Microsoft as we speak launched updates to plug a minimum of 89 safety holes in its Home windows working techniques and different software program. November’s patch batch contains fixes for 2 zero-day vulnerabilities which can be already being exploited by attackers, in addition to two different flaws that have been publicly disclosed previous to as we speak.
The zero-day flaw tracked as CVE-2024-49039 is a bug within the Home windows Activity Scheduler that enables an attacker to extend their privileges on a Home windows machine. Microsoft credit Google’s Risk Evaluation Group with reporting the flaw.
The second bug fastened this month that’s already seeing in-the-wild exploitation is CVE-2024-43451, a spoofing flaw that would reveal Internet-NTLMv2 hashes, that are used for authentication in Home windows environments.
Satnam Narang, senior workers analysis engineer at Tenable, says the hazard with stolen NTLM hashes is that they allow so-called “pass-the-hash” assaults, which let an attacker masquerade as a professional consumer with out ever having to log in or know the consumer’s password. Narang notes that CVE-2024-43451 is the third NTLM zero-day thus far this yr.
“Attackers proceed to be adamant about discovering and exploiting zero-day vulnerabilities that may disclose NTLMv2 hashes, as they can be utilized to authenticate to techniques and probably transfer laterally inside a community to entry different techniques,” Narang mentioned.
The 2 different publicly disclosed weaknesses Microsoft patched this month are CVE-2024-49019, an elevation of privilege flaw in Lively Listing Certificates Providers (AD CS); and CVE-2024-49040, a spoofing vulnerability in Microsoft Change Server.
Ben McCarthy, lead cybersecurity engineer at Immersive Labs, referred to as particular consideration to CVE-2024-43602, a distant code execution vulnerability in Home windows Kerberos, the authentication protocol that’s closely utilized in Home windows area networks.
“This is without doubt one of the most threatening CVEs from this patch launch,” McCarthy mentioned. “Home windows domains are used within the majority of enterprise networks, and by making the most of a cryptographic protocol vulnerability, an attacker can carry out privileged acts on a distant machine inside the community, probably giving them eventual entry to the area controller, which is the purpose for a lot of attackers when attacking a site.”
McCarthy additionally pointed to CVE-2024-43498, a distant code execution flaw in .NET and Visible Studio that may very well be used to put in malware. This bug has earned a CVSS severity score of 9.8 (10 is the worst).
Lastly, a minimum of 29 of the updates launched as we speak sort out memory-related safety points involving SQL server, every of which earned a menace rating of 8.8. Any one in all these bugs may very well be used to put in malware if an authenticated consumer connects to a malicious or hacked SQL database server.
For a extra detailed breakdown of as we speak’s patches from Microsoft, take a look at the SANS Web Storm Middle’s checklist. For directors answerable for managing bigger Home windows environments, it pays to keep watch over Askwoody.com, which ceaselessly factors out when particular Microsoft updates are creating issues for quite a few customers.
As at all times, in case you expertise any issues making use of any of those updates, contemplate dropping a word about it within the feedback; chances are high glorious that another person studying right here has skilled the identical subject, and possibly even has discovered an answer.
