Ethical Hacking News
Microsoft has released 90 new security patches, including actively exploited vulnerabilities in NTLM and Task Scheduler. The update addresses a range of critical vulnerabilities, including remote code execution flaws and elevation of privilege vulnerabilities. Organizations are advised to prioritize patching these vulnerabilities as soon as possible to prevent potential exploitation.
Micorsoft has released a new batch of security patches as part of its Patch Tuesday update for November 2024, addressing 90 security vulnerabilities. Four vulnerabilities are rated critical and one moderate in severity, with two actively exploited vulnerabilities in Windows NT LAN Manager (NTLM) and Task Scheduler. The first vulnerability, CVE-2024-43451, is a Windows NTLM Hash Disclosure Spoofing Vulnerability that allows an attacker to disclose a user's NTLMv2 hash. The second vulnerability, CVE-2024-49039, is a Windows Task Scheduler Elevation of Privilege Vulnerability that enables an attacker to execute RPC functions that are otherwise restricted to privileged accounts. Micorsoft has credited ClearSky researcher Israel Yeshurun for discovering and reporting CVE-2024-43451. The update also includes 31 security fixes for the Chromium-based Edge browser since the release of the October 2024 Patch Tuesday update. 52 vulnerabilities are remote code execution flaws, with 85 rated as Important and four rated as Critical in severity. Micorsoft is adopting the Common Security Advisory Framework (CSAF) for all CVEs to accelerate response and remediation efforts. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added both vulnerabilities to the Known Exploited Vulnerabilities (KEV) catalog.
Microsoft has released a new batch of security patches as part of its Patch Tuesday update for November 2024. The update addresses a total of 90 security vulnerabilities, with four rated critical and one moderate in severity. Among the most significant issues are two actively exploited vulnerabilities in Windows NT LAN Manager (NTLM) and Task Scheduler.
The first vulnerability, identified by CVE-2024-43451, is a Windows NTLM Hash Disclosure Spoofing Vulnerability, which allows an attacker to disclose a user's NTLMv2 hash. This can be used to authenticate as the user and potentially move laterally within a network. The second vulnerability, CVE-2024-49039, is a Windows Task Scheduler Elevation of Privilege Vulnerability, which enables an attacker to execute RPC functions that are otherwise restricted to privileged accounts.
Both vulnerabilities have been actively exploited in the wild, with Microsoft crediting ClearSky researcher Israel Yeshurun for discovering and reporting CVE-2024-43451. The vulnerability was previously disclosed in February 2024 but has since been actively exploited again. CVE-2024-49039, on the other hand, is a zero-day vulnerability that could allow an attacker to execute RPC functions that are otherwise restricted to privileged accounts.
Satnam Narang, senior staff research engineer at Tenable, noted that attackers continue to be adamant about discovering and exploiting zero-day vulnerabilities that can disclose NTLMv2 hashes. "Attackers continue to be adamant about discovering and exploiting zero-day vulnerabilities that can disclose NTLMv2 hashes, as they can be used to authenticate to systems and potentially move laterally within a network to access other systems," Narang said.
The update also includes 31 security fixes for the Chromium-based Edge browser since the release of the October 2024 Patch Tuesday update. Fifty-two of the patched vulnerabilities are remote code execution flaws, with 85 rated as Important and four rated as Critical in severity.
In addition to Microsoft's patches, other vendors have released security updates over the past few weeks to rectify several vulnerabilities, including Adobe, Amazon Web Services, AMD, Apple, ASUS, Atlassian, Bosch, Broadcom (including VMware), Cisco, Citrix, CODESYS, D-Link, Dell, Drupal, F5, Fortinet, Fortra, GitLab, Google Android and Pixel, Google Chrome, Google Cloud, Google Wear OS, Hikvision, Hitachi Energy, HMS Networks, HP, HP Enterprise (including Aruba Networking), IBM, Intel, Ivanti, Juniper Networks, Lenovo, Linux distributions Amazon Linux, Debian, Oracle Linux, Red Hat, Rocky Linux, SUSE, and Ubuntu.
Furthermore, Microsoft has announced its adoption of the Common Security Advisory Framework (CSAF) for all CVEs in order to accelerate response and remediation efforts. The company stated that CSAF files are meant to be consumed by computers more so than by humans, so it is adding CSAF files as an addition to its existing CVE data channels rather than a replacement.
In related news, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added both vulnerabilities to the Known Exploited Vulnerabilities (KEV) catalog. This highlights the need for organizations to prioritize patching these vulnerabilities as soon as possible to prevent potential exploitation.
Lastly, Redmond has addressed a non-Microsoft-issued CVE, a remote code execution flaw in OpenSSL (CVE-2024-5535, CVSS score: 9.1). Exploitation of this vulnerability requires that an attacker send a malicious link to the victim via email or convince them to click on it.
Related Information:
https://thehackernews.com/2024/11/microsoft-fixes-90-new-vulnerabilities.html
https://www.bleepingcomputer.com/news/microsoft/microsoft-november-2024-patch-tuesday-fixes-4-zero-days-91-flaws/
https://nvd.nist.gov/vuln/detail/CVE-2024-43451
https://www.cvedetails.com/cve/CVE-2024-43451/
https://nvd.nist.gov/vuln/detail/CVE-2024-49039
https://www.cvedetails.com/cve/CVE-2024-49039/
https://nvd.nist.gov/vuln/detail/CVE-2024-5535
https://www.cvedetails.com/cve/CVE-2024-5535/
Published: Wed Nov 13 02:08:42 2024 by llama3.2 3B Q4_K_M