Microsoft Product Suite November 2024 Security Update Advisory
Overview
Microsoft(https://www.microsoft.com) has released a security update that fixes vulnerabilities in products it has supplied. Users of affected products are advised to update to the latest version.
Affected Products
Apps Product Line
Microsoft PC Manager
Azure Product Line
Azure CycleCloud 8.0.0
Azure CycleCloud 8.0.1
Azure CycleCloud 8.0.2
Azure CycleCloud 8.1.0
Azure CycleCloud 8.1.1
Azure CycleCloud 8.2.0
Azure CycleCloud 8.2.1
Azure CycleCloud 8.2.2
Azure CycleCloud 8.3.0
Azure CycleCloud 8.4.0
Azure CycleCloud 8.4.1
Azure CycleCloud 8.4.2
Azure CycleCloud 8.5.0
Azure CycleCloud 8.6.0
Azure CycleCloud 8.6.1
Azure CycleCloud 8.6.2
Azure CycleCloud 8.6.3
Azure CycleCloud 8.6.4
Azure Database for PostgreSQL Flexible Server 12
Azure Database for PostgreSQL Flexible Server 13
Azure Database for PostgreSQL Flexible Server 14
Azure Database for PostgreSQL Flexible Server 15
Azure Database for PostgreSQL Flexible Server 16
Airlift.microsoft.com
Developer Tools Product Line
.NET 9.0 installed on Linux
.NET 9.0 installed on Mac OS
.NET 9.0 installed on Windows
Microsoft Visual Studio 2022 version 17.10
Microsoft Visual Studio 2022 version 17.11
Microsoft Visual Studio 2022 version 17.6
Microsoft Visual Studio 2022 version 17.8
Python extension for Visual Studio Code
Visual Studio Code Remote – SSH Extension
ESU Product Line
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Mariner Product Line
Azure Linux 3.0 ARM
Azure Linux 3.0 x64
CBL Mariner 2.0 ARM
CBL Mariner 2.0 x64
Microsoft Office Product Line
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft Excel 2016 (32-bit edition)
Microsoft Excel 2016 (64-bit edition)
Microsoft Excel 2016 Click-to-Run (C2R) for 32-bit editions
Microsoft Excel 2016 Click-to-Run (C2R) for 64-bit editions
Microsoft Office 2016 (32-bit edition)
Microsoft Office 2016 (64-bit edition)
Microsoft Office 2019 for 32-bit editions
Microsoft Office 2019 for 64-bit editions
Microsoft Office LTSC 2021 for 32-bit editions
Microsoft Office LTSC 2021 for 64-bit editions
Microsoft Office LTSC 2024 for 32-bit editions
Microsoft Office LTSC 2024 for 64-bit editions
Microsoft Office LTSC for Mac 2021
Microsoft Office LTSC for Mac 2024
Microsoft Office Online Server
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Server 2019
Microsoft SharePoint Server Subscription Edition
Microsoft Word 2016 (32-bit edition)
Microsoft Word 2016 (64-bit edition)
Open Source Software Product Line
LightGBM
Microsoft TorchGeo
SQL Server Product Line
Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR)
Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack
Microsoft SQL Server 2017 for x64-based Systems (CU 31)
Microsoft SQL Server 2017 for x64-based Systems (GDR)
Microsoft SQL Server 2019 for x64-based Systems (CU 29)
Microsoft SQL Server 2019 for x64-based Systems (GDR)
Microsoft SQL Server 2022 for x64-based Systems (CU 15)
Microsoft SQL Server 2022 for x64-based Systems (GDR)
Server Software Product Line
Microsoft Exchange Server 2016 Cumulative Update 23
Microsoft Exchange Server 2019 Cumulative Update 13
Microsoft Exchange Server 2019 Cumulative Update 14
System Center Product Line
Microsoft Defender for Endpoint for Android
Microsoft Defender for Endpoint for iOS
Windows Product Line
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 11 Version 23H2 for ARM64-based Systems
Windows 11 Version 23H2 for x64-based Systems
Windows 11 Version 24H2 for ARM64-based Systems
Windows 11 Version 24H2 for x64-based Systems
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows Server 2022, 23H2 Edition (Server Core installation)
Windows Server 2025
Windows Server 2025 (Server Core installation)
Resolved Vulnerabilities
4 critical vulnerabilities and 84 important vulnerabilities have been discovered.
