The Microsoft November 2024 security update release includes 89 Microsoft CVEs, including Windows Package Library Manager, SQL Server, Microsoft Virtual Hard Drive, Windows SMBv3 Client/Server, Windows USB Video Driver, Windows DNS, Windows NTLM, Windows Registry, SQL Server,.NET and Visual Studio, Windows Update Stack, LightGBM, Azure CycleCloud, Azure Database for PostgreSQL, Windows Telephony Service, Windows NT OS Kernel, Windows Hyper-V, Windows VMSwitch, Windows Telephony Service, Windows DWM Core Library, Windows Kernel, Windows Secure Kernel Mode, Windows USB Video Driver, Windows DWM Core Library, Windows USB Video Driver, Windows Kerberos, Windows Registry, Windows SMB, Windows CSC Service, Windows Defender Application Control (WDAC), Windows SQL Server, Windows Active Directory Certificate Services, Windows Office Excel, Microsoft Graphics Component, Microsoft Office Word, Windows Task Scheduler, Microsoft Exchange Server, Azure Database for PostgreSQL, Visual Studio, Windows Win32 Kernel Subsystem, TorchGeo, Visual Studio Code, Microsoft PC Manager, and Airlift.microsoft.com.
November 2024 Security Updates
This release consists of the following 89 Microsoft CVEs:
Tag CVE Base Score FAQs? Workarounds? Mitigations? Windows Package Library Manager CVE-2024-38203 6.2 Yes No No SQL Server CVE-2024-38255 8.8 Yes No No Microsoft Virtual Hard Drive CVE-2024-38264 5.9 Yes No No Windows SMBv3 Client/Server CVE-2024-43447 8.1 Yes No No Windows USB Video Driver CVE-2024-43449 6.8 Yes No No Microsoft Windows DNS CVE-2024-43450 7.5 Yes No No Windows NTLM CVE-2024-43451 6.5 Yes No No Windows Registry CVE-2024-43452 7.5 Yes No No SQL Server CVE-2024-43459 8.8 Yes No No SQL Server CVE-2024-43462 8.8 Yes No No .NET and Visual Studio CVE-2024-43498 9.8 Yes No No .NET and Visual Studio CVE-2024-43499 7.5 No No No Windows Update Stack CVE-2024-43530 7.8 Yes No No LightGBM CVE-2024-43598 7.5 No No No Azure CycleCloud CVE-2024-43602 9.9 Yes No No Azure Database for PostgreSQL CVE-2024-43613 7.2 Yes No No Windows Telephony Service CVE-2024-43620 8.8 Yes No No Windows Telephony Service CVE-2024-43621 8.8 Yes No No Windows Telephony Service CVE-2024-43622 8.8 Yes No No Windows NT OS Kernel CVE-2024-43623 7.8 Yes No No Role: Windows Hyper-V CVE-2024-43624 8.8 Yes No No Windows VMSwitch CVE-2024-43625 8.1 Yes No No Windows Telephony Service CVE-2024-43626 7.8 Yes No No Windows Telephony Service CVE-2024-43627 8.8 Yes No No Windows Telephony Service CVE-2024-43628 8.8 Yes No No Windows DWM Core Library CVE-2024-43629 7.8 Yes No No Windows Kernel CVE-2024-43630 7.8 Yes No No Windows Secure Kernel Mode CVE-2024-43631 6.7 Yes No No Role: Windows Hyper-V CVE-2024-43633 6.5 Yes No No Windows USB Video Driver CVE-2024-43634 6.8 Yes No No Windows Telephony Service CVE-2024-43635 8.8 Yes No No Windows DWM Core Library CVE-2024-43636 7.8 Yes No No Windows USB Video Driver CVE-2024-43637 6.8 Yes No No Windows USB Video Driver CVE-2024-43638 6.8 Yes No No Windows Kerberos CVE-2024-43639 9.8 Yes No No Windows Secure Kernel Mode CVE-2024-43640 9.8 Yes No No Windows Registry CVE-2024-43641 7.8 Yes No No Windows SMB CVE-2024-43642 7.5 No No No Windows USB Video Driver CVE-2024-43643 6.8 Yes No No Windows CSC Service CVE-2024-43644 7.8 Yes No No Windows Defender Application Control (WDAC) CVE-2024-43645 6.7 Yes No No Windows Secure Kernel Mode CVE-2024-43646 6.7 Yes No No SQL Server CVE-2024-48993 8.8 Yes No No SQL Server CVE-2024-48994 8.8 Yes No No SQL Server CVE-2024-48995 8.8 Yes No No SQL Server CVE-2024-48996 8.8 Yes No No SQL Server CVE-2024-48997 8.8 Yes No No SQL Server CVE-2024-48998 8.8 Yes No No SQL Server CVE-2024-48999 8.8 Yes No No SQL Server CVE-2024-49000 8.8 Yes No No SQL Server CVE-2024-49001 8.8 Yes No No SQL Server CVE-2024-49002 8.8 Yes No No SQL Server CVE-2024-49003 8.8 Yes No No SQL Server CVE-2024-49004 