Fortra VM will include the Microsoft Patch Tuesday checks in the NIRV 4.54.0 and FVM Agent 2.15 releases.

  • Microsoft addressed 89 vulnerabilities in this release, including 4 rated as Critical and 51 Remote Code Execution vulnerabilities.
  • This release also includes fixes for two vulnerabilities that have been publicly disclosed and exploited in the wild.
    • CVE-2024-43451 NTLM Hash Disclosure Spoofing Vulnerability
      • When a user interacts with a malicious file, their NTLMv2 hash could be disclosed.
    • CVE-2024-49039 Windows Task Scheduler Elevation of Privilege Vulnerability
      • An attacker could elevate privileges via running a crafted application.
    • In addition, this release includes another publicly disclosed vulnerability.
      • CVE-2024-49040 Microsoft Exchange Server Spoofing Vulnerability
        • An attacker could spoof a forged email sender as legitimate via a crafted P2 FROM header.
CVE/AdvisoryTitleTagMicrosoft Severity RatingBase ScoreMicrosoft ImpactExploitedPublicly Disclosed
CVE-2024-43530Windows Update Stack Elevation of Privilege VulnerabilityWindows Update StackImportant7.8Elevation of PrivilegeNoNo
CVE-2024-43602Azure CycleCloud Remote Code Execution VulnerabilityAzure CycleCloudImportant9.9Remote Code ExecutionNoNo
CVE-2024-43623Windows NT OS Kernel Elevation of Privilege VulnerabilityWindows NT OS KernelImportant7.8Elevation of PrivilegeNoNo
CVE-2024-43625Microsoft Windows VMSwitch Elevation of Privilege VulnerabilityWindows VMSwitchCritical8.1Elevation of PrivilegeNoNo
CVE-2024-43626Windows Telephony Service Elevation of Privilege VulnerabilityWindows Telephony ServiceImportant7.8Elevation of PrivilegeNoNo
CVE-2024-43627Windows Telephony Service Remote Code Execution VulnerabilityWindows Telephony ServiceImportant8.8Remote Code ExecutionNoNo
CVE-2024-43628Windows Telephony Service Remote Code Execution VulnerabilityWindows Telephony ServiceImportant8.8Remote Code ExecutionNoNo
CVE-2024-43630Windows Kernel Elevation of Privilege VulnerabilityWindows KernelImportant7.8Elevation of PrivilegeNoNo
CVE-2024-43631Windows Secure Kernel Mode Elevation of Privilege VulnerabilityWindows Secure Kernel ModeImportant6.7Elevation of PrivilegeNoNo
CVE-2024-43634Windows USB Video Class System Driver Elevation of Privilege VulnerabilityWindows USB Video DriverImportant6.8Elevation of PrivilegeNoNo
CVE-2024-43637Windows USB Video Class System Driver Elevation of Privilege VulnerabilityWindows USB Video DriverImportant6.8Elevation of PrivilegeNoNo
CVE-2024-43638Windows USB Video Class System Driver Elevation of Privilege VulnerabilityWindows USB Video DriverImportant6.8Elevation of PrivilegeNoNo
CVE-2024-43643Windows USB Video Class System Driver Elevation of Privilege VulnerabilityWindows USB Video DriverImportant6.8Elevation of PrivilegeNoNo
CVE-2024-43644Windows Client-Side Caching Elevation of Privilege VulnerabilityWindows CSC ServiceImportant7.8Elevation of PrivilegeNoNo
CVE-2024-43645Windows Defender Application Control (WDAC) Security Feature Bypass VulnerabilityWindows Defender Application Control (WDAC)Important6.7Security Feature BypassNoNo