Apps Product Line
Critical-rated privilege escalation vulnerability in Microsoft PC Manager (CVE-2024-49051)
Azure Product Line
Critical elevation of privilege vulnerability in Airlift.microsoft.com (CVE-2024-49056)
Critical remote code execution vulnerability in Azure CycleCloud (CVE-2024-43602)
Critical-grade privilege escalation vulnerabilities in Azure Database for PostgreSQL (CVE-2024-49042, CVE-2024-43613)
Developer Tools Product Line
Urgent-grade remote code execution vulnerability in .NET and Visual Studio (CVE-2024-43498)
Critical-grade denial-of-service vulnerability in .NET and Visual Studio (CVE-2024-43499)
Moderate-grade privilege escalation vulnerability in Visual Studio Code (CVE-2024-49049)
Critical-grade remote code execution vulnerability in Visual Studio Code (CVE-2024-49050)
Critical elevation of privilege vulnerability in Visual Studio (CVE-2024-49044)
Mariner Product Line
Microsoft Office Product Line
Critical remote code execution vulnerabilities in Microsoft Graphics Component (CVE-2024-49031, CVE-2024-49032)
Remote code execution vulnerabilities in Microsoft Office Excel rated Critical (CVE-2024-49026, CVE-2024-49027, CVE-2024-49028, CVE-2024-49029, CVE-2024-49030)
None-rated Defense in Depth vulnerability in Microsoft Office SharePoint (ADV240001)
A Critical Security Feature Bypass Vulnerability in Microsoft Office Word (CVE-2024-49033)
Open Source Software Product Line
Critical remote code execution vulnerability in LightGBM (CVE-2024-43598)
Critical remote code execution vulnerability in TorchGeo (CVE-2024-49048)
SQL Server Product Line
Critical-grade remote code execution vulnerabilities in SQL Server (CVE-2024-38255, CVE-2024-43459, CVE-2024-43462, CVE-2024-48994, CVE-2024-48995, CVE-2024-48996, CVE-2024-49043, CVE-2024-48993, CVE-2024-48997, CVE-2024-48998, CVE-2024-48999, CVE-2024-49000, CVE-2024-49001, Cve-2024-49002, cve-2024-49003, cve-2024-49004, cve-2024-49005, cve-2024-49007, cve-2024-49006, cve-2024-49008, cve-2024-49009, cve-2024-49010, Cve-2024-49011, cve-2024-49012, cve-2024-49013, cve-2024-49014, cve-2024-49015, cve-2024-49016, cve-2024-49017, cve-2024-49018, cve-2024-49021)
Server Software Product Line
Critical-grade spoofing vulnerability in Microsoft Exchange Server (CVE-2024-49040)
Windows Product Line
Critical Denial of Service Vulnerability in Microsoft Virtual Hard Drive (CVE-2024-38264)
Critical spoofing vulnerability in Microsoft Windows DNS (CVE-2024-43450)
Role: Critical elevation of privilege vulnerability in Windows Active Directory Certificate Services (CVE-2024-49019)
Role: Critical elevation of privilege vulnerability in Windows Hyper-V (CVE-2024-43624)
Role: Critical Denial of Service Vulnerability in Windows Hyper-V (CVE-2024-43633)
Critical elevation of privilege vulnerability in Windows CSC Service (CVE-2024-43644)
Critical elevation of privilege vulnerabilities in Windows DWM Core Library (CVE-2024-43629, CVE-2024-43636)
Critical security feature bypass vulnerability in Windows Defender Application Control (WDAC) (CVE-2024-43645)
Critical remote code execution vulnerability in Windows Kerberos (CVE-2024-43639)
Critical elevation of privilege vulnerability in Windows Kernel (CVE-2024-43630)
Critical elevation of privilege vulnerability in Windows NT OS Kernel (CVE-2024-43623)
Highly critical spoofing vulnerability in Windows NTLM (CVE-2024-43451)
Critical information disclosure vulnerability in Windows Package Library Manager (CVE-2024-38203)
Critical elevation of privilege vulnerabilities in the Windows Registry (CVE-2024-43452, CVE-2024-43641)
Critical remote code execution vulnerability in Windows SMBv3 Client/Server (CVE-2024-43447)
Critical-grade denial-of-service vulnerability in Windows SMB (CVE-2024-43642)
Critical elevation of privilege vulnerabilities in Windows Secure Kernel Mode (CVE-2024-43631, CVE-2024-43646, CVE-2024-43640)
