Microsoft today it released updates to patch at least 89 security holes in it Windows operating systems and other software. The November patch bundle includes a fix for the two-day vulnerability already being exploited by attackers, as well as two other bugs that were publicly disclosed earlier today.
The zero-day bug tracked as CVE-2024-49039 is a bug in Windows Task Scheduler that allows an attacker to escalate his privileges on a Windows machine. Microsoft recommends Google Threat Analysis Group by reporting an error.
The second bug fixed this month that is already seeing wild exploitation is CVE-2024-43451, a sneaky bug that could expose Net-NTLMv2 hashes, which are used for authentication in Windows environments.
Satnam Narangsenior staff research engineer e It is usablestates that the danger with stolen NTLM hashes is that they allow so-called “pass-the-hash” attacks, which allow an attacker to impersonate a legitimate user without having to log in or know the user’s password. Narang notes that CVE-2024-43451 is the third NTLM zero day so far this year.
“Attackers continue to assert themselves by finding and exploiting zero-day vulnerabilities that can expose NTLMv2 hashes, as they can be used to authenticate systems and be able to move around the network to access other systems,” Narang said.
Two other publicly disclosed vulnerabilities Microsoft released this month are CVE-2024-49019, an elevation of privilege error Active Directory Certificate Services (AD CS); and CVE-2024-49040, a spoofing vulnerability Microsoft Exchange Server.
Ben McCarthylead cybersecurity engineer at Focused Labscalled special attention to CVE-2024-43602, a remote code execution vulnerability Windows Kerberosan authentication protocol widely used in Windows domain networks.
“This is one of the most dangerous CVEs in this patch release,” McCarthy said. “Windows domains are used in most business networks, and by taking advantage of a cryptographic protocol vulnerability, an attacker can perform arbitrary actions on a remote machine within the network, potentially giving them access to the domain controller, which is the target. to many attackers when they attack the base.”
McCarthy also pointed to CVE-2024-43498, a remote code execution bug .NET again Visual Studio which can be used to install malware. This bug earned a CVSS severity rating of 9.8 (10 being worst).
Finally, at least 29 updates released today address memory-related security issues including SQL Servereach with a threat score of 8.8. Any of these bugs can be used to install malware if an authorized user connects to a compromised or compromised SQL database server.
For a more detailed description of today’s patches from Microsoft, check out the SANS Internet Storm Center listing. For administrators in charge of managing large Windows environments, it pays to keep an eye on Askwoody.com, which often points out when certain Microsoft updates cause several problems for users.
As always, if you encounter problems using any of these updates, consider leaving a note about it in the comments; It’s great that someone else reading here has encountered the same problem, and maybe found a solution.
Source link