Security 10809 Published by

The Microsoft November 2024 security update release includes 89 Microsoft CVEs, including Windows Package Library Manager, SQL Server, Microsoft Virtual Hard Drive, Windows SMBv3 Client/Server, Windows USB Video Driver, Windows DNS, Windows NTLM, Windows Registry, SQL Server,.NET and Visual Studio, Windows Update Stack, LightGBM, Azure CycleCloud, Azure Database for PostgreSQL, Windows Telephony Service, Windows NT OS Kernel, Windows Hyper-V, Windows VMSwitch, Windows Telephony Service, Windows DWM Core Library, Windows Kernel, Windows Secure Kernel Mode, Windows USB Video Driver, Windows DWM Core Library, Windows USB Video Driver, Windows Kerberos, Windows Registry, Windows SMB, Windows CSC Service, Windows Defender Application Control (WDAC), Windows SQL Server, Windows Active Directory Certificate Services, Windows Office Excel, Microsoft Graphics Component, Microsoft Office Word, Windows Task Scheduler, Microsoft Exchange Server, Azure Database for PostgreSQL, Visual Studio, Windows Win32 Kernel Subsystem, TorchGeo, Visual Studio Code, Microsoft PC Manager, and Airlift.microsoft.com. 





November 2024 Security Updates

This release consists of the following 89 Microsoft CVEs:

TagCVEBase ScoreFAQs?Workarounds?Mitigations?
Windows Package Library Manager CVE-2024-382036.2YesNoNo
SQL Server CVE-2024-382558.8YesNoNo
Microsoft Virtual Hard Drive CVE-2024-382645.9YesNoNo
Windows SMBv3 Client/Server CVE-2024-434478.1YesNoNo
Windows USB Video Driver CVE-2024-434496.8YesNoNo
Microsoft Windows DNS CVE-2024-434507.5YesNoNo
Windows NTLM CVE-2024-434516.5YesNoNo
Windows Registry CVE-2024-434527.5YesNoNo
SQL Server CVE-2024-434598.8YesNoNo
SQL Server CVE-2024-434628.8YesNoNo
.NET and Visual Studio CVE-2024-434989.8YesNoNo
.NET and Visual Studio CVE-2024-434997.5NoNoNo
Windows Update Stack CVE-2024-435307.8YesNoNo
LightGBM CVE-2024-435987.5NoNoNo
Azure CycleCloud CVE-2024-436029.9YesNoNo
Azure Database for PostgreSQL CVE-2024-436137.2YesNoNo
Windows Telephony Service CVE-2024-436208.8YesNoNo
Windows Telephony Service CVE-2024-436218.8YesNoNo
Windows Telephony Service CVE-2024-436228.8YesNoNo
Windows NT OS Kernel CVE-2024-436237.8YesNoNo
Role: Windows Hyper-V CVE-2024-436248.8YesNoNo
Windows VMSwitch CVE-2024-436258.1YesNoNo
Windows Telephony Service CVE-2024-436267.8YesNoNo
Windows Telephony Service CVE-2024-436278.8YesNoNo
Windows Telephony Service CVE-2024-436288.8YesNoNo
Windows DWM Core Library CVE-2024-436297.8YesNoNo
Windows Kernel CVE-2024-436307.8YesNoNo
Windows Secure Kernel Mode CVE-2024-436316.7YesNoNo
Role: Windows Hyper-V CVE-2024-436336.5YesNoNo
Windows USB Video Driver CVE-2024-436346.8YesNoNo
Windows Telephony Service CVE-2024-436358.8YesNoNo
Windows DWM Core Library CVE-2024-436367.8YesNoNo
Windows USB Video Driver CVE-2024-436376.8YesNoNo
Windows USB Video Driver CVE-2024-436386.8YesNoNo
Windows Kerberos CVE-2024-436399.8YesNoNo
Windows Secure Kernel Mode CVE-2024-436409.8YesNoNo
Windows Registry CVE-2024-436417.8YesNoNo
Windows SMB CVE-2024-436427.5NoNoNo
Windows USB Video Driver CVE-2024-436436.8YesNoNo
Windows CSC Service CVE-2024-436447.8YesNoNo
Windows Defender Application Control (WDAC) CVE-2024-436456.7YesNoNo
Windows Secure Kernel Mode CVE-2024-436466.7YesNoNo
SQL Server CVE-2024-489938.8YesNoNo
SQL Server CVE-2024-489948.8YesNoNo
SQL Server CVE-2024-489958.8YesNoNo
SQL Server CVE-2024-489968.8YesNoNo
SQL Server CVE-2024-489978.8YesNoNo
SQL Server CVE-2024-489988.8YesNoNo
SQL Server CVE-2024-489998.8YesNoNo
SQL Server CVE-2024-490008.8YesNoNo
SQL Server CVE-2024-490018.8YesNoNo
SQL Server CVE-2024-490028.8YesNoNo
SQL Server CVE-2024-490038.8YesNoNo
SQL Server CVE-2024-490048.8YesNoNo
SQL Server CVE-2024-490058.8YesNoNo
SQL Server CVE-2024-490068.8YesNoNo
SQL Server CVE-2024-490078.8YesNoNo
SQL Server CVE-2024-490088.8YesNoNo
SQL Server CVE-2024-490098.8YesNoNo
SQL Server CVE-2024-490108.8YesNoNo
SQL Server CVE-2024-490118.8YesNoNo
SQL Server CVE-2024-490128.8YesNoNo
SQL Server CVE-2024-490138.8YesNoNo
SQL Server CVE-2024-490148.8YesNoNo
SQL Server CVE-2024-490158.8YesNoNo
SQL Server CVE-2024-490168.8YesNoNo
SQL Server CVE-2024-490178.8YesNoNo
SQL Server CVE-2024-490188.8YesNoNo
Windows Active Directory Certificate Services CVE-2024-490197.8YesNoNo
SQL Server CVE-2024-490217.8YesNoNo
Microsoft Office Excel CVE-2024-490267.8YesNoNo
Microsoft Office Excel CVE-2024-490277.8YesNoNo
Microsoft Office Excel CVE-2024-490287.8YesNoNo
Microsoft Office Excel CVE-2024-490297.8YesNoNo
Microsoft Office Excel CVE-2024-490307.8YesNoNo
Microsoft Graphics Component CVE-2024-490317.8YesNoNo
Microsoft Graphics Component CVE-2024-490327.8YesNoNo
Microsoft Office Word CVE-2024-490337.5YesNoNo
Windows Task Scheduler CVE-2024-490398.8YesNoNo
Microsoft Exchange Server CVE-2024-490407.5YesNoNo
Azure Database for PostgreSQL CVE-2024-490427.2YesNoNo
SQL Server CVE-2024-490437.8YesNoNo
Visual Studio CVE-2024-490446.7YesNoNo
Windows Win32 Kernel Subsystem CVE-2024-490467.8YesNoNo
TorchGeo CVE-2024-490488.1YesNoNo
Visual Studio Code CVE-2024-490497.1YesNoNo
Visual Studio Code CVE-2024-490508.8NoNoNo
Microsoft PC Manager CVE-2024-490518.4YesNoNo
Airlift.microsoft.com CVE-2024-490567.3YesNoNo

