Security News ZDI: The November 2024 Security Update Review

Gandalf_The_Grey

Gandalf_The_Grey

Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,262
Content source
https://www.zerodayinitiative.com/blog/2024/11/12/the-november-2024-security-update-review
It’s not quite the holiday season, despite what some early decorators will have you believe. It is the second Tuesday of the month, and that means Adobe and Microsoft have released their regularly scheduled updates. Take a break from your regular activities and join us as we review the details of their latest security alerts.If you’d rather watch the full video recap covering the entire release, you can check it out here:

Click to expand...

Adobe Patches for November 2024

For November, Adobe released eight patches addressing 48 CVEs in Adobe Bridge, Audition, After Effects, Substance 3D Painter, Illustrator, InDesign, Photoshop, and Commerce. The largest of these fixes is for Substance 3D Painter with 22 Critical and Important CVEs. The next largest is the patch for Illustrator, with nine CVEs addressed. The fix for After Effects addresses six bugs – three Critical and three Important. The worst of these could allow arbitrary code execution. That’s the same story for the InDesign patch. There’s a single server-side request forgery (SSRF) in Commerce, but it requires authentication. There’s also a single, Critical-rated CVE in Photoshop, which requires user interaction in the form of opening a file. The remaining fixes from Adobe are only Important rated, with two bugs in Adobe Bridge and a single bug in Adobe Audition.

None of the bugs fixed by Adobe this month are listed as publicly known or under active attack at the time of release. Adobe categorizes these updates as a deployment priority rating of 3.
Click to expand...
Microsoft Patches for November 2024

This month, Microsoft released 89 new CVEs in Windows and Windows Components; Office and Office Components; Azure; .NET and Visual Studio; LightGBM; Exchange Server; SQL Server; TorchGeo; Hyper-V; and Windows VMSwitch. One of these vulnerabilities was reported through the ZDI program. With the addition of the third-party CVEs, the entire release tops out at 92 CVEs.

Of the patches released today, four are rated Critical, 84 are rated Important, and one is rated Moderate in severity. This represents another large month of fixes from the Redmond giant and puts them at 949 CVEs addressed so far this year. Even before counting the fixes in December, 2024 is Microsoft's second-largest year for fixes.

Microsoft lists three of these CVEs as publicly known, but I disagree and put the count at five (more on that later). They also list two as being exploited in the wild at the time of release.
Click to expand...
Looking Ahead

The final Patch Tuesday of 2024 will be on December 10, and I’ll return with details and patch analysis at that time. Until then, stay safe, happy patching, and may all your reboots be smooth and clean!
Click to expand...
www.zerodayinitiative.com

Zero Day Initiative — The November 2024 Security Update Review

It’s not quite the holiday season, despite what some early decorators will have you believe. It is the second Tuesday of the month, and that means Adobe and Microsoft have released their regularly scheduled updates. Take a break from your regular activities and join us as we review the details of th
www.zerodayinitiative.com www.zerodayinitiative.com
 
  • +Reputation
  • Like
Reactions: harlan4096 and silversurfer
Gandalf_The_Grey

Gandalf_The_Grey

Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,262
Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws
Today is Microsoft's November 2024 Patch Tuesday, which includes security updates for 89 flaws, including four zero-days, two of which are actively exploited.

This Patch Tuesday fixed four critical vulnerabilities, which include two remote code execution and two elevation of privileges flaws.

The number of bugs in each vulnerability category is listed below:
  • 26 Elevation of Privilege vulnerabilities
  • 2 Security Feature Bypass vulnerabilities
  • 52 Remote Code Execution vulnerabilities
  • 1 Information Disclosure vulnerability
  • 4 Denial of Service vulnerabilities
  • 3 Spoofing vulnerabilities
This count does not include two Edge flaws that were previously fixed on November 7th.

To learn more about the non-security updates released today, you can review our dedicated articles on the new Windows 11 KB5046617 and KB5046633 cumulative updates and the Windows 10 KB5046613 update.
Click to expand...
www.bleepingcomputer.com

Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws

Today is Microsoft's November 2024 Patch Tuesday, which includes security updates for 89 flaws, including four zero-days, two of which are actively exploited.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Hundred Points
  • Like
Reactions: harlan4096 and silversurfer
Gandalf_The_Grey

Gandalf_The_Grey

Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,262
Microsoft releases the November 2024 security updates for Windows
You may download the following Excel spreadsheet to get a list of released updates. Click on the following link to download the archive to the local device: Windows Security Updates November 2024

Executive Summary
  • Microsoft released a total of 89 security updates for various Microsoft products and 3 security updates from non-Microsoft issues (e.g. Chromium).
  • Windows clients with issues are:
    • Windows 11 version 22H2, 23H2, and 24H2
  • Windows Server clients with issues:
    • Windows Server 2008
    • Windows Server 2025
  • Windows 11, version 22H2, Home and Pro, have reached end of support. Microsoft will force upgrade devices to newer Windows versions.
Click to expand...
www.ghacks.net

Microsoft releases the November 2024 security updates for Windows - gHacks Tech News

This is an overview of the security updates and information that Microsoft released on the November 2024 Patch Day.
www.ghacks.net
 
  • Like
Reactions: harlan4096 and silversurfer

Similar threads

Gandalf_The_Grey
    • Like
    • +Reputation
Security News ZDI: The October 2024 Security Update Review
Replies
2
Views
1,495
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Like
    • +Reputation
Security News ZDI: The March 2024 Security Update Review
Replies
1
Views
1,235
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Like
    • +Reputation
Security News The February 2024 Security Update Review
Replies
3
Views
1,283
Security News
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top