Serial number: AV24-649
Date: November 13, 2024
On November 12, 2024, Microsoft published security advisories to address vulnerabilities in multiple products. Included were updates for the following products:
- .NET 9.0
- Azure CycleCloud – multiple versions
- Azure Database for PostgreSQL Flexible Server – multiple versions and platforms
- LightGBM
- Microsoft 365 Apps for Enterprise
- Microsoft Defender for Endpoint
- Microsoft Excel 2016
- Microsoft Exchange Server – multiple versions
- Microsoft Office – multiple versions and platforms
- Microsoft PC Manager
- Microsoft SQL Server – multiple versions and platforms
- Microsoft TorchGeo
- Microsoft Visual Studio 2022 – multiple versions
- Microsoft Word 2016
- Python extension for Visual Studio Code
- Windows 10 – multiple versions and platforms
- Windows 11 – multiple versions and platforms
- Windows Server – multiple versions and platforms
- microsoft.com
Microsoft has indicated that CVE-2024-49039 and CVE-2024-43451 have been exploited.
The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.
This alert was originated From: Canadian Centre for Cyber Security
https://cyber.gc.ca/en/alerts-advisories/microsoft-security-advisory-november-2024-monthly-rollup-av24-649