November Patch Tuesday loads up everyone’s plate

Credit to Author: Angela Gunn| Date: Wed, 13 Nov 2024 16:32:38 +0000

Microsoft on Tuesday released 89 patches affecting 14 product families. Two of the addressed issues, both touching Windows, are considered by Microsoft to be of critical severity. At patch time, two of the issues addressed are known to be under exploit in the wild, with eight additional CVEs more likely to be exploited in the next 30 days by the company’s estimation. Four of this month’s issues are amenable to detection by Sophos protections, and we include information on those in a table below.

In addition to these patches, the release includes advisory information on two Edge-related CVEs, and one related to Azure, CBL Mariner, and Defender (more on that advisory below). We are as always including at the end of this post additional appendices listing all Microsoft’s patches, sorted by severity, by predicted exploitability, and by product family.

By the numbers

  • Total CVEs: 89
  • Publicly disclosed: 3
  • Exploit detected: 2
  • Severity
    • Critical: 3
    • Important: 85
    • Moderate: 3
  • Impact
    • Remote Code Execution: 52
    • Elevation of Privilege: 27
    • Denial of Service: 4
    • Spoofing: 3
    • Security Feature Bypass: 2
    • Information Disclosure: 1
  • CVSS base score 9.0 or greater: 4
  • CVSS base score 8.0 or greater: 42

A bar chart showing impact and severity of the November 2024 patch Tuesday CVEs, as per text

Figure 1: RCE vulnerabilities, bolstered by a strong showing among the 31 SQL Server issues patched, constitute the majority of November’s updates

Products

  • Windows: 37
  • SQL Server: 31
  • 365 Apps: 8
  • Office: 8
  • Excel: 5
  • Visual Studio: 5
  • Azure: 3
  • .NET: 2
  • airlift.microsoft.com: 1
  • Exchange: 1
  • LightGBM: 1
  • PC Manager: 1
  • TorchGeo: 1
  • Word: 1

As is our custom for this list, CVEs that apply to more than one product family are counted once for each family they affect.

A bar chart showing severity by product family of the November 2024 Patch Tuesday CVEs, as per text

Figure 2: The variety of affected product families rivals last month’s, but Windows and SQL Server took the vast majority of November’s patches

Notable November updates

In addition to the issues discussed above, a number of specific items merit attention.

31 CVEs – Server 2025 issues

As reported in The Register last week, a KB error led to quite a number of instances of Server 2019 and 2022 receiving surprise upgrades to Server 2025. Though Microsoft eventually acknowledged and worked to mitigate the problem, as of this writing that process appears to still be underway. Meanwhile, this month’s Patch Tuesday’s set gives administrators one more very good reason to prioritize sorting out any unexpected Server 2025 presence on their systems, as over a third of the month’s patches affect the not-yet-official new version. We have listed those CVEs in Appendix E at the end of this writeup.

CVE-2024-5535 — OpenSSL: CVE-2024-5535 SSL_select_next_proto buffer overread

It’s relegated to the list of advisories, but this RCE, which carries a hefty 9.1 CVSS base score, merits a look. The information available is also noteworthy (though, as an OpenSSL-assigned CVE, it’s slightly different to the usual data Microsoft presents on its patches) – the available information advises that, in a worst-case scenario of attack via email, RCE could be achieved even if the user does not open, read, or click on a received link. The issue affects version 3.0 of Azure Linux, version 2.0 of CBL Mariner, and Defender for Endpoint on Android, iOS, and Windows. That said, Microsoft judges it less likely to be exploited in the next 30 days.

CVE-2024-49039 — Windows Task Scheduler Elevation of Privilege Vulnerability
CVE-2024-43451 — NTLM Hash Disclosure Spoofing Vulnerability

These are the two CVEs that Microsoft has found to be already under exploit in the wild. The first is the more serious of the two – an EoP with a CVSS base score of 8.8. Both require that the target system run a malicious application. The spoofing issue, which weighs in at a relatively less alarming 6.5 CVSS base, includes an additional surprise – IE Cumulative updates for users of Server 2008, 2008 R2, and 2012 R2 still taking Security Only updates.

