Likely |
|
CVE-2024-49048 |
TorchGeo Remote Code Execution Vulnerability |
Important |
8.1 |
No |
No |
No |
|
Remote Code Execution |
Exploitation Less Likely |
|
CVE-2024-43530 |
Windows Update Stack Elevation of Privilege Vulnerability |
Important |
7.8 |
No |
No |
No |
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
Elevation of Privilege |
Exploitation Less Likely |
|
CVE-2024-43623 |
Windows NT OS Kernel Elevation of Privilege Vulnerability |
Important |
7.8 |
No |
No |
No |
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
Elevation of Privilege |
Exploitation More Likely |
|
CVE-2024-43626 |
Windows Telephony Service Elevation of Privilege Vulnerability |
Important |
7.8 |
No |
No |
No |
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
Elevation of Privilege |
Exploitation Less Likely |
|
CVE-2024-43629 |
Windows DWM Core Library Elevation of Privilege Vulnerability |
Important |
7.8 |
No |
No |
No |
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
Elevation of Privilege |
Exploitation More Likely |
|
CVE-2024-43630 |
Windows Kernel Elevation of Privilege Vulnerability |
Important |
7.8 |
No |
No |
No |
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
Elevation of Privilege |
Exploitation More Likely |
|
CVE-2024-43636 |
Win32k Elevation of Privilege Vulnerability |
Important |
7.8 |
No |
No |
No |
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
Elevation of Privilege |
Exploitation More Likely |
|
CVE-2024-43637 |
Windows USB Video Class System Driver Elevation of Privilege Vulnerability |
Important |
7.8 |
No |
No |
No |
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
Elevation of Privilege |
Exploitation Less Likely |
|
CVE-2024-43641 |
Windows Registry Elevation of Privilege Vulnerability |
Important |
7.8 |
No |
No |
No |
|
Elevation of Privilege |
Exploitation Less Likely |
|
CVE-2024-43644 |
Windows Client-Side Caching Elevation of Privilege Vulnerability |
Important |
7.8 |
No |
No |
No |
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
Elevation of Privilege |
Exploitation Less Likely |
|
CVE-2024-49021 |
Microsoft SQL Server Remote Code Execution Vulnerability |
Important |
7.8 |
No |
No |
No |
|
Remote Code Execution |
Exploitation Less Likely |
|
CVE-2024-49026 |
Microsoft Excel Remote Code Execution Vulnerability |
Important |
7.8 |
No |
No |
No |
|
Remote Code Execution |
Exploitation Less Likely |
|
CVE-2024-49027 |
Microsoft Excel Remote Code Execution Vulnerability |
Important |
7.8 |
No |
No |
No |
|
Remote Code Execution |
Exploitation Less Likely |
|
CVE-2024-49028 |
Microsoft Excel Remote Code Execution Vulnerability |
Important |
7.8 |
No |
No |
No |
|
Remote Code Execution |
Exploitation Less Likely |
|
CVE-2024-49029 |
Microsoft Excel Remote Code Execution Vulnerability |
Important |
7.8 |
No |
No |
No |
|
Remote Code Execution |
Exploitation Less Likely |
|
CVE-2024-49030 |
Microsoft Excel Remote Code Execution Vulnerability |
Important |
7.8 |
No |
No |
No |
|
Remote Code Execution |
Exploitation Less Likely |
|
CVE-2024-49031 |
Microsoft Office Graphics Remote Code Execution Vulnerability |
Important |
7.8 |
No |
No |
No |
|
Remote Code Execution |
Exploitation Less Likely |
|
CVE-2024-49032 |
Microsoft Office Graphics Remote Code Execution Vulnerability |
Important |
7.8 |
No |
No |
No |
|
Remote Code Execution |
Exploitation Less Likely |
|
CVE-2024-49043 |
Microsoft.SqlServer.XEvent.Configuration.dll Remote Code Execution Vulnerability |
Important |
7.8 |
No |
No |
No |
|
Remote Code Execution |
Exploitation Less Likely |
|
CVE-2024-49046 |
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability |
Important |
7.8 |
No |
No |
No |
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
Elevation of Privilege |
Exploitation Less Likely |
|
CVE-2024-43450 |
Windows DNS Spoofing Vulnerability |
Important |
7.5 |
No |
No |
No |
|
Spoofing |
Exploitation Less Likely |
|
CVE-2024-43452 |
Windows Registry Elevation of Privilege Vulnerability |
Important |
7.5 |
No |
No |
No |
