Security
Headlines
HeadlinesLatestCVEs

Headline

Microsoft’s November Patch Tuesday Fixes 91 Vulnerabilities, 4 Zero-Days

Microsoft’s November 2024 Patch Tuesday update fixes 91 security vulnerabilities, including four zero-day vulnerabilities. Critical fixes address actively…

HackRead
#vulnerability#web#mac#windows#microsoft#dos#rce#auth#zero_day

Microsoft’s November 2024 Patch Tuesday update fixes 91 security vulnerabilities, including four zero-day vulnerabilities. Critical fixes address actively exploited flaws in Windows, emphasising the need for quick patching.

Microsoft has released its November 2024 Patch Tuesday updates, addressing 91 security vulnerabilities across its software portfolio, including four zero-day flaws, two of which have been actively exploited.

****Zero-Day Vulnerabilities****

The two actively exploited zero-day vulnerabilities are:

  1. CVE-2024-43451: An NTLM Hash Disclosure Spoofing Vulnerability that exposes NTLMv2 hashes to remote attackers with minimal user interaction, such as selecting or right-clicking a malicious file.
  2. CVE-2024-49039: A Windows Task Scheduler Elevation of Privilege Vulnerability allowing attackers to execute RPC functions typically restricted to privileged accounts, potentially leading to unauthorized code execution or resource access.

Additionally, two publicly disclosed but not actively exploited vulnerabilities were addressed:

  1. CVE-2024-49040: A Microsoft Exchange Server Spoofing Vulnerability enabling threat actors to spoof sender email addresses to local recipients.
  2. CVE-2024-49041: A Windows MSHTML Platform Spoofing Vulnerability that could be leveraged to deceive users into interacting with malicious content.

****Vulnerabilities****

The 91 vulnerabilities fixed in this update are categorized as follows:

  • 3 Spoofing vulnerabilities
  • 4 Denial of Service vulnerabilities
  • 1 Information Disclosure vulnerability
  • 26 Elevation of Privilege vulnerabilities
  • 2 Security Feature Bypass vulnerabilities
  • 52 Remote Code Execution vulnerabilities.

It is worth noting that, four vulnerabilities are rated as critical, including two remote code executions and two elevations of privilege flaws.

****Windows 11 Updates****

For Windows 11 users, cumulative updates KB5046617 and KB5046633 have been released for versions 24H2 and 23H2, respectively. These updates address security vulnerabilities and include quality improvements. Notable fixes include resolving an issue causing a black screen when using Alt-Tab to switch between apps and correcting Task Manager’s incorrect display of zero running processes.

****Windows 10 Updates****

Windows 10 versions 21H2 and 22H2 have received cumulative update KB5046613, which focuses on security enhancements. Microsoft has indicated that there are no known issues with this update.

Saeed Abbasi, Manager of Vulnerability Research at the Qualys Threat Research Unit, highlighted the severity of the CVE-2024-43451 vulnerability. “The CVE-2024-43451 leverages the remnants of Internet Explorer’s MSHTML component through the WebBrowser control,” he explained.

“This flaw allows attackers to capture a user’s NTLMv2 hash with minimal interaction—just a single click or right-click on a malicious file.” With this hash in hand, attackers can authenticate as the user, potentially gaining unauthorized access and compromising sensitive data.”

Abbasi emphasized that this vulnerability affects all supported versions of Microsoft Windows, making it widespread and critical. “This vulnerability leads to a complete loss of confidentiality for affected users, making immediate action essential,” he added.

For protection, Abbasi recommends organizations take three critical steps: apply the latest patches, install IE cumulative updates, and inform users about this specific threat. Prompt action is crucial to safeguard an organization’s systems and data from potential breaches.

****Recommendations for Users****

It is strongly recommended that users apply these updates as soon as possible to mitigate possible security risks. Updates can be installed via Windows Update or manually downloaded from the Microsoft Update Catalog. Nevertheless, November Patch Tuesday shows the importance of maintaining up-to-date systems to protect yourself from increasing cybersecurity threats.

  1. “HM Surf” macOS Flaw Lets Attackers Access Camera and Mic
  2. CISA Warns of Palo Alto Networks’ Expedition Tool Vulnerability
  3. Attack Lets Hackers Downgrade Windows to Exploit Patched Flaws
  4. ZDI Slams Microsoft for Not Crediting It in Last Week’s Patch Tuesday
  5. Microsoft Patch Tuesday: Microsoft Patches 142 Critical Vulnerabilities

Related news

About Elevation of Privilege – Windows Task Scheduler (CVE-2024-49039) vulnerability

About Elevation of Privilege – Windows Task Scheduler (CVE-2024-49039) vulnerability. It was released on November Microsoft Patch Tuesday and showed signs of exploitation in the wild right away. To exploit the vulnerability, an authenticated attacker runs a specially crafted application on the target system. The attack can be performed from an AppContainer restricted environment. Using […]

Russian Hackers Exploit Firefox and Windows 0-Days to Deploy Backdoor

Watch out for the Russian hackers from the infamous RomRom group, also known as Storm-0978, Tropical Scorpius, or UNC2596, and their use of a custom backdoor.

'RomCom' APT Mounts Zero-Day, Zero-Click Browser Escapes in Firefox, Tor

The innocuously named Russian-sponsored cyber threat actor has combined critical and serious vulnerabilities in Windows and Firefox products in a zero-click code execution exploit.

November Patch Tuesday release contains three critical remote code execution vulnerabilities

The Patch Tuesday for November of 2024 includes 91 vulnerabilities, including two that Microsoft marked as “critical.” The remaining 89 vulnerabilities listed are classified as “important.”

November Patch Tuesday release contains three critical remote code execution vulnerabilities

The Patch Tuesday for November of 2024 includes 91 vulnerabilities, including two that Microsoft marked as “critical.” The remaining 89 vulnerabilities listed are classified as “important.”

November Microsoft Patch Tuesday

November Microsoft Patch Tuesday. 125 CVEs, 35 of which were added since October MSPT. 2 vulnerabilities with signs of exploitation in the wild: 🔻 Elevation of Privilege – Windows Task Scheduler (CVE-2024-49039)🔻 Disclosure/Spoofing – NTLM Hash (CVE-2024-43451) No signs of exploitation, but with a private PoC of the exploit: 🔸 Remote Code Execution – Microsoft […]

2 Zero-Day Bugs in Microsoft's Nov. Update Under Active Exploit

The November 2024 Patch Tuesday update contains a substantially high percentage of remote code execution (RCE) vulnerabilities (including a critical issue in Windows Kerberos), and two other zero-day bugs that have been previously disclosed and could soon come under attack.

2 Zero-Day Bugs in Microsoft's Nov. Update Under Active Exploit

The November 2024 Patch Tuesday update contains a substantially high percentage of remote code execution (RCE) vulnerabilities (including a critical issue in Windows Kerberos), and two other zero-day bugs that have been previously disclosed and could soon come under attack.

2 Zero-Day Bugs in Microsoft's Nov. Update Under Active Exploit

The November 2024 Patch Tuesday update contains a substantially high percentage of remote code execution (RCE) vulnerabilities (including a critical issue in Windows Kerberos), and two other zero-day bugs that have been previously disclosed and could soon come under attack.

Microsoft Patch Tuesday, November 2024 Edition

Microsoft today released updates to plug at least 89 security holes in its Windows operating systems and other software. November's patch batch includes fixes for two zero-day vulnerabilities that are already being exploited by attackers, as well as two other flaws that were publicly disclosed prior to today.