Microsoft’s November 2024 Patch Tuesday updates fix 89 security vulnerabilities in Windows 10 and 11.
Last Update: Nov 19, 2024 | Published: Nov 13, 2024
Key Takeaways:
Microsoft released yesterday the November 2024 Patch Tuesday updates for all supported versions of Windows 11 and Windows 10. This month, the company has fixed a total of 89 Windows vulnerabilities, with eight of them more likely to be exploited by attackers.
Among the 89 Windows vulnerabilities Microsoft fixed this month, 4 are rated “Critical,” 84 are rated Important, and one is rated Moderate in severity. However, two vulnerabilities are already being exploited in the wild, and you can find more details below:
You can find the full list of CVEs released by Microsoft with the November 2024 Patch Tuesday updates below:
Product | Impact | Max Severity | Article | Details |
Azure Database for PostgreSQL Flexible Server 12 | Elevation of Privilege | Important | Release Notes | CVE-2024-43613 |
Azure Database for PostgreSQL Flexible Server 13 | Elevation of Privilege | Important | Release Notes | CVE-2024-43613 |
Azure Database for PostgreSQL Flexible Server 14 | Elevation of Privilege | Important | Release Notes | CVE-2024-43613 |
Azure Database for PostgreSQL Flexible Server 15 | Elevation of Privilege | Important | Release Notes | CVE-2024-43613 |
Azure Database for PostgreSQL Flexible Server 16 | Elevation of Privilege | Important | Release Notes | CVE-2024-43613 |
Microsoft Office LTSC for Mac 2024 | Remote Code Execution | Important | Release Notes | CVE-2024-49029 |
Microsoft Excel 2016 (64-bit edition) | Remote Code Execution | Important | 5002653 | CVE-2024-49028 |
Microsoft Excel 2016 (32-bit edition) | Remote Code Execution | Important | 5002653 | CVE-2024-49028 |
Microsoft SQL Server 2017 for x64-based Systems (CU 31) | Remote Code Execution | Important | 5046858 | CVE-2024-49012 |
Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | Remote Code Execution | Important | 5046856 | CVE-2024-49012 |
Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | Remote Code Execution | Important | 5046855 | CVE-2024-49012 |
Microsoft SQL Server 2017 for x64-based Systems (GDR) | Remote Code Execution | Important | 5046857 | CVE-2024-48993 |
Windows Server 2012 R2 (Server Core installation) | Information Disclosure | Important | 5046682 | CVE-2024-38203 |
Windows Server 2012 R2 | Information Disclosure | Important | 5046682 | CVE-2024-38203 |
Windows Server 2012 (Server Core installation) | Information Disclosure | Important | 5046697 | CVE-2024-38203 |
Windows Server 2012 | Information Disclosure | Important | 5046697 | CVE-2024-38203 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | Information Disclosure | Important | 5046687 | CVE-2024-38203 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | Information Disclosure | Important | 5046705 | CVE-2024-38203 |
Windows Server 2016 (Server Core installation) | Remote Code Execution | Critical | 5046612 | CVE-2024-43639 |
Windows Server 2016 | Remote Code Execution | Critical | 5046612 | CVE-2024-43639 |
Windows Server 2022, 23H2 Edition (Server Core installation) | Remote Code Execution | Critical | 5046618 | CVE-2024-43639 |
Windows 10 Version 1809 for x64-based Systems | Elevation of Privilege | Important | 5046615 | CVE-2024-43629 |
Windows 10 Version 1809 for 32-bit Systems | Elevation of Privilege | Important | 5046615 | CVE-2024-43629 |
Windows Server 2025 (Server Core installation) | Elevation of Privilege | Important | 5046617 | CVE-2024-43629 |
Windows Server 2025 (Server Core installation) | Elevation of Privilege | Important | 5046696 | CVE-2024-43629 |
Windows Server 2025 | Elevation of Privilege | Important | 5046617 | CVE-2024-43629 |
Windows Server 2025 | Elevation of Privilege | Important | 5046696 | CVE-2024-43629 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | Remote Code Execution | Important | 5046687 | CVE-2024-43620 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | Remote Code Execution | Important | 5046705 | CVE-2024-43620 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | Remote Code Execution | Important | 5046661 | CVE-2024-43620 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | Remote Code Execution | Important | 5046639 | CVE-2024-43620 |
