The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding two newly disclosed vulnerabilities in Microsoft Windows, urging organizations and users to apply mitigations promptly to prevent potential exploitation in the wild.
These flaws, CVE-2024-49039 and CVE-2024-43451, could allow attackers to escalate privileges and compromise sensitive data.
CVE-2024-49039: Task Scheduler Privilege Escalation Vulnerability
The first vulnerability, CVE-2024-49039, affects the Microsoft Windows Task Scheduler. This flaw allows a local attacker to escalate privileges by executing malicious code outside its restricted AppContainer environment.
By exploiting this vulnerability, attackers could access privileged Remote Procedure Call (RPC) functions, potentially leading to further compromise.
Free Ultimate Continuous Security Monitoring Guide - Download Here (PDF)
While it remains unclear whether this vulnerability has been actively exploited in ransomware campaigns, its risk is significant.
CISA has advised users to follow Microsoft’s mitigation guidelines or discontinue using affected systems if no mitigations are available.
CVE-2024-43451: NTLMv2 Hash Disclosure Spoofing Vulnerability
The second vulnerability, CVE-2024-43451, targets the NTLMv2 (NT LAN Manager version 2) authentication protocol in Microsoft Windows.
This flaw allows an attacker to disclose a user’s NTLMv2 hash by tricking the victim into opening a malicious file.
With the exposed hash, attackers could impersonate the user and gain unauthorized access to critical systems or data.
Though no confirmed ransomware campaigns have been linked to this vulnerability, it poses a severe threat to organizations using NTLM authentication. Users are again urged to apply the necessary mitigations or cease using affected products if no patch is available.
CISA has highlighted the urgency of addressing these vulnerabilities, emphasizing the potential for attackers to exploit them in future campaigns.
Organizations are advised to stay vigilant, implement the recommended mitigations, and monitor for any signs of compromise.
Run private, Real-time Malware Analysis in both Windows & Linux VMs. Get a 14-day free trial with ANY.RUN!