CVE-2024-49040 — Microsoft Exchange Server Spoofing Vulnerability

This Important-severity spoofing vulnerability, which Microsoft believes to be more likely to be exploited within the next 30 days, has a rather specific set of post-installation instructions, which can be seen on the company’s site.

CVE-2024-49056 — airlift.microsoft.com Elevation of Privilege Vulnerability

An unusual CVE against a Microsoft micro-site, this Critical-severity EoP has already been patched. According to the information provided, “Authentication bypass by assumed-immutable data on airlift.microsoft.com allow[ed] an authorized attacker to elevate privileges over a network.”

A bar chart showing impact and severity of the 2024 patch Tuesday releases to date, as per text

Figure 3: With a month left to go in the year, and after remarkably low CVE counts in the first three months, 2024 has now officially exceeded the patch count for all of last year – 942 patches so far in 2024, as opposed to 931 for all of 2023

 

Sophos protections

 

As you can every month, if you don’t want to wait for your system to pull down Microsoft’s updates itself, you can download them manually from the Windows Update Catalog website. Run the winver.exe tool to determine which build of Windows 10 or 11 you’re running, then download the Cumulative Update package for your specific system’s architecture and build number.

Appendix A: Vulnerability Impact and Severity

This is a list of November patches sorted by impact, then sub-sorted by severity. Each list is further arranged by CVE.

Remote Code Execution (52 CVEs)

Critical severity
CVE-2024-43639Windows Kerberos Remote Code Execution Vulnerability
Important severity
CVE-2024-38255SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-43447Windows SMBv3 Server Remote Code Execution Vulnerability
CVE-2024-43459SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-43462SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-43498.NET and Visual Studio Remote Code Execution Vulnerability
CVE-2024-43598LightGBM Remote Code Execution Vulnerability
CVE-2024-43602Azure CycleCloud Remote Code Execution Vulnerability
CVE-2024-43620Windows Telephony Server Remote Code Execution Vulnerability
CVE-2024-43621Windows Telephony Server Remote Code Execution Vulnerability
CVE-2024-43622Windows Telephony Server Remote Code Execution Vulnerability
CVE-2024-43627Windows Telephony Server Remote Code Execution Vulnerability
CVE-2024-43628Windows Telephony Server Remote Code Execution Vulnerability
CVE-2024-43635Windows Telephony Server Remote Code Execution Vulnerability
CVE-2024-43640Windows Kernel-Mode Driver Remote Code Execution Vulnerability
CVE-2024-48993SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-48994SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-48995SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-48996SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-48997SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-48998SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-48999SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49000SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49001SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49002SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49003SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49004SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49005SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49006SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49007SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49008SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49009SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49010SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49011SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49012SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49013SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49014SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49015SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49016SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49017SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49018SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49021Microsoft SQL Server Remote Code Execution Vulnerability
CVE-2024-49026Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-49027Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-49028Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-49029Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-49030Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-49031Microsoft Office Graphics Remote Code Execution Vulnerability
CVE-2024-49032Microsoft Office Graphics Remote Code Execution Vulnerability
CVE-2024-49043Microsoft.SqlServer.XEvent.Configuration.dll Remote Code Execution Vulnerability
CVE-2024-49048TorchGeo Remote Code Execution Vulnerability
CVE-2024-49050Visual Studio Code Python Extension Remote Code Execution Vulnerability

 

Elevation of Privilege (27 CVEs)

