Microsoft at present launched updates to plug at the least 89 safety holes in its Home windows working methods and different software program. November’s patch batch consists of fixes for 2 zero-day vulnerabilities which can be already being exploited by attackers, in addition to two different flaws that had been publicly disclosed previous to at present.
The zero-day flaw tracked as CVE-2024-49039 is a bug within the Home windows Job Scheduler that enables an attacker to extend their privileges on a Home windows machine. Microsoft credit Google’s Menace Evaluation Group with reporting the flaw.
The second bug mounted this month that’s already seeing in-the-wild exploitation is CVE-2024-43451, a spoofing flaw that might reveal Internet-NTLMv2 hashes, that are used for authentication in Home windows environments.
Satnam Narang, senior workers analysis engineer at Tenable, says the hazard with stolen NTLM hashes is that they allow so-called “pass-the-hash” assaults, which let an attacker masquerade as a authentic consumer with out ever having to log in or know the consumer’s password. Narang notes that CVE-2024-43451 is the third NTLM zero-day to this point this 12 months.
“Attackers proceed to be adamant about discovering and exploiting zero-day vulnerabilities that may disclose NTLMv2 hashes, as they can be utilized to authenticate to methods and doubtlessly transfer laterally inside a community to entry different methods,” Narang stated.
The 2 different publicly disclosed weaknesses Microsoft patched this month are CVE-2024-49019, an elevation of privilege flaw in Energetic Listing Certificates Providers (AD CS); and CVE-2024-49040, a spoofing vulnerability in Microsoft Change Server.
Ben McCarthy, lead cybersecurity engineer at Immersive Labs, referred to as particular consideration to CVE-2024-43602, a distant code execution vulnerability in Home windows Kerberos, the authentication protocol that’s closely utilized in Home windows area networks.
“This is without doubt one of the most threatening CVEs from this patch launch,” McCarthy stated. “Home windows domains are used within the majority of enterprise networks, and by profiting from a cryptographic protocol vulnerability, an attacker can carry out privileged acts on a distant machine throughout the community, doubtlessly giving them eventual entry to the area controller, which is the purpose for a lot of attackers when attacking a site.”
McCarthy additionally pointed to CVE-2024-43498, a distant code execution flaw in .NET and Visible Studio that might be used to put in malware. This bug has earned a CVSS severity ranking of 9.8 (10 is the worst).
Lastly, at the least 29 of the updates launched at present deal with memory-related safety points involving SQL server, every of which earned a risk rating of 8.8. Any considered one of these bugs might be used to put in malware if an authenticated consumer connects to a malicious or hacked SQL database server.
For a extra detailed breakdown of at present’s patches from Microsoft, try the SANS Web Storm Heart’s checklist. For directors in control of managing bigger Home windows environments, it pays to regulate Askwoody.com, which ceaselessly factors out when particular Microsoft updates are creating issues for various customers.
As at all times, in case you expertise any issues making use of any of those updates, contemplate dropping a word about it within the feedback; chances are high glorious that another person studying right here has skilled the identical subject, and perhaps even has discovered an answer.