Critical elevation of privilege vulnerability in Windows Task Scheduler (CVE-2024-49039)
Critical elevation of privilege vulnerability in Windows Telephony Service (CVE-2024-43626)
Critical remote code execution vulnerabilities in Windows Telephony Service (CVE-2024-43627, CVE-2024-43628, CVE-2024-43620, CVE-2024-43621, CVE-2024-43622, CVE-2024-43635)
Critical elevation of privilege vulnerabilities in the Windows USB Video Driver (CVE-2024-43634, CVE-2024-43637, CVE-2024-43638, CVE-2024-43643, CVE-2024-43449)
Critical elevation of privilege vulnerability in Windows Update Stack (CVE-2024-43530)
Urgent-grade privilege escalation vulnerability in Windows VMSwitch (CVE-2024-43625)
Critical elevation of privilege vulnerability in the Windows Win32 Kernel Subsystem (CVE-2024-49046)
Vulnerability Patches
The following product-specific Vulnerability Patches were made available with the November 12, 2024 Update. Please use the Windows Update feature for automatic installation or refer to the URLs in the product information below to download and install.
.NET 9.0 installed on Linux version
.NET 9.0 installed on Mac OS version
.NET 9.0 installed on Windows version
Azure CycleCloud 8.0.0 version
Azure CycleCloud 8.0.1 version
Azure CycleCloud 8.0.2 version
Azure CycleCloud 8.1.0 version
Azure CycleCloud 8.1.1 version
Azure CycleCloud 8.2.0 version
Azure CycleCloud 8.2.1 version
Azure CycleCloud 8.2.2 version
Azure CycleCloud 8.3.0 version
Azure CycleCloud 8.4.0 version
Azure CycleCloud 8.4.1 version
Azure CycleCloud 8.4.2 version
Azure CycleCloud 8.5.0 version
Azure CycleCloud 8.6.0 version
Azure CycleCloud 8.6.1 version
Azure CycleCloud 8.6.2 version
Azure CycleCloud 8.6.3 version
Azure CycleCloud 8.6.4 version
Azure Database for PostgreSQL Flexible Server 12 version
Azure Database for PostgreSQL Flexible Server 13 version
Azure Database for PostgreSQL Flexible Server 14 version
Azure Database for PostgreSQL Flexible Server 15 version
Azure Database for PostgreSQL Flexible Server 16 version
https://msrc.microsoft.com/update-guide/
Azure Linux 3.0 ARM version
Azure Linux 3.0 x64 version
https://www.catalog.update.microsoft.com/Search.aspx?q=KBkernel
CBL Mariner 2.0 ARM version
CBL Mariner 2.0 x64 version
https://www.catalog.update.microsoft.com/Search.aspx?q=KBopenssl
https://www.catalog.update.microsoft.com/Search.aspx?q=KBcloud-hypervisor-cvm
https://www.catalog.update.microsoft.com/Search.aspx?q=KBruby
https://www.catalog.update.microsoft.com/Search.aspx?q=KBrubygem-rexml
LightGBM version
https://lightgbm.readthedocs.io/en/stable/Installation-Guide.html
Microsoft 365 Apps for Enterprise version
https://msrc.microsoft.com/update-guide/
Microsoft Defender for Endpoint for Android version
Microsoft Defender for Endpoint for iOS version
https://msrc.microsoft.com/update-guide/
Microsoft Excel 2016 version
Microsoft Excel 2016 Click-to-Run (C2R) version
https://www.microsoft.com/download/details.aspx?familyid=ac5ba11c-b4ac-4ed7-9210-b91b88d20faf
Microsoft Exchange Server 2016 Cumulative Update 23 version
Microsoft Exchange Server 2019 Cumulative Update 13 version
Microsoft Exchange Server 2019 Cumulative Update 14 version
https://www.microsoft.com/download/details.aspx?familyid=56d90b73-4c0a-4cc6-a34e-768284aada1b
Microsoft Office 2016 version
https://www.microsoft.com/download/details.aspx?familyid=a0f49302-1286-436a-9411-71f5fd595008
Microsoft Office 2019 version
Microsoft Office LTSC 2021 version
Microsoft Office LTSC 2024 version
https://msrc.microsoft.com/update-guide/
Microsoft Office LTSC for Mac 2021 version
Microsoft Office LTSC for Mac 2024 version
https://msrc.microsoft.com/update-guide/
Microsoft Office Online Server version
https://www.microsoft.com/download/details.aspx?familyid=968862c1-b9dd-48f4-8371-1b0f60208eb5
Microsoft PC Manager version
