Today's cybersecurity headlines are brought to you by ThreatPerspective


Ethical Hacking News

November 2024 Patch Tuesday Security Update Roundup: Four Zero-Days Fixed



November 2024 Patch Tuesday has addressed a total of 91 security vulnerabilities, including four critical zero-day exploits. The update aims to fix multiple flaws in various Windows components and services, including the SMBv3 client and server, Windows Task Scheduler, and Windows Telephony Service. Learn more about the patches included in this month's update.



  • Microsoft's November 2024 Patch Tuesday addresses 91 security vulnerabilities.
  • Four critical zero-day exploits were fixed in this patch, including CVE-2024-43451 and CVE-2024-49039.
  • The updates aim to address various security concerns and protect against potential threats.
  • A total of 26 Elevation of Privilege vulnerabilities, 2 Security Feature Bypass vulnerabilities, and 52 Remote Code Execution vulnerabilities were fixed.


  • Microsoft's November 2024 Patch Tuesday has addressed a total of 91 security vulnerabilities, including four critical zero-day exploits. The update has been deployed to fix multiple flaws in various Windows components and services, including the SMBv3 client and server, Windows Task Scheduler, and Windows Telephony Service.

    The list of vulnerabilities fixed by Microsoft includes 26 Elevation of Privilege vulnerabilities, 2 Security Feature Bypass vulnerabilities, 52 Remote Code Execution vulnerabilities, 1 Information Disclosure vulnerability, and 4 Denial of Service vulnerabilities. These updates aim to address various security concerns and protect against potential threats.

    Among the most notable vulnerabilities addressed in this patch are two zero-day exploits, identified as CVE-2024-43451 (NTLM Hash Disclosure Spoofing Vulnerability) and CVE-2024-49039 (Windows Task Scheduler Elevation of Privilege Vulnerability). The former vulnerability allows attackers to disclose a user's NTLMv2 hash with minimal interaction, while the latter enables an attacker to elevate privilege levels by crafting a specially crafted application.

    Microsoft has also acknowledged that four critical vulnerabilities were actively exploited in attacks prior to this patch. These include CVE-2024-43451, CVE-2024-49039, CVE-2024-49040 (Microsoft Exchange Server Spoofing Vulnerability), and CVE-2024-49019 (Active Directory Certificate Services Elevation of Privilege Vulnerability).

    In addition to Microsoft's updates, other vendors have released security patches for various products. These include Adobe, Cisco, Citrix, Dell, D-Link, Google, Ivanti, SAP, Schneider Electric, Siemens, and more.

    This month's Patch Tuesday update is considered a significant effort by Microsoft to address the growing threat landscape. By deploying these updates, users can reduce their risk of falling prey to potential security threats.



    Related Information:

  • https://www.bleepingcomputer.com/news/microsoft/microsoft-november-2024-patch-tuesday-fixes-4-zero-days-91-flaws/

  • https://nvd.nist.gov/vuln/detail/CVE-2024-43451

  • https://www.cvedetails.com/cve/CVE-2024-43451/

  • https://nvd.nist.gov/vuln/detail/CVE-2024-49039

  • https://www.cvedetails.com/cve/CVE-2024-49039/

  • https://nvd.nist.gov/vuln/detail/CVE-2024-49040

  • https://www.cvedetails.com/cve/CVE-2024-49040/

  • https://nvd.nist.gov/vuln/detail/CVE-2024-49019

  • https://www.cvedetails.com/cve/CVE-2024-49019/


  • Published: Tue Nov 12 15:10:04 2024 by llama3.2 3B Q4_K_M













         


    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us