November Patch Tuesday

Hosted by Chris Goettl and Todd Schell
Patch Tuesday Webinar
Wednesday, November 13, 2024

Copyright © 2024 Ivanti. All rights reserved. 2
Agenda
▪ November 2024 Patch Tuesday Overview
▪ In the News
▪ Bulletins and Releases
▪ Between Patch Tuesdays
▪ Q & A

The top priority for the November 2024 Patch Tuesday
is the Windows OS update to resolve two known
exploited CVEs (CVE-2024-49039 and CVE-2024-
43451). For organizations running Microsoft Exchange
Server, you will also want to prioritize this month's
Exchange Server update which resolves a Publicly
Disclosed vulnerability (CVE-2024-49040) which
included proof-of-concept exploit code making it a much
more likely risk that threat actors will take advantage
and target this vulnerability.
For more details check out this month's Patch Tuesday
blog.
November Patch Tuesday 2024

In the News

In the News
▪ Windows Server 2025 is RTM as of November 1
▪ https://learn.microsoft.com/en-us/windows-server/get-started/whats-new-windows-server-2025
▪ Azure Arc-connected Windows Server 2025 machines can receive Hotpatches
▪ https://learn.microsoft.com/en-us/windows-server/get-started/hotpatch
▪ Windows Server 2025 Auto Updating
▪ https://www.bleepingcomputer.com/news/microsoft/microsoft-blames-windows-server-2025-automatic-
upgrades-on-third-party-tools/
▪ https://www.theregister.com/2024/11/11/microsoft_windows_2025_mitigated/
▪ Was Amazon Hacked—Have Your Account And Password Been Compromised?
▪ https://www.forbes.com/sites/daveywinder/2024/11/13/was-amazon-hacked-are-your-password-and-credit-
card-compromised/

▪ CVE-2024-43451 NTLM Hash Disclosure Spoofing Vulnerability
▪ CVSS 3.1 Scores: 6.5 / 6.0
▪ Severity: Important
▪ Impact: Spoofing
▪ Affected Systems: All currently supported Windows operating systems
▪ Per Microsoft: This vulnerability discloses a user's NTLMv2 hash to the attacker who could use this to
authenticate as the user. Minimal interaction with a malicious file by a user such as selecting (single-
click), inspecting (right-click), or performing an action other than opening or executing could trigger this
vulnerability.
Publicly Disclosed and Known Exploited Vulnerabilities

▪ CVE-2024-49039 Windows Task Scheduler Elevation of Privilege Vulnerability
▪ CVSS 3.1 Scores: 8.8 / 8.2
▪ Impact: Elevation of Privilege
▪ Affected Systems: Windows 10, Windows 11, Server 2016, Server 2019, Server 2022, and Server
2025
▪ Per Microsoft: To exploit this vulnerability, an authenticated attacker would need to run a specially
crafted application on the target system exploit the vulnerability to elevate their privileges to a Medium
Integrity Level. In this case, a successful attack could be performed from a low privilege AppContainer.
The attacker could elevate their privileges and execute code or access resources at a higher integrity
level than that of the AppContainer execution environment. An attacker who successfully exploited this
vulnerability could execute RPC functions that are restricted to privileged accounts only.
Known Exploited Vulnerability

▪ CVE-2024-49019 Active Directory Certificate Services Elevation of Privilege Vulnerability
▪ CVSS 3.1 Scores: 7.8 / 6.8
▪ Impact: Elevation of Privilege
▪ Affected Systems: All supported Windows Server versions from 2008 through 2025
▪ Per Microsoft: An attacker who successfully exploited this vulnerability could gain domain administrator
privileges. Certificates created using a version 1 certificate template with Source of subject name set to
"Supplied in the request" are potentially vulnerable.
▪ CVE-2024-49040 Microsoft Exchange Server Spoofing Vulnerability
▪ CVSS 3.1 Scores: 7.5 / 6.7
▪ Affected Systems: Supported Exchange Server versions 2016 CU23 and 2019 CU 13 & 14
▪ Proof of concept exploit code has been released for this vulnerability
Publicly Disclosed Vulnerabilities