Critical severity
CVE-2024-43625Microsoft Windows VMSwitch Elevation of Privilege Vulnerability
CVE-2024-49056Airlift.microsoft.com Elevation of Privilege Vulnerability
Important severity
CVE-2024-43449Windows USB Video Class System Driver Elevation of Privilege Vulnerability
CVE-2024-43452Windows Registry Elevation of Privilege Vulnerability
CVE-2024-43530Windows Update Stack Elevation of Privilege Vulnerability
CVE-2024-43613Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability
CVE-2024-43623Windows NT OS Kernel Elevation of Privilege Vulnerability
CVE-2024-43624Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability
CVE-2024-43626Windows Telephony Server Elevation of Privilege Vulnerability
CVE-2024-43629Windows DWM Core Library Elevation of Privilege Vulnerability
CVE-2024-43630Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-43631Windows Secure Kernel Mode Elevation of Privilege Vulnerability
CVE-2024-43634Windows USB Video Class System Driver Elevation of Privilege Vulnerability
CVE-2024-43636Win32k Elevation of Privilege Vulnerability
CVE-2024-43637Windows USB Video Class System Driver Elevation of Privilege Vulnerability
CVE-2024-43638Windows USB Video Class System Driver Elevation of Privilege Vulnerability
CVE-2024-43641Windows Registry Elevation of Privilege Vulnerability
CVE-2024-43643Windows USB Video Class System Driver Elevation of Privilege Vulnerability
CVE-2024-43644Windows Client-Side Caching Elevation of Privilege Vulnerability
CVE-2024-43646Windows Secure Kernel Mode Elevation of Privilege Vulnerability
CVE-2024-49019Active Directory Certificate Services Elevation of Privilege Vulnerability
CVE-2024-49039Windows Task Scheduler Elevation of Privilege Vulnerability
CVE-2024-49042Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability
CVE-2024-49044Visual Studio Elevation of Privilege Vulnerability
CVE-2024-49046Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
CVE-2024-49051Microsoft PC Manager Elevation of Privilege Vulnerability
Moderate severity
CVE-2024-49049Visual Studio Code Remote Extension Elevation of Privilege Vulnerability

 

Denial of Service (4 CVEs)

Important severity
CVE-2024-38264Microsoft Virtual Hard Disk (VHDX) Denial of Service Vulnerability
CVE-2024-43499.NET and Visual Studio Denial of Service Vulnerability
CVE-2024-43633Windows Hyper-V Denial of Service Vulnerability
CVE-2024-43642Windows SMB Denial of Service Vulnerability

 

Spoofing (3 CVEs)

Important severity
CVE-2024-43450Windows DNS Spoofing Vulnerability
CVE-2024-43451NTLM Hash Disclosure Spoofing Vulnerability
CVE-2024-49040Microsoft Exchange Server Spoofing Vulnerability

 

Security Feature Bypass (2 CVEs)

Important severity
CVE-2024-43645Windows Defender Application Control (WDAC) Security Feature Bypass Vulnerability
CVE-2024-49033Microsoft Word Security Feature Bypass Vulnerability

 

Information Disclosure (1 CVE)

Important severity
CVE-2024-43500Windows Resilient File System (ReFS) Information Disclosure Vulnerability

 

 

Appendix B: Exploitability

This is a list of the November CVEs judged by Microsoft to be either under exploitation in the wild or more likely to be exploited in the wild within the first 30 days post-release. The list is arranged by CVE.

Exploitation detected
CVE-2024-43451NTLM Hash Disclosure Spoofing Vulnerability
CVE-2024-49039Windows Task Scheduler Elevation of Privilege Vulnerability
Exploitation more likely within the next 30 days
CVE-2024-43623Windows NT OS Kernel Elevation of Privilege Vulnerability
CVE-2024-43629Windows DWM Core Library Elevation of Privilege Vulnerability
CVE-2024-43630Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-43636Win32k Elevation of Privilege Vulnerability
CVE-2024-43642Windows SMB Denial of Service Vulnerability
CVE-2024-49019Active Directory Certificate Services Elevation of Privilege Vulnerability
CVE-2024-49033Microsoft Word Security Feature Bypass Vulnerability
CVE-2024-49040Microsoft Exchange Server Spoofing Vulnerability

 

Appendix C: Products Affected

This is a list of November’s patches sorted by product family, then sub-sorted by severity. Each list is further arranged by CVE. Patches that are shared among multiple product families are listed multiple times, once for each product family.