Windows Server 2008 for x64-based Systems Service Pack 2 | Remote Code Execution | Important | 5046661 | CVE-2024-43620 |
Windows Server 2008 for x64-based Systems Service Pack 2 | Remote Code Execution | Important | 5046639 | CVE-2024-43620 |
Microsoft SQL Server 2019 for x64-based Systems (GDR) | Remote Code Execution | Important | 5046859 | CVE-2024-48996 |
Microsoft SQL Server 2019 for x64-based Systems (CU 29) | Remote Code Execution | Important | 5046860 | CVE-2024-48995 |
Windows 10 Version 1607 for x64-based Systems | Elevation of Privilege | Important | 5046612 | CVE-2024-43644 |
Windows 10 Version 1607 for 32-bit Systems | Elevation of Privilege | Important | 5046612 | CVE-2024-43644 |
Windows 10 for x64-based Systems | Elevation of Privilege | Important | 5046665 | CVE-2024-43644 |
Windows 10 for 32-bit Systems | Elevation of Privilege | Important | 5046665 | CVE-2024-43644 |
Windows 10 Version 21H2 for ARM64-based Systems | Elevation of Privilege | Important | 5046613 | CVE-2024-43630 |
Windows 10 Version 21H2 for 32-bit Systems | Elevation of Privilege | Important | 5046613 | CVE-2024-43630 |
Windows Server 2022 (Server Core installation) | Elevation of Privilege | Important | 5046616 | CVE-2024-43630 |
Windows Server 2022 | Elevation of Privilege | Important | 5046616 | CVE-2024-43630 |
Windows 11 Version 23H2 for ARM64-based Systems | Elevation of Privilege | Important | 5046633 | CVE-2024-43626 |
Windows 10 Version 22H2 for 32-bit Systems | Elevation of Privilege | Important | 5046613 | CVE-2024-43626 |
Windows 10 Version 22H2 for ARM64-based Systems | Elevation of Privilege | Important | 5046613 | CVE-2024-43626 |
Windows 10 Version 22H2 for x64-based Systems | Elevation of Privilege | Important | 5046613 | CVE-2024-43626 |
Microsoft SharePoint Server Subscription Edition | Defense in Depth | None | 5002651 | ADV240001 |
Microsoft SharePoint Server 2019 | Defense in Depth | None | 5002650 | ADV240001 |
Microsoft SharePoint Enterprise Server 2016 | Defense in Depth | None | 5002654 | ADV240001 |
Microsoft PC Manager | Elevation of Privilege | Important | Release Notes | CVE-2024-49051 |
Python extension for Visual Studio Code | Remote Code Execution | Important | Release Notes | CVE-2024-49050 |
Microsoft TorchGeo | Remote Code Execution | Important | Release Notes | CVE-2024-49048 |
Windows 11 Version 24H2 for x64-based Systems | Elevation of Privilege | Important | 5046617 | CVE-2024-49039 |
Windows 11 Version 24H2 for x64-based Systems | Elevation of Privilege | Important | 5046696 | CVE-2024-49039 |
Windows 11 Version 24H2 for ARM64-based Systems | Elevation of Privilege | Important | 5046617 | CVE-2024-49039 |
Windows 11 Version 24H2 for ARM64-based Systems | Elevation of Privilege | Important | 5046696 | CVE-2024-49039 |
Windows 11 Version 23H2 for x64-based Systems | Elevation of Privilege | Important | 5046633 | CVE-2024-49039 |
Windows 11 Version 22H2 for x64-based Systems | Elevation of Privilege | Important | 5046633 | CVE-2024-49039 |
Windows 11 Version 22H2 for ARM64-based Systems | Elevation of Privilege | Important | 5046633 | CVE-2024-49039 |
Windows 10 Version 21H2 for x64-based Systems | Elevation of Privilege | Important | 5046613 | CVE-2024-49039 |
Windows Server 2019 (Server Core installation) | Elevation of Privilege | Important | 5046615 | CVE-2024-49039 |
Windows Server 2019 | Elevation of Privilege | Important | 5046615 | CVE-2024-49039 |
Microsoft Word 2016 (64-bit edition) | Security Feature Bypass | Important | 5002619 | CVE-2024-49033 |
Microsoft Word 2016 (32-bit edition) | Security Feature Bypass | Important | 5002619 | CVE-2024-49033 |
Microsoft Office LTSC 2024 for 64-bit editions | Security Feature Bypass | Important | Click to Run | CVE-2024-49033 |
Microsoft Office LTSC 2024 for 32-bit editions | Security Feature Bypass | Important | Click to Run | CVE-2024-49033 |