Ivanti Avalanche
Connect Secure (ICS), Policy Secure
(IPS), Secure Access Client (ISAC)
Security Advisory: Ivanti
Endpoint Manager
Security Advisory: Ivanti
Avalanche
Vulnerabilities:
• CVE-2024-50317 CVSS: 7.5
• CVE-2024-50318 CVSS: 7.5
• CVE-2024-50319 CVSS: 7.5
• CVE-2024-50320 CVSS: 7.5
• CVE-2024-50321 CVSS: 7.5
• CVE-2024-50331 CVSS: 7.5
Affected Versions:
• 6.4.5 and prior
Security Advisory: Ivanti ICS,
IPS, and ISAC Products
Ivanti Endpoint Manager (EPM)
Ivanti November Security Updates
Vulnerabilities:
• Multiple Resolved CVEs
(see SA for list and details)
Affected Versions:
• ICS: 22.7R2.2 and prior
• IPS: 22.7R1.1 and prior
• ISAC: 22.7R3 and prior
Vulnerabilities:
• Multiple Resolved CVEs
(see SA for list and details)
Affected Versions:
• 2024 September security update
and prior
• 2022 SU6 September security
update and prior
Special thanks to the security researchers, ethical hackers, and the broader security community for partnering
with us to improve the security of our products.

Multiple Linux Kernel CVEs
Impact: All Linux operating systems
Examples: CVE-2024-47687 (CVSS 9.1), CVE-
2024-25744 (CVSS 8.8), CVE-2024-47659 (CVSS
8.8)
▪ There’s been a massive surge in CVE IDs being
issued (over 100 since last Patch Tuesday) now
that the Kernel Project team became a CNA.
▪ It is impossible to advise on which specific
vulnerability might be worse than any other, as
both the scoring is very malleable, and the
number of those vulnerabilities is very large.
Mitigation
Immediate Advice: Update the Linux kernel ASAP
Long-Term Advice: Given the current rate at which
kernel vulnerabilities are disclosed, it should be
updated on a very tight timeframe (at least once per
week) wherever possible.
New and Notable Linux Vulnerabilities: 1
Highlighted by TuxCare

CVE-2024-6345
CVSS 3: 8.8
Impact: Affects all Linux operating systems hosting
python-based applications
▪ A bug in the package_index module of
pypa/setuptools, used widely as a component in
many python-based applications, makes it
possible to execute remote code if it is used to
download content from a malicious host via its
download functions.
▪ If these functions are exposed to user-controlled
inputs, such as package URLs, they can execute
arbitrary commands on the system.
▪ Due to the way python applications are
packaged and distributed, it is often difficult to
identify specific component usage prior to
actually deploying the application (or combing
through the specifications for the package).
Mitigation
Update the package to version 70.0 or above, as
available
New and Notable Linux Vulnerabilities: 2
Highlighted by TuxCare

Microsoft Patch Tuesday Updates of Interest
Advisory 990001
Latest Servicing Stack Updates (SSU)
▪ https://msrc.microsoft.com/update-
guide/en-US/vulnerability/ADV990001
▪ No SSUs released this month
Azure and Development Tool Updates
▪ .NET 9.0 for Linux, Windows, and Mac OS
▪ Azure airlift.Microsoft.com
▪ Azure CycleCloud 8.x.x (multiple versions)
▪ Microsoft TorchGeo
▪ Python extension for Visual Studio Code
▪ Visual Studio Code Remote – SSH
Extension
▪ Visual Studio 2022 17.6 – 17.11

Windows 10
and 11 Lifecycle
Awareness
Windows 10 Enterprise and Education
Version Release Date End of Support Date
22H2 10/18/2022 10/14/2025
Windows 10 Home and Pro
22H2 10/18/2022 10/14/2025
Windows 11 Home and Pro
24H2 10/1/2024 10/13/2026
23H2 10/31/2023 11/11/2025
Windows 11 Enterprise and Education
24H2 10/1/2024 10/12/2027
23H2 10/31/2023 11/10/2026
22H2 9/20/2022 10/14/2025
Source: Microsoft
https://docs.microsoft.com/en-us/lifecycle/faq/windows

