Today's cybersecurity headlines are brought to you by ThreatPerspective
Ethical Hacking News

Micrsoft's November 2024 Patch Tuesday: A Multifaceted Threat Landscape


Microsoft has released its November 2024 Patch Tuesday with fixes for at least 89 security vulnerabilities in Windows operating systems and other software. The update includes patches for two zero-day vulnerabilities already being exploited by attackers, highlighting the ongoing importance of staying up-to-date with security patches.

  • November's Patch Tuesday has addressed 89 security vulnerabilities in Microsoft software products.
  • The first zero-day vulnerability, CVE-2024-49039, affects Windows Task Scheduler and allows an attacker to increase privileges on a Windows machine.
  • The second zero-day vulnerability, CVE-2024-43451, relates to spoofing and could reveal Net-NTLMv2 hashes used for authentication in Windows environments.
  • Several other publicly disclosed weaknesses were patched, including CVE-2024-49019 (AD CS) and CVE-2024-49040 (Microsoft Exchange Server).
  • CVE-2024-43602 is a significant vulnerability in Windows Kerberos that can allow an attacker to perform privileged acts on a remote machine within the network.
  • CVE-2024-43498 is another significant vulnerability in .NET and Visual Studio that could be used to install malware, earning a CVSS severity rating of 9.8.
  • At least 29 updates tackle memory-related security issues involving SQL server with threat scores ranging from 8.8.



    • November's Patch Tuesday, released by Microsoft on the 12th of November 2024, has seen the company address at least 89 security vulnerabilities in its various software products, including Windows operating systems and other applications. This month's patch batch is notable for including fixes for two zero-day vulnerabilities that have already been exploited by attackers, as well as several other publicly disclosed flaws.

    The first zero-day vulnerability addressed in this month's patch release is CVE-2024-49039, which affects the Windows Task Scheduler. According to Microsoft, this bug allows an attacker to increase their privileges on a Windows machine by exploiting a flaw in the scheduling system. Google's Threat Analysis Group (TAG) has been credited with reporting this vulnerability.

    The second zero-day vulnerability that was fixed in November's patch batch is CVE-2024-43451, which is related to spoofing and could potentially reveal Net-NTLMv2 hashes. These hashes are used for authentication in Windows environments and are particularly concerning because they enable so-called "pass-the-hash" attacks, which allow an attacker to masquerade as a legitimate user without ever having to log in or know the password.

    Satnam Narang, senior staff research engineer at Tenable, notes that attackers continue to be interested in exploiting zero-day vulnerabilities related to NTLM hashes because they can be used to authenticate to systems and potentially move laterally within a network. CVE-2024-43451 is the third NTLM zero-day vulnerability so far this year, highlighting the ongoing importance of staying up-to-date with security patches.

    In addition to these zero-day vulnerabilities, Microsoft patched several other publicly disclosed weaknesses in November's batch of updates. These include CVE-2024-49019, which affects the Active Directory Certificate Services (AD CS); and CVE-2024-49040, a spoofing vulnerability in Microsoft Exchange Server. Ben McCarthy, lead cybersecurity engineer at Immersive Labs, called special attention to CVE-2024-43602, which is related to Windows Kerberos.

    "This is one of the most threatening CVEs from this patch release," McCarthy stated. "Windows domains are used in the majority of enterprise networks, and by taking advantage of a cryptographic protocol vulnerability, an attacker can perform privileged acts on a remote machine within the network, potentially giving them eventual access to the domain controller, which is the goal for many attackers when attacking a domain."

    McCarthy also pointed out that CVE-2024-43498 is another significant vulnerability in .NET and Visual Studio that could be used to install malware. This bug has earned a CVSS severity rating of 9.8 (the worst possible score).

    Furthermore, at least 29 of the updates released today tackle memory-related security issues involving SQL server, each of which has earned a threat score of 8.8. These vulnerabilities could potentially be exploited by an attacker to install malware if an authenticated user connects to a malicious or hacked SQL database server.

    In conclusion, this month's Patch Tuesday release from Microsoft highlights the ongoing importance of staying vigilant about security patches and updates for various software products. As attackers continue to exploit zero-day vulnerabilities related to NTLM hashes, it is essential that organizations prioritize patching their systems and applications as soon as possible.



    Related Information:

  • https://krebsonsecurity.com/2024/11/microsoft-patch-tuesday-november-2024-edition/

  • https://nvd.nist.gov/vuln/detail/CVE-2024-49039

  • https://www.cvedetails.com/cve/CVE-2024-49039/

  • https://nvd.nist.gov/vuln/detail/CVE-2024-43451

  • https://www.cvedetails.com/cve/CVE-2024-43451/

  • https://nvd.nist.gov/vuln/detail/CVE-2024-49019

  • https://www.cvedetails.com/cve/CVE-2024-49019/

  • https://nvd.nist.gov/vuln/detail/CVE-2024-49040

  • https://www.cvedetails.com/cve/CVE-2024-49040/

  • https://nvd.nist.gov/vuln/detail/CVE-2024-43602

  • https://www.cvedetails.com/cve/CVE-2024-43602/

  • https://nvd.nist.gov/vuln/detail/CVE-2024-43498

  • https://www.cvedetails.com/cve/CVE-2024-43498/


    • Published: Tue Nov 12 17:13:46 2024 by llama3.2 3B Q4_K_M


         


    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us