4 Zero-Days and 89 Vulnerabilities Patched


Microsoft released its latest Patch Tuesday update, addressing 89 security vulnerabilities across its software portfolio.

Four of these are classified as zero-day vulnerabilities, with two actively exploited in the wild. This patch release underscores the critical importance of timely updates to protect against potential cyber threats.

SIEM as a Service

Zero-Day Vulnerabilities Patched

The four zero-day vulnerabilities patched in this update include two that attackers have actively exploited:

  1. CVE-2024-43451 – NTLM Hash Disclosure Spoofing Vulnerability
    This vulnerability exposes NTLMv2 hashes to remote attackers through minimal user interaction, such as selecting or right-clicking on a malicious file. Attackers can use these hashes to authenticate as the user, potentially gaining unauthorized access to sensitive systems. This vulnerability has been actively exploited and poses a significant risk to all supported versions of Windows.
  2. CVE-2024-49039 – Windows Task Scheduler Elevation of Privilege Vulnerability
    This flaw allows attackers to elevate their privileges by exploiting a vulnerability in the Windows Task Scheduler. Attackers can execute restricted RPC functions, potentially leading to unauthorized code execution or resource access. Like CVE-2024-43451, this vulnerability has been actively exploited.

Additionally, two other zero-day vulnerabilities were publicly disclosed but not yet actively exploited:

Attend a Free Webinar on How to Maximize Cybersecurity Program ROI

  1. CVE-2024-49040 – Microsoft Exchange Server Spoofing Vulnerability
    This vulnerability allows attackers to spoof email addresses within Microsoft Exchange Server, potentially deceiving recipients into interacting with malicious content.
  2. CVE-2024-49019 – Active Directory Certificate Services Elevation of Privilege Vulnerability
    Attackers could exploit this flaw to gain domain administrator privileges by leveraging weak authentication mechanisms in Active Directory Certificate Services.

Breakdown of Vulnerabilities

The 89 vulnerabilities addressed in this update span a wide range of categories:

  • 52 Remote Code Execution (RCE) vulnerabilities: These flaws allow attackers to execute arbitrary code on vulnerable systems remotely.
  • 26 Elevation of Privilege (EoP) vulnerabilities: These enable attackers to gain higher-level access than they are authorized.
  • 4 Denial of Service (DoS) vulnerabilities: These can disrupt services by overloading systems.
  • 3 Spoofing vulnerabilities
  • 2 Security Feature Bypass (SFB) vulnerabilities
  • 1 Information Disclosure vulnerability.

Critical Vulnerabilities

Four vulnerabilities have been rated as critical by Microsoft due to their potential for severe exploitation:

  1. CVE-2024-43639 – Windows Kerberos Remote Code Execution Vulnerability
    This vulnerability could allow an attacker to execute remote code by exploiting weaknesses in the Windows Kerberos cryptographic protocol. Although classified as critical, Microsoft has assessed that exploitation is less likely due to the complexity involved.
  2. CVE-2024-43625 – Hyper-V VMSwitch Elevation of Privilege Vulnerability
    An attacker could exploit this flaw by sending specially crafted network packets, potentially gaining elevated privileges on a Hyper-V host.
  3. CVE-2024-43498 – .NET and Visual Studio Remote Code Execution Vulnerability
    This critical RCE flaw could allow attackers to execute arbitrary code by sending specially crafted requests to vulnerable .NET applications.
  4. CVE-2024-43602 – Azure CycleCloud Remote Code Execution Vulnerability
    If an attacker gains basic user privileges, they could exploit this flaw to gain root privileges on an Azure CycleCloud cluster.

Given the severity of these vulnerabilities, particularly the two zero-days being actively exploited, it is crucial for organizations and users to apply these patches immediately. Delaying updates could leave systems exposed to attacks that leverage these flaws.

For Windows users, cumulative updates are available for both Windows 10 and Windows 11 versions via Windows Update or manual download from the Microsoft Update Catalog. Administrators managing large environments should prioritize patching systems vulnerable to the most critical and actively exploited flaws.

Microsoft’s November Patch Tuesday highlights the ongoing need for vigilance in cybersecurity as attackers continue to exploit zero-day vulnerabilities. Keeping systems up-to-date is one of the most effective ways to mitigate potential risks from these security flaws.

Other Vulnerabilities Patched in November 2024

Run private, Real-time Malware Analysis in both Windows & Linux VMs. Get a 14-day free trial with ANY.RUN!



Source link