Server Long-term Servicing Channel Support
Server LTSC Support
Version Editions Release Date Mainstream Support Ends Extended Support Ends
Windows Server 2025 Datacenter and Standard 11/01/2024 10/09/2029 10/10/2034
Windows Server 2022 Datacenter and Standard 08/18/2021 10/13/2026 10/14/2031
Windows Server 2019
(Version 1809)
Datacenter and Standard 11/13/2018 01/09/2024 01/09/2029
Windows Server 2016
(Version 1607)
Datacenter, Essentials, and Standard 10/15/2016 01/11/2022 01/11/2027
https://learn.microsoft.com/en-us/windows-server/get-started/windows-server-release-info
▪ Focused on server long-term stability
▪ Major version releases every 2-3 years
▪ 5 years mainstream and 5 years extended support
▪ Server core or server with desktop experience available
Source: Microsoft

Patch Content Announcements
Announcements Posted on Community Forum Pages
▪ https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2
▪ Subscribe to receive email for the desired product(s)
Content Info: Endpoint Security
Content Info: Endpoint Manager
Content Info: macOS Updates
Content Info: Linux Updates
Content Info: Patch for Configuration Manager
Content Info: ISEC and Neurons Patch
Content Info: Neurons Patch for InTune

Bulletins and Releases

MS24-11-W11: Windows 11 Update
▪ Maximum Severity: Critical
▪ Affected Products: Microsoft Windows 11 Version 21H2, 22H2, 23H2, 24H2, Server 2025 and
Edge Chromium
▪ Description: This bulletin references KB 5046633 (22H2/23H2), and KB 5046617 (24H2 and
Server 2025). See KBs for details of all changes.
▪ Impact: Remote Code Execution, Denial of Service, Spoofing, Elevation of Privilege, and
Information Disclosure
▪ Fixes 35 Vulnerabilities: CVE-2024-43451 is publicly disclosed and known exploited. CVE-2024-
49039 is known exploited. CVE-2024-49019 and CVE-2024-49040 are publicly disclosed. See
the Security Update Guide for the complete list of CVEs.
▪ Restart Required: Requires restart
▪ Known Issues: See next slide
1

November Known Issues for Windows 11
▪ KB 5046633 – Windows 11 version 22H2, Windows 11 version 23H2, all editions
▪ [OpenSSH] Following the installation of the October 2024 security update, some customers
report that the OpenSSH (Open Secure Shell) service fails to start, preventing SSH
connections.
▪ Workaround: Customers can temporarily resolve the issue by updating permissions (ACLs)
on the affected directories. See KB for details
▪ KB 5046617 – Windows 11 version 24H2, all editions
▪ [Roblox] We’re aware of an issue where players on Arm devices are unable to download
and play Roblox via the Microsoft Store on Windows.
▪ Workaround: Download Roblox directly from vendor.

MS24-11-W10: Windows 10 Update
▪ Maximum Severity: Critical
▪ Affected Products: Microsoft Windows 10 Versions 1607, 1809, 22H2, Server 2016, Server
2019, Server 2022, Server 2022 Datacenter: Azure Edition and Edge Chromium
▪ Description: This bulletin references multiple KB articles. See Windows 10 and associated
server KBs for details of all changes.
▪ Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing,
Tampering, Elevation of Privilege, and Information Disclosure
▪ Fixes 36 Vulnerabilities: CVE-2024-43451 is publicly disclosed and known exploited. CVE-2024-
49039 is known exploited. CVE-2024-49019 and CVE-2024-49040 are publicly disclosed. See
the Security Update Guide for the complete list of CVEs.
▪ Known Issues: None reported
1

MS24-11-EXCH: Security Updates for Exchange Server
▪ Maximum Severity: Important
▪ Affected Products: Microsoft Exchange Server 2016 CU23 and Exchange Server 2019 CU13 &
CU14
▪ Description: This bulletin references KB 5044062 for Exchange Server 2016 and for Exchange
Server 2019. This KB and the CVE listing does not provide specific details on the vulnerability.
▪ Fixes 1 Vulnerability: CVE-2024-49040 is publicly disclosed but not known exploited.
1
2