Microsoft Office LTSC 2021 for 32-bit editions | Security Feature Bypass | Important | Click to Run | CVE-2024-49033 |
Microsoft Office LTSC 2021 for 64-bit editions | Security Feature Bypass | Important | Click to Run | CVE-2024-49033 |
Microsoft Office LTSC for Mac 2021 | Security Feature Bypass | Important | Release Notes | CVE-2024-49033 |
Microsoft 365 Apps for Enterprise for 64-bit Systems | Security Feature Bypass | Important | Click to Run | CVE-2024-49033 |
Microsoft 365 Apps for Enterprise for 32-bit Systems | Security Feature Bypass | Important | Click to Run | CVE-2024-49033 |
Microsoft Office 2019 for 64-bit editions | Security Feature Bypass | Important | Click to Run | CVE-2024-49033 |
Microsoft Office 2019 for 32-bit editions | Security Feature Bypass | Important | Click to Run | CVE-2024-49033 |
Microsoft Office 2016 (64-bit edition) | Remote Code Execution | Important | 5002642 | CVE-2024-49032 |
Microsoft Office 2016 (32-bit edition) | Remote Code Execution | Important | 5002642 | CVE-2024-49032 |
Microsoft Excel 2016 Click-to-Run (C2R) for 64-bit editions | Remote Code Execution | Important | 5002653 | CVE-2024-49026 |
Microsoft Excel 2016 Click-to-Run (C2R) for 32-bit editions | Remote Code Execution | Important | 5002653 | CVE-2024-49026 |
Microsoft Office Online Server | Remote Code Execution | Important | 5002648 | CVE-2024-49026 |
Microsoft SQL Server 2022 for x64-based Systems (CU 15) | Remote Code Execution | Important | 5046862 | CVE-2024-49021 |
Microsoft SQL Server 2022 for x64-based Systems (GDR) | Remote Code Execution | Important | 5046861 | CVE-2024-49021 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | Elevation of Privilege | Important | 5046661 | CVE-2024-49019 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | Elevation of Privilege | Important | 5046639 | CVE-2024-49019 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | Elevation of Privilege | Important | 5046661 | CVE-2024-49019 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | Elevation of Privilege | Important | 5046639 | CVE-2024-49019 |
.NET 9.0 installed on Linux | Remote Code Execution | Critical | Release Notes | CVE-2024-43498 |
.NET 9.0 installed on Windows | Remote Code Execution | Critical | Release Notes | CVE-2024-43498 |
.NET 9.0 installed on Mac OS | Remote Code Execution | Critical | Release Notes | CVE-2024-43498 |
Microsoft Visual Studio 2022 version 17.11 | Remote Code Execution | Critical | Release Notes | CVE-2024-43498 |
Microsoft Visual Studio 2022 version 17.10 | Remote Code Execution | Critical | Release Notes | CVE-2024-43498 |
Microsoft Visual Studio 2022 version 17.6 | Remote Code Execution | Critical | Release Notes | CVE-2024-43498 |
Microsoft Visual Studio 2022 version 17.8 | Remote Code Execution | Critical | Release Notes | CVE-2024-43498 |
LightGBM | Remote Code Execution | Important | Releaase Notes | CVE-2024-43598 |
airlift.microsoft.com | Elevation of Privilege | Critical | CVE-2024-49056 | |
Visual Studio Code Remote – SSH Extension | Elevation of Privilege | Moderate | Release Notes | CVE-2024-49049 |
Microsoft Exchange Server 2016 Cumulative Update 23 | Spoofing | Important | 5044062 | CVE-2024-49040 |
Microsoft Exchange Server 2019 Cumulative Update 14 | Spoofing | Important | 5044062 | CVE-2024-49040 |
Microsoft Exchange Server 2019 Cumulative Update 13 | Spoofing | Important | 5044062 | CVE-2024-49040 |
Microsoft Defender for Endpoint for iOS | Remote Code Execution | Important | Release Notes | CVE-2024-5535 |
Microsoft Defender for Endpoint for Android | Remote Code Execution | Important | Release Notes | CVE-2024-5535 |
Azure Linux 3.0 ARM | openssl | CVE-2024-5535 | ||
CBL Mariner 2.0 x64 | cloud-hypervisor-cvm | CVE-2024-5535 | ||
CBL Mariner 2.0 x64 | openssl | CVE-2024-5535 | ||
CBL Mariner 2.0 ARM | cloud-hypervisor-cvm | CVE-2024-5535 | ||
CBL Mariner 2.0 ARM | openssl | CVE-2024-5535 | ||
Azure Linux 3.0 x64 | openssl | CVE-2024-5535 | ||
Windows Server 2012 R2 (Server Core installation) | Spoofing | Important | 5046630 | CVE-2024-43451 |