CVE-2024-43646Windows Secure Kernel Mode Elevation of Privilege VulnerabilityWindows Secure Kernel ModeImportant6.7Elevation of PrivilegeNoNo
CVE-2024-43447Windows SMBv3 Server Remote Code Execution VulnerabilityWindows SMBv3 Client/ServerImportant8.1Remote Code ExecutionNoNo
CVE-2024-43449Windows USB Video Class System Driver Elevation of Privilege VulnerabilityWindows USB Video DriverImportant6.8Elevation of PrivilegeNoNo
CVE-2024-43450Windows DNS Spoofing VulnerabilityMicrosoft Windows DNSImportant7.5SpoofingNoNo
CVE-2024-43451NTLM Hash Disclosure Spoofing VulnerabilityWindows NTLMImportant6.5SpoofingYesYes
CVE-2024-43452Windows Registry Elevation of Privilege VulnerabilityWindows RegistryImportant7.5Elevation of PrivilegeNoNo
CVE-2024-38255SQL Server Native Client Remote Code Execution VulnerabilitySQL ServerImportant8.8Remote Code ExecutionNoNo
CVE-2024-38264Microsoft Virtual Hard Disk (VHDX) Denial of Service VulnerabilityMicrosoft Virtual Hard DriveImportant5.9Denial of ServiceNoNo
CVE-2024-43459SQL Server Native Client Remote Code Execution VulnerabilitySQL ServerImportant8.8Remote Code ExecutionNoNo
CVE-2024-43462SQL Server Native Client Remote Code Execution VulnerabilitySQL ServerImportant8.8Remote Code ExecutionNoNo
CVE-2024-48994SQL Server Native Client Remote Code Execution VulnerabilitySQL ServerImportant8.8Remote Code ExecutionNoNo
CVE-2024-48995SQL Server Native Client Remote Code Execution VulnerabilitySQL ServerImportant8.8Remote Code ExecutionNoNo
CVE-2024-48996SQL Server Native Client Remote Code Execution VulnerabilitySQL ServerImportant8.8Remote Code ExecutionNoNo
CVE-2024-49040Microsoft Exchange Server Spoofing VulnerabilityMicrosoft Exchange ServerImportant7.5SpoofingNoYes
CVE-2024-49042Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege VulnerabilityAzure Database for PostgreSQLImportant7.2Elevation of PrivilegeNoNo
CVE-2024-49043Microsoft.SqlServer.XEvent.Configuration.dll Remote Code Execution VulnerabilitySQL ServerImportant7.8Remote Code ExecutionNoNo
CVE-2024-49044Visual Studio Elevation of Privilege VulnerabilityVisual StudioImportant6.7Elevation of PrivilegeNoNo
CVE-2024-49046Windows Win32 Kernel Subsystem Elevation of Privilege VulnerabilityWindows Win32 Kernel SubsystemImportant7.8Elevation of PrivilegeNoNo
CVE-2024-49049Visual Studio Code Remote Extension Elevation of Privilege VulnerabilityVisual Studio CodeModerate7.1Elevation of PrivilegeNoNo
CVE-2024-49056Airlift.microsoft.com Elevation of Privilege VulnerabilityAirlift.microsoft.comCritical7.3Elevation of PrivilegeNoNo
CVE-2024-43598LightGBM Remote Code Execution VulnerabilityLightGBMImportant7.5Remote Code ExecutionNoNo
CVE-2024-43613Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege VulnerabilityAzure Database for PostgreSQLImportant7.2Elevation of PrivilegeNoNo
CVE-2024-43620Windows Telephony Service Remote Code Execution VulnerabilityWindows Telephony ServiceImportant8.8Remote Code ExecutionNoNo
CVE-2024-43621Windows Telephony Service Remote Code Execution VulnerabilityWindows Telephony ServiceImportant8.8Remote Code ExecutionNoNo
CVE-2024-43622Windows Telephony Service Remote Code Execution VulnerabilityWindows Telephony ServiceImportant8.8Remote Code ExecutionNoNo
