Microsoft Releases November 2024 Security Updates


Microsoft has released security updates to address 89 vulnerabilities in Microsoft products. The security updates include four critical vulnerabilities, two vulnerabilities that are under zero-day exploitation, and four vulnerabilities that are publicly disclosed.

Vulnerability details
CVE-2024-43451 – NTLM Hash Disclosure Spoofing Vulnerability CVE-2024-43451 is an ‘external control of file name or path’ vulnerability in Windows and Windows Server and has a CVSSv3 score of 6.5. Successful exploitation discloses a user’s NTLMv2 hash to the attacker, who could use the hash to authenticate as the user. This vulnerability is publicly known and is under active exploitation.

Read more…
Source: NHS Digital


Sign up for our Newsletter


Related:

  • Microsoft tops last month’s record with 622 Patch Tuesday CVEs

    July 14, 2026

    Remember last month when we were awed by Microsoft’s record-setting Patch Tuesday that addressed 206 CVEs? That was a quaint era compared to this month: Redmond just rolled out patches for 622 CVEs specific to its products, slightly more than tripling last month’s all-time high. Redmond’s Patch Tuesday release is once again one for the record books, with everything under ...

  • Two Chrome updates in two days fix critical vulnerabilities

    July 10, 2026

    Updating Chrome is becoming an almost daily task lately. But it’s too important to ignore. On Wednesday, July 8, Google released another Chrome update, just one day later after the previous one. Between them, the two updates fixed 27 security vulnerabilities, including two critical flaws that could be exploited to compromise Chrome. Google says both are “use-after-free” memory vulnerabilities, which ...

  • Microsoft has fixed the “RoguePlanet” zero-day in Microsoft Defender

    July 9, 2026

    Microsoft has quietly fixed the “RoguePlanet” zero-day in Microsoft Defender, closing the latest hole exposed by security researcher Nightmare Eclipse after months of public sparring over the company’s handling of vulnerability reports. The vulnerability, tracked as CVE-2026-50656, was addressed through an update to the Microsoft Malware Protection Engine rather than via its monthly Patch Tuesday bundle. Microsoft said ...

  • WinRAR flaw could allow attackers to take control of your computer

    July 2, 2026

    Rarlab has released a new version of the popular WinRAR tool to patch a vulnerability that can be abused in remote code execution attacks. The issue is fixed in WinRAR 7.23, but users must install the new version manually because WinRAR still does not offer automatic updates. They also need to make sure they download the version that matches their ...

  • Hackers breached DHS information-sharing network

    June 30, 2026

    A key Department of Homeland Security information-sharing database was accessed by an unknown threat actor in recent weeks, potentially exposing sensitive data exchanged between federal, state, local and industry partners, according to two people familiar with the matter. DHS investigators are probing the intrusion of the Homeland Security Information Network, said both people, who spoke on ...

  • Apple releases security patches for iOS, MacOS Tahoe, Safari

    June 30, 2026

    Apple has released security updates for more than two dozen security vulnerabilities across iPhone, iPad, and Mac. The updates for iOS/iPadOS, MacOS Tahoe, and Safari were issued after testing on iOS 26.6 and iPadOS 26.6 betas. What stands out in the update is that a lot of the vulnerabilities were found in WebKit, the browser engine that powers Safari ...