Microsoft Patch Tuesday, November 2024 Edition – Krebs on Security

Microsoft Updates released today to plug at least 89 of its security holes Windows operating systems and other software. The November patch batch includes fixes for two zero-day vulnerabilities that have been exploited by attackers, as well as two additional vulnerabilities that were publicly disclosed prior to today.

Zero-day vulnerabilities are tracked as CVE-2024-49039 is a mistake Windows job scheduler This allows attackers to increase their privileges on Windows computers. Microsoft takes credit for Google Threat Analysis Group Report defects.

The second bug fixed this month that has been exploited in the wild is CVE-2024-43451a deceptive flaw that might be exposed Net-NTLMv2 hash valueused for authentication in Windows environments.

sananarangsenior research engineer tenableindicating that the danger of stolen NTLM hash values ​​is that they can trigger so-called “pass-the-hash” attacks, which allow an attacker to impersonate a legitimate user without having to log in or know the user’s password. Narang noted that CVE-2024-43451 is the third NTLM zero-day vulnerability so far this year.

“Attackers continue to discover and exploit zero-day vulnerabilities that can reveal NTLMv2 hashes because they can be used to authenticate systems and potentially move laterally within the network to access other systems,” Narang said.

Two other publicly disclosed vulnerabilities Microsoft patched this month are CVE-2024-49019Privilege Elevation Flaw Active Directory Certificate Services (AD CS); and CVE-2024-49040a spoofing vulnerability microsoft exchange server.

Ben McCarthyChief Cybersecurity Engineer Immersive Labcall for special attention CVE-2024-43639remote code execution vulnerability Windows Kerberosan authentication protocol used extensively in Windows domain networks.

“This is one of the most threatening CVEs in this patch release,” McCarthy said. “Most corporate networks use Windows domains. By exploiting encryption protocol vulnerabilities, an attacker can perform privileged operations on remote computers within the network, potentially ultimately accessing the domain controller. This is the attacker’s The target for many attackers is when attacking a domain.

McCarthy also pointed out CVE-2024-43498remote code execution defects . and visual studio Can be used to install malware. This bug has a CVSS severity rating of 9.8 (worst is 10).

Finally, at least 29 of the updates released today address memory-related security issues, including SQL serverwith a score of 8.8 per threat. If an authenticated user connects to a malicious or hacked SQL database server, any of these errors could be used to install malware.

For a more detailed breakdown of today’s patches from Microsoft, check out List of SANS cyber storm centers. For administrators responsible for managing large Windows environments, pay close attention askwoody.comwhich often indicates when a specific Microsoft update is causing problems for many users.

As always, if you encounter any issues applying these updates, please consider mentioning it in the comments; it’s likely that someone else reading here is experiencing the same issue and may have even found a solution.