CVE-2024-43624Windows Hyper-V Shared Virtual Disk Elevation of Privilege VulnerabilityRole: Windows Hyper-VImportant8.8Elevation of PrivilegeNoNo
CVE-2024-43629Windows DWM Core Library Elevation of Privilege VulnerabilityWindows DWM Core LibraryImportant7.8Elevation of PrivilegeNoNo
CVE-2024-43633Windows Hyper-V Denial of Service VulnerabilityRole: Windows Hyper-VImportant6.5Denial of ServiceNoNo
CVE-2024-43635Windows Telephony Service Remote Code Execution VulnerabilityWindows Telephony ServiceImportant8.8Remote Code ExecutionNoNo
CVE-2024-43636Win32k Elevation of Privilege VulnerabilityWindows DWM Core LibraryImportant7.8Elevation of PrivilegeNoNo
CVE-2024-43639Windows Kerberos Remote Code Execution VulnerabilityWindows KerberosCritical9.8Remote Code ExecutionNoNo
CVE-2024-43640Windows Kernel-Mode Driver Elevation of Privilege VulnerabilityWindows Secure Kernel ModeImportant7.8Elevation of PrivilegeNoNo
CVE-2024-43641Windows Registry Elevation of Privilege VulnerabilityWindows RegistryImportant7.8Elevation of PrivilegeNoNo
CVE-2024-43642Windows SMB Denial of Service VulnerabilityWindows SMBImportant7.5Denial of ServiceNoNo
CVE-2024-38203Windows Package Library Manager Information Disclosure VulnerabilityWindows Package Library ManagerImportant6.2Information DisclosureNoNo
CVE-2024-48993SQL Server Native Client Remote Code Execution VulnerabilitySQL ServerImportant8.8Remote Code ExecutionNoNo
CVE-2024-48997SQL Server Native Client Remote Code Execution VulnerabilitySQL ServerImportant8.8Remote Code ExecutionNoNo
CVE-2024-48998SQL Server Native Client Remote Code Execution VulnerabilitySQL ServerImportant8.8Remote Code ExecutionNoNo
CVE-2024-48999SQL Server Native Client Remote Code Execution VulnerabilitySQL ServerImportant8.8Remote Code ExecutionNoNo
CVE-2024-49000SQL Server Native Client Remote Code Execution VulnerabilitySQL ServerImportant8.8Remote Code ExecutionNoNo
CVE-2024-49001SQL Server Native Client Remote Code Execution VulnerabilitySQL ServerImportant8.8Remote Code ExecutionNoNo
CVE-2024-49002SQL Server Native Client Remote Code Execution VulnerabilitySQL ServerImportant8.8Remote Code ExecutionNoNo
CVE-2024-49003SQL Server Native Client Remote Code Execution VulnerabilitySQL ServerImportant8.8Remote Code ExecutionNoNo
CVE-2024-49004SQL Server Native Client Remote Code Execution VulnerabilitySQL ServerImportant8.8Remote Code ExecutionNoNo
CVE-2024-49005SQL Server Native Client Remote Code Execution VulnerabilitySQL ServerImportant8.8Remote Code ExecutionNoNo
CVE-2024-49007SQL Server Native Client Remote Code Execution VulnerabilitySQL ServerImportant8.8Remote Code ExecutionNoNo
CVE-2024-49006SQL Server Native Client Remote Code Execution VulnerabilitySQL ServerImportant8.8Remote Code ExecutionNoNo
CVE-2024-49008SQL Server Native Client Remote Code Execution VulnerabilitySQL ServerImportant8.8Remote Code ExecutionNoNo
CVE-2024-49009SQL Server Native Client Remote Code Execution VulnerabilitySQL ServerImportant8.8Remote Code ExecutionNoNo
CVE-2024-49010SQL Server Native Client Remote Code Execution VulnerabilitySQL ServerImportant8.8Remote Code ExecutionNoNo
CVE-2024-49011SQL Server Native Client Remote Code Execution VulnerabilitySQL ServerImportant8.8Remote Code ExecutionNoNo
