Microsoft’s latest Patch Tuesday release tackles 89 vulnerabilities across various platforms, including Windows, SQL Server, .NET, and Microsoft Office. Among these are three zero-day vulnerabilities (CVE-2024-43451, CVE-2024-49019, and CVE-2024-49039) that require immediate patching for Windows systems. Additionally, there are several patch “re-releases”
For a detailed breakdown of the risks associated with each update in this cycle, check out the infographic provided by the team at
Known challenges
Following the September update rollout, some reported issues have been resolved:
- Enterprise users have encountered problems with the SSH service failing to start on
updated Windows 11 24H2 machines. Microsoft suggests updating file/directory permissions on SSH program directories as a workaround. More information can be found here.
A new era of
Significant updates
This month’s Patch Tuesday brings forth several
- CVE-2013-390: WinVerifyTrust Signature Validation Vulnerability has resurfaced due to changes in the EnableCertPaddingCheck API call affecting Windows 10 and 11 users. Reviewing this CVE along with its Q&A documentation is crucial for proper
implementation. - CVE-2024-49040: Microsoft Exchange Server Spoofing Vulnerability has been updated twice within a week following public disclosure. Before applying
this Exchange Server update, thorough examination of reported header detection issues is recommended.
In an unusual move, three kernel mode
2024 -11 -21 11:15:03
Original from www.computerworld.com