We are republishing 3 non-Microsoft CVEs:

CNATagCVEFAQs?Workarounds?Mitigations?
ChromeMicrosoft Edge (Chromium-based) CVE-2024-10826YesNoNo
ChromeMicrosoft Edge (Chromium-based) CVE-2024-10827YesNoNo
OpenSSLMicrosoft Defender for Endpoint CVE-2024-5535YesNoNo

Security Update Guide Blog Posts

DateBlog Post
November 12, 2024 Toward greater transparency: Publishing machine-readable CSAF files
June 27, 2024 Toward greater transparency: Unveiling Cloud Service CVEs
April 9, 2024 Toward greater transparency: Security Update Guide now shares CWEs for CVEs
January 6, 2023 Publishing CBL-Mariner CVEs on the Security Update Guide CVRF API
January 11, 2022 Coming Soon: New Security Update Guide Notification System
February 9, 2021 Continuing to Listen: Good News about the Security Update Guide API
January 13, 2021 Security Update Guide Supports CVEs Assigned by Industry Partners
December 8, 2020 Security Update Guide: Let’s keep the conversation going
November 9, 2020 Vulnerability Descriptions in the New Version of the Security Update Guide

Relevant Resources

  • The new Hotpatching feature is now generally available. Please see  Hotpatching feature for Windows Server Azure Edition virtual machines (VMs) for more information.
  • Windows 10 and Windows 11 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10 and Windows 11, in addition to non-security updates. The updates are available via the  Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 and Windows 11 operating systems, please see  Windows Lifecycle Facts Sheet.
  • Microsoft is improving Windows Release Notes. For more information, please see  What's next for Windows release notes.
  • A list of the latest servicing stack updates for each operating system can be found in  ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
  • In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
  • Customers running Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See  4522133 for more information.

Known Issues

You can see these in more detail from the Deployments tab by selecting Known Issues column in the Edit Columns panel.

For more information about Windows Known Issues, please see  Windows message center (links to currently-supported versions of Windows are in the left pane).

KB ArticleApplies To
5046617Windows 11, version 24H2, Windows Server 2025, Windows Server 2025 (Server Core installation)
5046633Windows 11, version 22H2, Windows 11, version 23H2
5046639Windows Server 2008 (Security-only update)
5046661Windows Server 2008 (Monthly Rollup)

Win10

Security Update Guide - Microsoft Security Response Center