MS24-11-SQL: Security Updates for SQL Server
▪ Affected Products: Microsoft SQL Server 2016 SP3 (GDR and Azure Connect Feature Pack),
Microsoft SQL Server 2017 (GDR and CU31), Microsoft SQL Server 2019 (GDR and CU29)
and Microsoft SQL Server 2022 (GDR and CU15)
▪ Description: This security update fixes a series of vulnerabilities which could allow remote code
execution. This bulletin is based on 8 KB articles.
▪ Impact: Remote Code Execution
▪ Fixes 31 Vulnerabilities: No CVEs are known exploited or publicly disclosed. See the Security
Update Guide for the complete list of CVEs.
2

▪ Affected Products: Excel 2016, Office 2016, Office LTSC 2021 and 2024 for Mac OS, Word 2016
▪ Description: This security update resolves a series of graphics remote code execution, and an
Office Protected View security bypass vulnerability in Microsoft Office. This bulletin references 4
KBs plus 2 sets of release notes for the Mac OS applications.
▪ Impact: Remote Code Execution and Security Feature Bypass
▪ Fixes 8 Vulnerabilities: CVE-2024-49026, CVE-2024-49027, CVE-2024-49028, CVE-2024-
49029, CVE-2024-49030, CVE-2024-49031, CVE-2024-49032, and CVE-2024-49033 which are
not known to be exploited or publicly disclosed.
▪ Restart Required: Requires application restart
MS24-11-OFF: Security Updates for Microsoft Office
1
2

▪ Affected Products: Microsoft 365 Apps, Office 2019, Office LTSC 2021 and Office LTSC 2024
▪ Description: This security update resolves a series of graphics remote code execution
vulnerabilities, and an Office Protected View security bypass vulnerability in Microsoft Office.
Information on the security updates is available at
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates.
▪ Impact: Remote Code Execution and Security Feature Bypass
49029, CVE-2024-49030, CVE-2024-49031, CVE-2024-49032, and CVE-2024-49033 which are
not known to be exploited or publicly disclosed.
MS24-11-O365: Security Updates for Microsoft 365 Apps
1
2

▪ Maximum Severity: Unrated
▪ Affected Products: Microsoft SharePoint Server Subscription Edition, SharePoint Enterprise
Server 2016, and SharePoint Server 2019
▪ Description: This security update provides Defense in Depth update according to Security
Advisory 240001 Microsoft SharePoint Server Defense in Depth Update. This bulletin is based
on KB 5002650 (2019), KB 5002651 (sub), and KB 5002654 (2016) articles.
▪ Impact: Defense in Depth
▪ Contains No Reported Vulnerabilities
MS24-11-SPT: Security Updates for Sharepoint Server

Between
Patch Tuesdays

Windows Release Summary
▪ Security Updates (with CVEs): AutoCAD (2), Azul Zulu (4), Google Chrome (4), Corretto (4), Firefox
(2), Firefox ESR (2), Foxit PDF Editor (1), Foxit PDF Reader Consumer (1), Java 8 (1), Java
Development Kit 11 (1), Java Development Kit 17 (1), Java Development Kit 21 (1), VirtualBox (1),
RedHat OpenJDK (1)
▪ Security Updates (w/o CVEs): Apple Mobile Device Support (1), Anaconda Python (1), Adobe Acrobat
DC and Acrobat Reader DC (2), Adobe Acrobat 2024 Classic (1), Audacity (1), BlueBeam Revu (1),
Box Edit (1), CCleaner (1), ClickShare App Machine-Wide Installer (2), Citrix Workspace App LTSR (1),
Devolutions Remote Desktop Manager (1), Docker For Windows (2), Dropbox (2), Eclipse Adoptium
(4), Firefox (1), Git for Windows (2),Grammarly for Windows (4), IntelliJ IDEA (1), Apple Itunes (1),
IrfanView (1), Jabra Direct (1), LibreOffice (1), LogMeIn (1), Node.JS (LTS Upper) (1), Notepad++ (1),
Opera (4), PDF-Xchange PRO (1), Plex Media Server (1), Pulse Secure VPN Desktop Client (1),
PeaZip (1), Skype (2), Slack Machine-Wide Installer (3), Tableau Desktop (6), Tableau Prep Builder (1),
Tableau Reader (1), Thunderbird ESR (4), TortoiseGit (1), TeamViewer (1), VMware Tools (1), VMware
Workstation Pro (1), Cisco Webex Meetings Desktop App (1), Zoom Workplace desktop app (2), Zoom
Outlook Plugin (1), Zoom Rooms App (3), Zoom Workplace VDI App (1)

