Microsoft at this time launched updates to plug at the very least 89 safety holes in its Home windows working programs and different software program. November’s patch batch consists of fixes for 2 zero-day vulnerabilities which might be already being exploited by attackers, in addition to two different flaws that have been publicly disclosed previous to at this time.
The zero-day flaw tracked as CVE-2024-49039 is a bug within the Home windows Activity Scheduler that permits an attacker to extend their privileges on a Home windows machine. Microsoft credit Google’s Risk Evaluation Group with reporting the flaw.
The second bug fastened this month that’s already seeing in-the-wild exploitation is CVE-2024-43451, a spoofing flaw that might reveal Web-NTLMv2 hashes, that are used for authentication in Home windows environments.
Satnam Narang, senior employees analysis engineer at Tenable, says the hazard with stolen NTLM hashes is that they permit so-called “pass-the-hash” assaults, which let an attacker masquerade as a official person with out ever having to log in or know the person’s password. Narang notes that CVE-2024-43451 is the third NTLM zero-day to this point this yr.
“Attackers proceed to be adamant about discovering and exploiting zero-day vulnerabilities that may disclose NTLMv2 hashes, as they can be utilized to authenticate to programs and doubtlessly transfer laterally inside a community to entry different programs,” Narang mentioned.
The 2 different publicly disclosed weaknesses Microsoft patched this month are CVE-2024-49019, an elevation of privilege flaw in Energetic Listing Certificates Providers (AD CS); and CVE-2024-49040, a spoofing vulnerability in Microsoft Change Server.
Ben McCarthy, lead cybersecurity engineer at Immersive Labs, known as particular consideration to CVE-2024-43602, a distant code execution vulnerability in Home windows Kerberos, the authentication protocol that’s closely utilized in Home windows area networks.
“This is likely one of the most threatening CVEs from this patch launch,” McCarthy mentioned. “Home windows domains are used within the majority of enterprise networks, and by making the most of a cryptographic protocol vulnerability, an attacker can carry out privileged acts on a distant machine throughout the community, doubtlessly giving them eventual entry to the area controller, which is the objective for a lot of attackers when attacking a site.”
McCarthy additionally pointed to CVE-2024-43498, a distant code execution flaw in .NET and Visible Studio that could possibly be used to put in malware. This bug has earned a CVSS severity score of 9.8 (10 is the worst).
Lastly, at the very least 29 of the updates launched at this time deal with memory-related safety points involving SQL server, every of which earned a risk rating of 8.8. Any one in all these bugs could possibly be used to put in malware if an authenticated person connects to a malicious or hacked SQL database server.
For a extra detailed breakdown of at this time’s patches from Microsoft, take a look at the SANS Web Storm Heart’s checklist. For directors answerable for managing bigger Home windows environments, it pays to keep watch over Askwoody.com, which ceaselessly factors out when particular Microsoft updates are creating issues for a lot of customers.
As at all times, in case you expertise any issues making use of any of those updates, think about dropping a observe about it within the feedback; likelihood is wonderful that another person studying right here has skilled the identical problem, and perhaps even has discovered an answer.