Windows (37 CVEs)

Critical severity
CVE-2024-43625Microsoft Windows VMSwitch Elevation of Privilege Vulnerability
CVE-2024-43639Windows Kerberos Remote Code Execution Vulnerability
Important severity
CVE-2024-38203Windows Package Library Manager Information Disclosure Vulnerability
CVE-2024-38264Microsoft Virtual Hard Disk (VHDX) Denial of Service Vulnerability
CVE-2024-43447Windows SMBv3 Server Remote Code Execution Vulnerability
CVE-2024-43449Windows USB Video Class System Driver Elevation of Privilege Vulnerability
CVE-2024-43450Windows DNS Spoofing Vulnerability
CVE-2024-43452Windows Registry Elevation of Privilege Vulnerability
CVE-2024-43530Windows Update Stack Elevation of Privilege Vulnerability
CVE-2024-43620Windows Telephony Server Remote Code Execution Vulnerability
CVE-2024-43621Windows Telephony Server Remote Code Execution Vulnerability
CVE-2024-43622Windows Telephony Server Remote Code Execution Vulnerability
CVE-2024-43623Windows NT OS Kernel Elevation of Privilege Vulnerability
CVE-2024-43624Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability
CVE-2024-43626Windows Telephony Server Elevation of Privilege Vulnerability
CVE-2024-43627Windows Telephony Server Remote Code Execution Vulnerability
CVE-2024-43628Windows Telephony Server Remote Code Execution Vulnerability
CVE-2024-43629Windows DWM Core Library Elevation of Privilege Vulnerability
CVE-2024-43630Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-43631Windows Secure Kernel Mode Elevation of Privilege Vulnerability
CVE-2024-43633Windows Hyper-V Denial of Service Vulnerability
CVE-2024-43634Windows USB Video Class System Driver Elevation of Privilege Vulnerability
CVE-2024-43635Windows Telephony Server Remote Code Execution Vulnerability
CVE-2024-43636Win32k Elevation of Privilege Vulnerability
CVE-2024-43637Windows USB Video Class System Driver Elevation of Privilege Vulnerability
CVE-2024-43638Windows USB Video Class System Driver Elevation of Privilege Vulnerability
CVE-2024-43640Windows Kernel-Mode Driver Remote Code Execution Vulnerability
CVE-2024-43641Windows Registry Elevation of Privilege Vulnerability
CVE-2024-43642Windows SMB Denial of Service Vulnerability
CVE-2024-43643Windows USB Video Class System Driver Elevation of Privilege Vulnerability
CVE-2024-43644Windows Client-Side Caching Elevation of Privilege Vulnerability
CVE-2024-43645Windows Defender Application Control (WDAC) Security Feature Bypass Vulnerability
CVE-2024-43646Windows Secure Kernel Mode Elevation of Privilege Vulnerability
CVE-2024-49019Active Directory Certificate Services Elevation of Privilege Vulnerability
CVE-2024-49039Windows Task Scheduler Elevation of Privilege Vulnerability
CVE-2024-49046Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
CVE-2024-43451NTLM Hash Disclosure Spoofing Vulnerability

 

 

SQL Server (31 CVEs)

Important severity
CVE-2024-38255SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-43459SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-43462SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-48993SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-48994SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-48995SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-48996SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-48997SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-48998SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-48999SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49000SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49001SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49002SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49003SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49004SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49005SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49006SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49007SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49008SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49009SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49010SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49011SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49012SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49013SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49014SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49015SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49016SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49017SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49018SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49021Microsoft SQL Server Remote Code Execution Vulnerability
CVE-2024-49043Microsoft.SqlServer.XEvent.Configuration.dll Remote Code Execution Vulnerability

 

