In a recent development, Microsoft has released updates to address a total of 89 security vulnerabilities in its Windows operating systems and other software. This patch batch from November includes fixes for two zero-day vulnerabilities that are currently being exploited by cyber attackers, along with two other flaws that were publicly disclosed ahead of the release of these updates.
One of the zero-day vulnerabilities, known as CVE-2024-49039, is a bug found in the Windows Task Scheduler that allows malicious actors to escalate privileges on a Windows machine. This flaw was reported by Google’s Threat Analysis Group. The second vulnerability being actively exploited is CVE-2024-43451, which is a spoofing flaw that could potentially expose Net-NTLMv2 hashes used for authentication in Windows environments.
According to Satnam Narang, a senior staff research engineer at Tenable, the risk associated with stolen NTLM hashes is the ability for attackers to perform “pass-the-hash” attacks, allowing them to impersonate legitimate users without needing to know their passwords. This marks the third NTLM zero-day vulnerability discovered this year, indicating a persistent focus by attackers on exploiting these types of weaknesses.
Aside from these zero-day vulnerabilities, Microsoft also addressed two publicly disclosed weaknesses in this patch release. CVE-2024-49019 is an elevation of privilege flaw in Active Directory Certificate Services, while CVE-2024-49040 is a spoofing vulnerability in Microsoft Exchange Server.
Ben McCarthy, lead cybersecurity engineer at Immersive Labs, highlighted the significance of CVE-2024-43639, a remote code execution vulnerability in Windows Kerberos. This vulnerability poses a serious threat as it could allow attackers to carry out privileged actions on a remote machine within a network, potentially leading to access to the domain controller – a key objective for many attackers targeting a domain network.
McCarthy also drew attention to CVE-2024-43498, a remote code execution flaw in .NET and Visual Studio with a high CVSS severity rating of 9.8, indicating its critical nature. Furthermore, at least 29 of the updates released by Microsoft address memory-related security issues related to SQL server, each with a threat score of 8.8. Exploiting any of these vulnerabilities could result in malware installation if an authenticated user connects to a compromised SQL database server.
For further details on the patches released by Microsoft in November, the SANS Internet Storm Center provides a comprehensive list for reference. Additionally, administrators overseeing larger Windows environments are advised to stay informed through platforms like Askwoody.com, which often highlights potential issues arising from specific Microsoft updates.
As always, users experiencing difficulties with applying these updates are encouraged to share their concerns in the comments section, as there may be others facing similar issues who have found solutions. By remaining vigilant and proactive in addressing security vulnerabilities, users can better protect their systems from potential threats and exploits.