Microsoft immediately launched updates to plug at the very least 89 safety holes in its Home windows working programs and different software program. November’s patch batch consists of fixes for 2 zero-day vulnerabilities which can be already being exploited by attackers, in addition to two different flaws that have been publicly disclosed previous to immediately.
The zero-day flaw tracked as CVE-2024-49039 is a bug within the Home windows Activity Scheduler that permits an attacker to extend their privileges on a Home windows machine. Microsoft credit Google’s Menace Evaluation Group with reporting the flaw.
The second bug fastened this month that’s already seeing in-the-wild exploitation is CVE-2024-43451, a spoofing flaw that might reveal Net-NTLMv2 hashes, that are used for authentication in Home windows environments.
Satnam Narang, senior workers analysis engineer at Tenable, says the hazard with stolen NTLM hashes is that they permit so-called “pass-the-hash” assaults, which let an attacker masquerade as a reliable person with out ever having to log in or know the person’s password. Narang notes that CVE-2024-43451 is the third NTLM zero-day thus far this 12 months.
“Attackers proceed to be adamant about discovering and exploiting zero-day vulnerabilities that may disclose NTLMv2 hashes, as they can be utilized to authenticate to programs and probably transfer laterally inside a community to entry different programs,” Narang stated.
The 2 different publicly disclosed weaknesses Microsoft patched this month are CVE-2024-49019, an elevation of privilege flaw in Energetic Listing Certificates Providers (AD CS); and CVE-2024-49040, a spoofing vulnerability in Microsoft Trade Server.
Ben McCarthy, lead cybersecurity engineer at Immersive Labs, referred to as particular consideration to CVE-2024-43639, a distant code execution vulnerability in Home windows Kerberos, the authentication protocol that’s closely utilized in Home windows area networks.
“This is without doubt one of the most threatening CVEs from this patch launch,” McCarthy stated. “Home windows domains are used within the majority of enterprise networks, and by benefiting from a cryptographic protocol vulnerability, an attacker can carry out privileged acts on a distant machine inside the community, probably giving them eventual entry to the area controller, which is the aim for a lot of attackers when attacking a site.”
McCarthy additionally pointed to CVE-2024-43498, a distant code execution flaw in .NET and Visible Studio that may very well be used to put in malware. This bug has earned a CVSS severity score of 9.8 (10 is the worst).
Lastly, at the very least 29 of the updates launched immediately sort out memory-related safety points involving SQL server, every of which earned a risk rating of 8.8. Any certainly one of these bugs may very well be used to put in malware if an authenticated person connects to a malicious or hacked SQL database server.
For a extra detailed breakdown of immediately’s patches from Microsoft, take a look at the SANS Internet Storm Center’s list. For directors accountable for managing bigger Home windows environments, it pays to keep watch over Askwoody.com, which ceaselessly factors out when particular Microsoft updates are creating issues for plenty of customers.
As all the time, should you expertise any issues making use of any of those updates, think about dropping a word about it within the feedback; likelihood is glorious that another person studying right here has skilled the identical situation, and possibly even has discovered an answer.