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
Elevation of Privilege |
Exploitation Less Likely |
|
CVE-2024-43499 |
.NET and Visual Studio Denial of Service Vulnerability |
Important |
7.5 |
No |
No |
No |
|
Denial of Service |
Exploitation Less Likely |
|
CVE-2024-43642 |
Windows SMB Denial of Service Vulnerability |
Important |
7.5 |
No |
No |
No |
|
Denial of Service |
Exploitation More Likely |
|
CVE-2024-49033 |
Microsoft Word Security Feature Bypass Vulnerability |
Important |
7.5 |
No |
No |
No |
|
Security Feature Bypass |
Exploitation More Likely |
|
CVE-2024-43613 |
Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability |
Important |
7.2 |
No |
No |
No |
An attacker who successfully exploits this vulnerability would gain the same privileges as the SuperUser role. |
Elevation of Privilege |
Exploitation Less Likely |
|
CVE-2024-49042 |
Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability |
Important |
7.2 |
No |
No |
No |
An attacker who successfully exploits this vulnerability would gain the same privileges as the SuperUser role. |
Elevation of Privilege |
Exploitation Less Likely |
|
CVE-2024-49049 |
Visual Studio Code Remote Extension Elevation of Privilege Vulnerability |
Moderate |
7.1 |
No |
No |
No |
|
Defense in Depth |
Exploitation Less Likely |
|
CVE-2024-43598 |
LightGBM Remote Code Execution Vulnerability |
Important |
7.0 |
No |
No |
No |
|
Remote Code Execution |
Exploitation Less Likely |
|
CVE-2024-43449 |
Windows USB Video Class System Driver Elevation of Privilege Vulnerability |
Important |
6.8 |
No |
No |
No |
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
Elevation of Privilege |
Exploitation Less Likely |
|
CVE-2024-43634 |
Windows USB Video Class System Driver Elevation of Privilege Vulnerability |
Important |
6.8 |
No |
No |
No |
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
Elevation of Privilege |
Exploitation Less Likely |
|
CVE-2024-43638 |
Windows USB Video Class System Driver Elevation of Privilege Vulnerability |
Important |
6.8 |
No |
No |
No |
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
Elevation of Privilege |
Exploitation Less Likely |
|
CVE-2024-43643 |
Windows USB Video Class System Driver Elevation of Privilege Vulnerability |
Important |
6.8 |
No |
No |
No |
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
Elevation of Privilege |
Exploitation Less Likely |
|
CVE-2024-43631 |
Windows Secure Kernel Mode Elevation of Privilege Vulnerability |
Important |
6.7 |
No |
No |
No |
|
Elevation of Privilege |
Exploitation Less Likely |
|
CVE-2024-43645 |
Windows Defender Application Control (WDAC) Security Feature Bypass Vulnerability |
Important |
6.7 |
No |
No |
No |
|
Security Feature Bypass |
Exploitation Less Likely |
|
CVE-2024-43646 |
Windows Secure Kernel Mode Elevation of Privilege Vulnerability |
Important |
6.7 |
No |
No |
No |
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
Elevation of Privilege |
Exploitation Less Likely |
|
CVE-2024-49044 |
Visual Studio Elevation of Privilege Vulnerability |
Important |
6.7 |
No |
No |
No |
|
Elevation of Privilege |
Exploitation Less Likely |
|
CVE-2024-43633 |
Windows Hyper-V Denial of Service Vulnerability |
Important |
6.5 |
No |
No |
No |
Scope = Changed, Jump Point = True |
Denial of Service |
Exploitation Less Likely |
|
CVE-2024-38203 |
Windows Package Library Manager Information Disclosure Vulnerability |
Important |
6.2 |
No |
No |
No |
|
Information Disclosure |
Exploitation Less Likely |
|
CVE-2024-38264 |
Microsoft Virtual Hard Disk (VHDX) Denial of Service Vulnerability |
Important |
5.9 |
No |
No |
No |
|
Denial of Service |
Exploitation Less Likely |
|
CVE-2024-43602 |
Azure CycleCloud Remote Code Execution Vulnerability |
Important |
|
No |
No |
No |
|
Remote Code Execution |
Exploitation Less Likely |
Do you need help keeping up patches? Syxsense’s automated patch management capabilities helps enterprises patch faster and more accurately. Schedule a consultation with us to learn how we can help you.