Windows Release Summary (cont)
▪ Non-Security Updates: 1Password (2), Beyond Compare (1), Box Drive (1), Bitwarden (2), Camtasia
(5), Evernote (6), GeoGebra Classic (1), IntelliJ IDEA (3), Inkscape (1), Logi Options plus (1),
NextCloud Desktop Client (2), Password Safe (1), R for Windows (1), RingCentral App (Machine-Wide
Installer) (3), Cisco Webex Teams (2), WinMerge (1)

Windows Third Party CVE Information
▪ AutoCAD 2024.1.6
▪ ADAC24-241018, QACAD202416
▪ Fixes 1 Vulnerability: CVE-2024-7305
▪ AutoCAD 2025.1.1
▪ ADAC25-241030, QACAD202511
▪ Fixes 15 Vulnerabilities: CVE-2024-8587, CVE-2024-8588, CVE-2024-8589, CVE-2024-8590,
CVE-2024-8591, CVE-2024-8593, CVE-2024-8594, CVE-2024-8595, CVE-2024-8596, CVE-2024-
8597, CVE-2024-8598, CVE-2024-8599, CVE-2024-8600, CVE-2024-9826, CVE-2024-9827
▪ VirtualBox 7.0.22
▪ OVB70-241016, QOVB7022
CVE-2024-21273

Windows Third Party CVE Information (cont)
▪ Google Chrome 130.0.6723.59
▪ CHROME-241016, QGC1300672359
9963, CVE-2024-9964, CVE-2024-9965, CVE-2024-9966
▪ CHROME-241023, QGC1300672370
▪ Fixes 3 Vulnerabilities: CVE-2024-10229, CVE-2024-10230, CVE-2024-10231
▪ CHROME-241030, QGC1300672392
▪ Fixes 2 Vulnerabilities: CVE-2024-10487, CVE-2024-10488
▪ CHROME-241106, QGC13006723117

▪ Firefox 131.0.3
▪ FF-241015, QFF13103
▪ Firefox 132.0
▪ FF-241029, QFF1320
CVE-2024-10462, CVE-2024-10463, CVE-2024-10464, CVE-2024-10465, CVE-2024-10466,
CVE-2024-10467, CVE-2024-10468
▪ Firefox ESR 115.16.1
▪ FFE115-241011, QFFE115161

▪ FFE128-241029, QFFE12840
CVE-2024-10467
▪ Foxit PDF Editor 11.2.11.54113
▪ FPDFE11-241018, QFPDFE11211MSP
9245, CVE-2024-9246, CVE-2024-9247, CVE-2024-9248, CVE-2024-9249, CVE-2024-9250,
9256

▪ Foxit PDF Reader Consumer 2024.3.0.26795
▪ FPDFRC-241017, QFPDFRC20243
CVE-2024-9255, CVE-2024-9256

▪ Azul Zulu 21.38.21 (21.0.5) Note: FX version of JDK also supported
▪ ZULU21-241016, QZULUJDK213821
▪ Fixes 8 Vulnerabilities: CVE-2023-42950, CVE-2024-21208, CVE-2024-21210, CVE-
2024-21211, CVE-2024-21217, CVE-2024-21235, CVE-2024-25062, CVE-2024-36138
▪ ZULU17-241016, QZULUJDK175421 and QZULUJRE175421
2024-21211, CVE-2024-21217, CVE-2024-21235, CVE-2024-25062, CVE-2024-36138
2024-21211, CVE-2024-21217, CVE-2024-21235, CVE-2024-25062, CVE-2024-36138

▪ Azul Zulu 8.82.0.21 (8u432) Note: FX version of JDK also supported
▪ Fixes 8 Vulnerabilities: CVE-2023-42950, CVE-2024-21208, CVE-2024-21210, CVE-2024-21211, CVE-
2024-21217, CVE-2024-21235, CVE-2024-25062, CVE-2024-36138
▪ Java Development Kit 21 Update 21.0.5
▪ JDK21-241024, QJDK2105
2024-21235, CVE-2024-36138
▪ JDK17-241024, QJDK17013
2024-21235, CVE-2024-36138

