November 2024 Security Updates
This release consists of the following 89 Microsoft CVEs:
Tag CVE Base Score CVSS Vector Exploitability FAQs? Workarounds? Mitigations?
Windows Package Library Manager CVE-2024-38203
SQL Server CVE-2024-38255
Microsoft Virtual Hard Drive CVE-2024-38264
Windows SMBv3 Client/Server CVE-2024-43447
Windows USB Video Driver CVE-2024-43449
Microsoft Windows DNS CVE-2024-43450
Windows NTLM CVE-2024-43451
Windows Registry CVE-2024-43452
SQL Server CVE-2024-43459
SQL Server CVE-2024-43462
.NET and Visual Studio CVE-2024-43498
.NET and Visual Studio CVE-2024-43499
Windows Update Stack CVE-2024-43530
LightGBM CVE-2024-43598
Azure CycleCloud CVE-2024-43602
Azure Database for PostgreSQL CVE-2024-43613
Windows Telephony Service CVE-2024-43620
Windows Telephony Service CVE-2024-43621
Windows Telephony Service CVE-2024-43622
Windows NT OS Kernel CVE-2024-43623
Role: Windows Hyper-V CVE-2024-43624
Windows VMSwitch CVE-2024-43625
Windows Telephony Service CVE-2024-43626
Windows Telephony Service CVE-2024-43627
Windows Telephony Service CVE-2024-43628
Windows DWM Core Library CVE-2024-43629
Windows Kernel CVE-2024-43630
Windows Secure Kernel Mode CVE-2024-43631
Role: Windows Hyper-V CVE-2024-43633
Windows USB Video Driver CVE-2024-43634
Windows Telephony Service CVE-2024-43635
Windows DWM Core Library CVE-2024-43636
Windows USB Video Driver CVE-2024-43637
Windows USB Video Driver CVE-2024-43638
Windows Kerberos CVE-2024-43639
Windows Secure Kernel Mode CVE-2024-43640
Windows Registry CVE-2024-43641
Windows SMB CVE-2024-43642
Windows USB Video Driver CVE-2024-43643
Windows CSC Service CVE-2024-43644
Windows Defender Application Control (WDAC) CVE-2024-43645
Windows Secure Kernel Mode CVE-2024-43646
SQL Server CVE-2024-48993
SQL Server CVE-2024-48994
SQL Server CVE-2024-48995
SQL Server CVE-2024-48996
SQL Server CVE-2024-48997
SQL Server CVE-2024-48998
SQL Server CVE-2024-48999
SQL Server CVE-2024-49000
SQL Server CVE-2024-49001
SQL Server CVE-2024-49002
SQL Server CVE-2024-49003
SQL Server CVE-2024-49004
SQL Server CVE-2024-49005
SQL Server CVE-2024-49006
SQL Server CVE-2024-49007
SQL Server CVE-2024-49008
SQL Server CVE-2024-49009
SQL Server CVE-2024-49010
SQL Server CVE-2024-49011
SQL Server CVE-2024-49012
SQL Server CVE-2024-49013
SQL Server CVE-2024-49014
SQL Server CVE-2024-49015
SQL Server CVE-2024-49016
SQL Server CVE-2024-49017
SQL Server CVE-2024-49018
Windows Active Directory Certificate Services CVE-2024-49019
SQL Server CVE-2024-49021
Microsoft Office Excel CVE-2024-49026
Microsoft Office Excel CVE-2024-49027
Microsoft Office Excel CVE-2024-49028
Microsoft Office Excel CVE-2024-49029
Microsoft Office Excel CVE-2024-49030
Microsoft Graphics Component CVE-2024-49031
Microsoft Graphics Component CVE-2024-49032
Microsoft Office Word CVE-2024-49033
Windows Task Scheduler CVE-2024-49039
Microsoft Exchange Server CVE-2024-49040
Azure Database for PostgreSQL CVE-2024-49042
SQL Server CVE-2024-49043
Visual Studio CVE-2024-49044
Windows Win32 Kernel Subsystem CVE-2024-49046
TorchGeo CVE-2024-49048
Visual Studio Code CVE-2024-49049
Visual Studio Code CVE-2024-49050
Microsoft PC Manager CVE-2024-49051
Airlift.microsoft.com CVE-2024-49056
We are republishing 3 non-Microsoft CVEs:
CNA Tag CVE FAQs? Workarounds? Mitigations?
Chrome Microsoft Edge (Chromium-based) CVE-2024-10826
Chrome Microsoft Edge (Chromium-based) CVE-2024-10827
OpenSSL Microsoft Defender for Endpoint CVE-2024-5535
Security Update Guide Blog Posts
Date Blog Post
November 12, 2024 Toward greater transparency: Publishing machine-readable CSAF files
June 27, 2024 Toward greater transparency: Unveiling Cloud Service CVEs
April 9, 2024 Toward greater transparency: Security Update Guide now shares CWEs for CVEs
January 6, 2023 Publishing CBL-Mariner CVEs on the Security Update Guide CVRF API
January 11, 2022 Coming Soon: New Security Update Guide Notification System
February 9, 2021 Continuing to Listen: Good News about the Security Update Guide API
January 13, 2021 Security Update Guide Supports CVEs Assigned by Industry Partners
December 8, 2020 Security Update Guide: Let’s keep the conversation going
November 9, 2020 Vulnerability Descriptions in the New Version of the Security Update Guide
Relevant Resources
- The new Hotpatching feature is now generally available. Please see Hotpatching feature for Windows Server Azure Edition virtual machines (VMs) for more information.
- Windows 10 and Windows 11 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10 and Windows 11, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 and Windows 11 operating systems, please see Windows Lifecycle Facts Sheet.
- Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.
- A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
- In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
- Customers running Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.
You can see these in more detail from the Deployments tab by selecting Known Issues column in the Edit Columns panel.
For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).
KB Article Applies To
5046617 Windows 11, version 24H2, Windows Server 2025, Windows Server 2025 (Server Core installation)
5046633 Windows 11, version 22H2, Windows 11, version 23H2
5046639 Windows Server 2008 (Security-only update)
5046661 Windows Server 2008 (Monthly Rollup)
Released: Nov 12, 2024
November 2024 Security Updates - Release Notes - Security Update Guide - Microsoft
My Computer
System One
-
- OS
- Windows 11