8.8 Yes No No SQL Server CVE-2024-49005 8.8 Yes No No SQL Server CVE-2024-49006 8.8 Yes No No SQL Server CVE-2024-49007 8.8 Yes No No SQL Server CVE-2024-49008 8.8 Yes No No SQL Server CVE-2024-49009 8.8 Yes No No SQL Server CVE-2024-49010 8.8 Yes No No SQL Server CVE-2024-49011 8.8 Yes No No SQL Server CVE-2024-49012 8.8 Yes No No SQL Server CVE-2024-49013 8.8 Yes No No SQL Server CVE-2024-49014 8.8 Yes No No SQL Server CVE-2024-49015 8.8 Yes No No SQL Server CVE-2024-49016 8.8 Yes No No SQL Server CVE-2024-49017 8.8 Yes No No SQL Server CVE-2024-49018 8.8 Yes No No Windows Active Directory Certificate Services CVE-2024-49019 7.8 Yes No No SQL Server CVE-2024-49021 7.8 Yes No No Microsoft Office Excel CVE-2024-49026 7.8 Yes No No Microsoft Office Excel CVE-2024-49027 7.8 Yes No No Microsoft Office Excel CVE-2024-49028 7.8 Yes No No Microsoft Office Excel CVE-2024-49029 7.8 Yes No No Microsoft Office Excel CVE-2024-49030 7.8 Yes No No Microsoft Graphics Component CVE-2024-49031 7.8 Yes No No Microsoft Graphics Component CVE-2024-49032 7.8 Yes No No Microsoft Office Word CVE-2024-49033 7.5 Yes No No Windows Task Scheduler CVE-2024-49039 8.8 Yes No No Microsoft Exchange Server CVE-2024-49040 7.5 Yes No No Azure Database for PostgreSQL CVE-2024-49042 7.2 Yes No No SQL Server CVE-2024-49043 7.8 Yes No No Visual Studio CVE-2024-49044 6.7 Yes No No Windows Win32 Kernel Subsystem CVE-2024-49046 7.8 Yes No No TorchGeo CVE-2024-49048 8.1 Yes No No Visual Studio Code CVE-2024-49049 7.1 Yes No No Visual Studio Code CVE-2024-49050 8.8 No No No Microsoft PC Manager CVE-2024-49051 8.4 Yes No No Airlift.microsoft.com CVE-2024-49056 7.3 Yes No No We are republishing 3 non-Microsoft CVEs:
CNA Tag CVE FAQs? Workarounds? Mitigations? Chrome Microsoft Edge (Chromium-based) CVE-2024-10826 Yes No No Chrome Microsoft Edge (Chromium-based) CVE-2024-10827 Yes No No OpenSSL Microsoft Defender for Endpoint CVE-2024-5535 Yes No No Security Update Guide Blog Posts
Date Blog Post November 12, 2024 Toward greater transparency: Publishing machine-readable CSAF files June 27, 2024 Toward greater transparency: Unveiling Cloud Service CVEs April 9, 2024 Toward greater transparency: Security Update Guide now shares CWEs for CVEs January 6, 2023 Publishing CBL-Mariner CVEs on the Security Update Guide CVRF API January 11, 2022 Coming Soon: New Security Update Guide Notification System February 9, 2021 Continuing to Listen: Good News about the Security Update Guide API January 13, 2021 Security Update Guide Supports CVEs Assigned by Industry Partners December 8, 2020 Security Update Guide: Let’s keep the conversation going November 9, 2020 Vulnerability Descriptions in the New Version of the Security Update Guide Relevant Resources
- The new Hotpatching feature is now generally available. Please see Hotpatching feature for Windows Server Azure Edition virtual machines (VMs) for more information.
- Windows 10 and Windows 11 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10 and Windows 11, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 and Windows 11 operating systems, please see Windows Lifecycle Facts Sheet.
- Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.
- A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
- In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
- Customers running Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.
Known Issues
You can see these in more detail from the Deployments tab by selecting Known Issues column in the Edit Columns panel.
For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).
KB Article Applies To 5046617 Windows 11, version 24H2, Windows Server 2025, Windows Server 2025 (Server Core installation) 5046633 Windows 11, version 22H2, Windows 11, version 23H2 5046639 Windows Server 2008 (Security-only update) 5046661 Windows Server 2008 (Monthly Rollup)
