The November 2024 Security Upd... Note

The November 2024 Security Update Review

Adobe and Microsoft have released their regularly scheduled updates for November 2024. Adobe released eight patches addressing 48 CVEs in various products, including Adobe Bridge, Audition, After Effects, and Photoshop. The largest fix is for Substance 3D Painter with 22 Critical and Important CVEs. None of the bugs fixed by Adobe this month are listed as publicly known or under active attack at the time of release.Microsoft released 89 new CVEs in Windows and Windows Components, Office and Office Components, Azure, and other products. Four of the patches are rated Critical, 84 are rated Important, and one is rated Moderate in severity. Microsoft lists three of these CVEs as publicly known, but it is reported that five are actually publicly known. Two CVEs are listed as being exploited in the wild at the time of release.The CVEs being exploited in the wild include a NTLM Hash Disclosure Spoofing Vulnerability and a Windows Task Scheduler Elevation of Privilege Vulnerability. Other notable CVEs include a Windows Kerberos Remote Code Execution Vulnerability, which allows a remote, unauthenticated attacker to run code on an affected system, and a .NET and Visual Studio Remote Code Execution Vulnerability, which allows attackers to execute code by sending a specially crafted request to an affected .NET webapp.Microsoft also released patches for various other products, including Azure, SQL Server, and Visual Studio. The company has addressed a total of 949 CVEs so far this year, making 2024 its second-largest year for fixes. Users are advised to test and deploy the updates as soon as possible to protect against potential attacks.