Microsoft’s latest Patch Tuesday release tackles 89 vulnerabilities across various platforms, including Windows, SQL Server, .NET, and Microsoft Office. Among these are three zero-day vulnerabilities (CVE-2024-43451, CVE-2024-49019, and CVE-2024-49039) that require immediate patching for Windows systems. Additionally, there are several patch “re-releases” that demand administrator attention.
For a detailed breakdown of the risks associated with each update in this cycle, check out the infographic provided by the team at Readiness. To stay updated on recent Patch Tuesday releases, refer to Computerworld’s comprehensive roundup.
Known challenges
Following the September update rollout, some reported issues have been resolved:
- Enterprise users have encountered problems with the SSH service failing to start on updated Windows 11 24H2 machines. Microsoft suggests updating file/directory permissions on SSH program directories as a workaround. More information can be found here.
A new era of ARM compatibility challenges for Microsoft seems imminent. However, addressing the longstanding Roblox issue should take precedence before delving into these new challenges.
Significant updates
This month’s Patch Tuesday brings forth several major revisions:
- CVE-2013-390: WinVerifyTrust Signature Validation Vulnerability has resurfaced due to changes in the EnableCertPaddingCheck API call affecting Windows 10 and 11 users. Reviewing this CVE along with its Q&A documentation is crucial for proper implementation.
- CVE-2024-49040: Microsoft Exchange Server Spoofing Vulnerability has been updated twice within a week following public disclosure. Before applying this Exchange Server update, thorough examination of reported header detection issues is recommended.
In an unusual move, three kernel mode updates (CVE-2024-43511,CVE -2024 -43516,andCVE -202443528) previously released in October have been reissued this month due to security vulnerabilities exploiting a race condition in Microsoft’s Virtualization Based Security (VBS). It is essential to review mitigating strategies while rigorously testing these low-level kernel patches.
2024 -11 -21 11:15:03
Original from www.computerworld.com