▪ JDK11-241024, QJDK11025
▪ Fixes 4 Vulnerabilities: CVE-2024-21208, CVE-2024-21210, CVE-2024-21217, CVE-2024-21235
▪ Java 8 Update 432 – JRE and JDK
▪ JAVA8-241016, QJDK8U432 and QJRE8U432
CVE-2024-21235, CVE-2024-25062
▪ Corretto 21.0.5.11.1
▪ CRTO21-241016, QCRTOJDK2105

▪ Corretto 17.0.13.11.1
▪ Corretto 11.0.25.9.1
▪ Corretto 8.432.06.1 – JRE and JDK
▪ CRTO8-241016, QCRTOJRE843206
▪ RedHat OpenJDK 21.0.5.0
▪ RHTJDK21-241017, QRHTJDK2105 and QRHTJRE2105
CVE-2024-21235

Apple Release Summary
▪ Security Updates (with CVEs): Apple macOS Sonoma (1), Apple macOS Sequoia (1), Apple
macOS Ventura (1), Apple Safari (1), Google Chrome (4), Firefox (2), Firefox ESR (2),
Microsoft Edge (3), Thunderbird (2), Thunderbird ESR (3)
▪ Security Updates (w/o CVEs): None
▪ Non-Security Updates: 1Password for Mac (2), Adobe Acrobat DC and Acrobat Reader DC
(1), BetterTouchTool (10), Brave (4), DBeaver Lite for Mac (1), Docker Desktop (2), Dropbox
(2), Microsoft Office 2019 Excel (2), Firefox (1), Figma (1), Google Drive (1), Grammarly (6),
Hazel (3), IntelliJ IDEA (2), Krisp for Mac (2), Microsoft AutoUpdate (1), Microsoft Edge (2),
Obsidian for Mac (2), OneDrive for Mac (2), Microsoft Office 2019, OneNote (1), Microsoft
Office 2019 Outlook (4), Parallels Desktop (1), PyCharm Professional (1), Microsoft Office
2019 PowerPoint (2), Slack (3), Thunderbird ESR (4), Microsoft Teams (Mac) (1), Visual
Studio Code (3), VSCodium for Mac (2), Webex Teams for Mac (4), Microsoft Office 2019 Word
(2), Zoom Client for Mac (2)

Apple Updates with CVE Information
▪ macOS Ventura 13.7.1
▪ Fixes 43 Vulnerabilities: See Apple security bulletin for details
▪ macOS Sonoma 14.7.1
▪ macOS Sequoia 15.1
▪ Safari 18.1 for Ventura and Sonoma
2024-44296

Apple Third Party CVE Information
▪ CHROMEMAC-241016
▪ Fixes 16 Vulnerabilities: CVE-2024-8905,CVE-2024-9122, CVE-2024-9123, CVE-2024-9954,
CVE-2024-9966

Apple Third Party CVE Information (cont)
▪ Firefox 131.0.3
▪ MFSA2024-53
▪ Firefox 132.0
▪ FF-241029
CVE-2024-10467, CVE-2024-10468
▪ FFE115-241030

▪ FFE115-241030
▪ FFE128-241029
CVE-2024-10467
▪ Thunderbird 131.0.1
▪ MFSA2024-52
▪ Thunderbird ESR 115.16.0
▪ TB115-241012

▪ Thunderbird 132.0
▪ TB-241031
CVE-2024-10467, CVE-2024-10468
▪ TB128-241011
▪ TB128-241030
CVE-2024-10467

▪ Microsoft Edge 130.0.2849.46
▪ MEDGEMAC-241018
43579, CVE-2024-43580, CVE-2024-43587, CVE-2024-43595, CVE-2024-43596, CVE-2024-
49023
▪ MEDGEMAC-241025
▪ MEDGEMAC-241107

Q & A

November Patch Tuesday

More Related Content

Similar to November Patch Tuesday

More from Ivanti

Recently uploaded

November Patch Tuesday