365 Apps (8 CVEs)

Important severity
CVE-2024-49026Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-49027Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-49028Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-49029Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-49030Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-49031Microsoft Office Graphics Remote Code Execution Vulnerability
CVE-2024-49032Microsoft Office Graphics Remote Code Execution Vulnerability
CVE-2024-49033Microsoft Word Security Feature Bypass Vulnerability

 

Office (8 CVEs)

Important severity
CVE-2024-49026Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-49027Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-49028Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-49029Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-49030Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-49031Microsoft Office Graphics Remote Code Execution Vulnerability
CVE-2024-49032Microsoft Office Graphics Remote Code Execution Vulnerability
CVE-2024-49033Microsoft Word Security Feature Bypass Vulnerability

Excel (5 CVEs)

Important severity
CVE-2024-49026Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-49027Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-49028Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-49029Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-49030Microsoft Excel Remote Code Execution Vulnerability

 

Visual Studio (5 CVEs)

Important severity
CVE-2024-43498.NET and Visual Studio Remote Code Execution Vulnerability
CVE-2024-43499.NET and Visual Studio Denial of Service Vulnerability
CVE-2024-49044Visual Studio Elevation of Privilege Vulnerability
CVE-2024-49050Visual Studio Code Python Extension Remote Code Execution Vulnerability
Moderate severity
CVE-2024-49049Visual Studio Code Remote Extension Elevation of Privilege Vulnerability

 

Azure (3 CVEs)

Important severity
CVE-2024-43602Azure CycleCloud Remote Code Execution Vulnerability
CVE-2024-43613Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability
CVE-2024-49042Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability

 

.NET (2 CVEs)

Important severity
CVE-2024-43498.NET and Visual Studio Remote Code Execution Vulnerability
CVE-2024-43499.NET and Visual Studio Denial of Service Vulnerability

 

airlift.microsoft.com (1 CVE)

Important severity
CVE-2024-49056Airlift.microsoft.com Elevation of Privilege Vulnerability

 

Exchange (1 CVE)

Important severity
CVE-2024-49040Microsoft Exchange Server Spoofing Vulnerability

 

LightGBM (1 CVE)

Important severity
CVE-2024-43598LightGBM Remote Code Execution Vulnerability

 

PC Manager (1 CVE)

Important severity
CVE-2024-49051Microsoft PC Manager Elevation of Privilege Vulnerability

 

TorchGeo (1 CVE)

Important severity
CVE-2024-49048TorchGeo Remote Code Execution Vulnerability

 

Word (1 CVE)

Important severity
CVE-2024-49033Microsoft Word Security Feature Bypass Vulnerability

 

Appendix D: Advisories and Other Products

This is a list of advisories and information on other relevant CVEs in the November release.

 

CVE-2024-5535Azure, CBL Mariner, DefenderOpenSSL: CVE-2024-5535 SSL_select_next_proto buffer overread
CVE-2024-10826EdgeChromium: CVE-2024-10826 Use after free in Family Experiences
CVE-2024-10827EdgeChromium: CVE-2024-10827 Use after free in Serial

 

Appendix E: Server 2025

This is a list of CVEs affecting Server 2025, which some users may have inadvertently received last week.

CVE-2024-38203CVE-2024-43625CVE-2024-43639
CVE-2024-38264CVE-2024-43626CVE-2024-43641
CVE-2024-43449CVE-2024-43627CVE-2024-43642
CVE-2024-43450CVE-2024-43628CVE-2024-43643
CVE-2024-43451CVE-2024-43629CVE-2024-43644
CVE-2024-43452CVE-2024-43630CVE-2024-43646
CVE-2024-43620CVE-2024-43631CVE-2024-49019
CVE-2024-43621CVE-2024-43635CVE-2024-49039
CVE-2024-43622CVE-2024-43636CVE-2024-49046
CVE-2024-43623CVE-2024-43637
CVE-2024-43624CVE-2024-43638

 

 

http://feeds.feedburner.com/sophos/dgdY