https://msrc.microsoft.com/update-guide/
Microsoft SQL Server 2016 Service Pack 3 (GDR) version
https://www.microsoft.com/download/details.aspx?familyid=bdefbc71-f4ac-4adf-8fc3-5ab090847240
Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack version
https://www.microsoft.com/download/details.aspx?familyid=2a4f8082-3468-4c6b-9d5f-2a56ef9590aa
Microsoft SQL Server 2017 (CU 31) version
https://www.microsoft.com/download/details.aspx?familyid=6f62546d-da84-4965-89db-190d7ba41f42
Microsoft SQL Server 2017 (GDR) version
https://www.microsoft.com/download/details.aspx?familyid=09e83a7b-42e4-4eed-b9a9-47e677391102
Microsoft SQL Server 2019 (CU 29) version
https://www.microsoft.com/download/details.aspx?familyid=d7ab6ee0-bcf2-4b55-8d9d-ffe7976a4a03
Microsoft SQL Server 2019 (GDR) version
https://www.microsoft.com/download/details.aspx?familyid=7744f829-703a-4937-a38e-f07daa6611bc
Microsoft SQL Server 2022 (CU 15) version
https://www.microsoft.com/download/details.aspx?familyid=e6aca7fc-403a-45b1-a04a-d013715e3624
Microsoft SQL Server 2022 (GDR) version
https://www.microsoft.com/download/details.aspx?familyid=f0ec86b8-7b27-469c-a948-445023c33181
Microsoft SharePoint Enterprise Server 2016 version
https://www.microsoft.com/download/details.aspx?familyid=42047855-e07f-421d-a37d-a2524870335a
Microsoft SharePoint Server 2019 version
https://www.microsoft.com/download/details.aspx?familyid=237e6a78-7c51-4675-9208-6fb09d8a07f5
Microsoft SharePoint Server Subscription Edition version
https://www.microsoft.com/download/details.aspx?familyid=7ec5d96c-5204-4ba0-b435-8eb29d1ee1fe
Microsoft TorchGeo version
Microsoft Visual Studio 2022 17.10 version
Microsoft Visual Studio 2022 17.11 version
Microsoft Visual Studio 2022 17.6 version
Microsoft Visual Studio 2022 17.8 version
https://msrc.microsoft.com/update-guide/
Microsoft Word 2016 version
https://www.microsoft.com/download/details.aspx?familyid=9271400d-4371-4ec8-995e-17cd550e1705
Python extension for Visual Studio Code version
Visual Studio Code Remote – SSH Extension version
https://msrc.microsoft.com/update-guide/
Windows 10 version
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5046665
Windows 10 version 1607 version
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5046612
Windows 10 version 1809
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5046615
Windows 10 version 21H2
Windows 10 version 22H2
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5046613
Windows 11 version 22H2
Windows 11 version 23H2
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5046633
Windows 11 version 24H2
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5046617
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5046696
Windows Server 2008 R2 Service Pack 1 version
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5046687
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5046705
Windows Server 2008 Service Pack 2 version
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5046661
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5046639
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5046630
Windows Server 2012 version
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5046697
Windows Server 2012 R2 version
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5046682
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5046630
Windows Server 2016 version
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5046612
Windows Server 2019 version
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5046615
Windows Server 2022 version
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5046616
Windows Server 2022, 23H2 version
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5046618
Windows Server 2025 version
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5046617
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5046696