Windows Server 2012 R2 | Spoofing | Important | 5046630 | CVE-2024-43451 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | Spoofing | Important | 5046630 | CVE-2024-43451 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | Spoofing | Important | 5046630 | CVE-2024-43451 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | Spoofing | Important | 5046630 | CVE-2024-43451 |
Windows Server 2008 for x64-based Systems Service Pack 2 | Spoofing | Important | 5046630 | CVE-2024-43451 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | Spoofing | Important | 5046630 | CVE-2024-43451 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | Spoofing | Important | 5046630 | CVE-2024-43451 |
Azure CycleCloud 8.3.0 | Remote Code Execution | Important | Release Notes | CVE-2024-43602 |
Azure CycleCloud 8.5.0 | Remote Code Execution | Important | Release Notes | CVE-2024-43602 |
Azure CycleCloud 8.4.0 | Remote Code Execution | Important | Release Notes | CVE-2024-43602 |
Azure CycleCloud 8.4.2 | Remote Code Execution | Important | Release Notes | CVE-2024-43602 |
Azure CycleCloud 8.1.1 | Remote Code Execution | Important | Release Notes | CVE-2024-43602 |
Azure CycleCloud 8.4.1 | Remote Code Execution | Important | Release Notes | CVE-2024-43602 |
Azure CycleCloud 8.2.2 | Remote Code Execution | Important | Release Notes | CVE-2024-43602 |
Azure CycleCloud 8.2.1 | Remote Code Execution | Important | Release Notes | CVE-2024-43602 |
Azure CycleCloud 8.2.0 | Remote Code Execution | Important | Release Notes | CVE-2024-43602 |
Azure CycleCloud 8.1.0 | Remote Code Execution | Important | Release Notes | CVE-2024-43602 |
Azure CycleCloud 8.0.2 | Remote Code Execution | Important | Release Notes | CVE-2024-43602 |
Azure CycleCloud 8.6.1 | Remote Code Execution | Important | Release Notes | CVE-2024-43602 |
Azure CycleCloud 8.6.2 | Remote Code Execution | Important | Release Notes | CVE-2024-43602 |
Azure CycleCloud 8.6.0 | Remote Code Execution | Important | Release Notes | CVE-2024-43602 |
Azure CycleCloud 8.0.1 | Remote Code Execution | Important | Release Notes | CVE-2024-43602 |
Azure CycleCloud 8.0.0 | Remote Code Execution | Important | Release Notes | CVE-2024-43602 |
Azure CycleCloud 8.6.4 | Remote Code Execution | Important | Release Notes | CVE-2024-43602 |
Azure CycleCloud 8.6.3 | Remote Code Execution | Important | Release Notes | CVE-2024-43602 |
For Windows 11 version 24H2, the KB5046617 update brings several enhancements, including Copilot key settings, notifications suggestions, and narrator improvements. Microsoft has also introduced a new Windows Sandbox app that adds support for Runtime clipboard redirection, audio and video input control as well as the ability to share folders with the host at runtime.
Additionally, Microsoft has released the KB5046633 update for users running Windows 11 versions 23H2 and 22H2. This patch also includes the new Copilot key settings and enhancements for Narrator and notifications. Microsoft has addressed an issue that was previously causing excessive battery consumption in Modern Standby mode.
For Windows 10 versions 22H2 and 21H2, the KB5046613 update introduces a new account manager on the Start menu. Microsoft has also fixed a bug that was previously preventing users from opening apps like Quick Assist, Microsoft Teams, and Windows Narrator without administrative privileges.
Organizations looking to deploy this month’s patches should conduct thorough testing before deploying them widely on production systems. That said, applying the patches widely shouldn’t be delayed longer than necessary as hackers start to work out how to weaponize newly reported vulnerabilities.
A best practice is to make sure you have backed up systems before applying updates. Every month, users experience issues with Windows updates that lead to systems not booting, application and hardware compatibility issues, or even data loss in extreme cases.
There are backup tools built into Windows and Windows Server that you can use to restore systems in the event a patch causes a problem. The backup features in Windows can be used to restore an entire system, or files and folders on a granular basis.