Monthly Archives: November 2024

November Microsoft Patch Tuesday

November Microsoft Patch Tuesday. 125 CVEs, 35 of which were added since October MSPT. 2 vulnerabilities with signs of exploitation in the wild:

Elevation of Privilege – Windows Task Scheduler (CVE-2024-49039)
Disclosure/Spoofing – NTLM Hash (CVE-2024-43451)

No signs of exploitation, but with a private PoC of the exploit:

Remote Code Execution – Microsoft Edge (CVE-2024-43595, CVE-2024-43596)
Authentication Bypass – Azure Functions (CVE-2024-38204)
Authentication Bypass – Microsoft Dataverse (CVE-2024-38139)
Spoofing – Microsoft Exchange (CVE-2024-49040)

Among the rest can be highlighted:

Remote Code Execution – Windows Kerberos (CVE-2024-43639)
Elevation of Privilege – Windows Win32k (CVE-2024-43636)
Elevation of Privilege – Windows DWM Core Library (CVE-2024-43629)
Elevation of Privilege – Windows NT OS Kernel (CVE-2024-43623)

Full Vulristics report

На русском

I transformed my English-language site avleonov.com

Leave a reply

I transformed my English-language site avleonov.com. While my Russian-language site avleonov.ru was intended as a mirror of my Telegram channel @avleonovrus, I wasn’t sure how to move forward with the English-language site.

I’ve been running it since 2016. For a long time, it was my main VM blog. Since February 2020, I have been making posts there exclusively with videos. I have released 94 videos. But over time, I grew tired of this format. It was easier and more engaging to create videos in Russian (starting with “Прожекторе по ИБ“, and later in “В тренде VM“) and translate them into English when needed.

Since March 2024, the English site had no updates. New posts appeared exclusively on the Telegram channel @avleonovcom. So, I decided to make the site a mirror of this channel.

I updated the scripts and uploaded 117 Telegram posts (since March 2024) to the site, leaving the earlier content as is.

На русском

This is my personal blog. The opinions expressed here are my own and not of my employer. All product names, logos, and brands are property of their respective owners. All company, product and service names used here for identification purposes only. Use of these names, logos, and brands does not imply endorsement. You can freely use materials of this site, but it would be nice if you place a link on https://avleonov.com and send message about it at me@avleonov.com or contact me any other way.

Alexander V. Leonov

Vulnerability Management and more

Monthly Archives: November 2024

November Microsoft Patch Tuesday

I transformed my English-language site avleonov.com