CVE-2024-49012SQL Server Native Client Remote Code Execution VulnerabilitySQL ServerImportant8.8Remote Code ExecutionNoNo
CVE-2024-49013SQL Server Native Client Remote Code Execution VulnerabilitySQL ServerImportant8.8Remote Code ExecutionNoNo
CVE-2024-49014SQL Server Native Client Remote Code Execution VulnerabilitySQL ServerImportant8.8Remote Code ExecutionNoNo
CVE-2024-49015SQL Server Native Client Remote Code Execution VulnerabilitySQL ServerImportant8.8Remote Code ExecutionNoNo
CVE-2024-49016SQL Server Native Client Remote Code Execution VulnerabilitySQL ServerImportant8.8Remote Code ExecutionNoNo
CVE-2024-49017SQL Server Native Client Remote Code Execution VulnerabilitySQL ServerImportant8.8Remote Code ExecutionNoNo
CVE-2024-49018SQL Server Native Client Remote Code Execution VulnerabilitySQL ServerImportant8.8Remote Code ExecutionNoNo
CVE-2024-49019Active Directory Certificate Services Elevation of Privilege VulnerabilityRole: Windows Active Directory Certificate ServicesImportant7.8Elevation of PrivilegeNoYes
CVE-2024-49021Microsoft SQL Server Remote Code Execution VulnerabilitySQL ServerImportant7.8Remote Code ExecutionNoNo
CVE-2024-49026Microsoft Excel Remote Code Execution VulnerabilityMicrosoft Office ExcelImportant7.8Remote Code ExecutionNoNo
CVE-2024-49027Microsoft Excel Remote Code Execution VulnerabilityMicrosoft Office ExcelImportant7.8Remote Code ExecutionNoNo
CVE-2024-49028Microsoft Excel Remote Code Execution VulnerabilityMicrosoft Office ExcelImportant7.8Remote Code ExecutionNoNo
CVE-2024-49029Microsoft Excel Remote Code Execution VulnerabilityMicrosoft Office ExcelImportant7.8Remote Code ExecutionNoNo
CVE-2024-49030Microsoft Excel Remote Code Execution VulnerabilityMicrosoft Office ExcelImportant7.8Remote Code ExecutionNoNo
CVE-2024-49031Microsoft Office Graphics Remote Code Execution VulnerabilityMicrosoft Graphics ComponentImportant7.8Remote Code ExecutionNoNo
CVE-2024-49032Microsoft Office Graphics Remote Code Execution VulnerabilityMicrosoft Graphics ComponentImportant7.8Remote Code ExecutionNoNo
CVE-2024-49033Microsoft Word Security Feature Bypass VulnerabilityMicrosoft Office WordImportant7.5Security Feature BypassNoNo
CVE-2024-49039Windows Task Scheduler Elevation of Privilege VulnerabilityWindows Task SchedulerImportant8.8Elevation of PrivilegeYesNo
CVE-2024-49048TorchGeo Remote Code Execution VulnerabilityTorchGeoImportant8.1Remote Code ExecutionNoNo
CVE-2024-49050Visual Studio Code Python Extension Remote Code Execution VulnerabilityVisual Studio CodeImportant8.8Remote Code ExecutionNoNo
CVE-2024-49051Microsoft PC Manager Elevation of Privilege VulnerabilityMicrosoft PC ManagerImportant7.8Elevation of PrivilegeNoNo
ADV240001Microsoft SharePoint Server Defense in Depth UpdateMicrosoft Office SharePointNoneN/ADefense in DepthNoNo
CVE-2024-43498.NET and Visual Studio Remote Code Execution Vulnerability.NET and Visual StudioCritical9.8Remote Code ExecutionNoNo
CVE-2024-43499.NET and Visual Studio Denial of Service Vulnerability.NET and Visual StudioImportant7.5Denial of ServiceNoNo

Quickly Find and Fix Your Most At-Risk Weaknesses

Watch this demo to see how Fortra VM can help.