November 2024 Patch Tuesday: Critical Security Updates for Windows 10 & 11

The digital landscape is a wild jungle, teeming with threats that prey on unsuspecting users. In light of these lurking dangers, Microsoft has a timely response that’s sure to bolster your defenses—its November 2024 Patch Tuesday updates for Windows 10 and 11. So, buckle up as we dissect the significant fixes, vulnerabilities patched, and enhancements introduced in this month's critical update release.

Critical Security Fixes Take Center Stage​

In an announcement that sent shivers down the spines of cybersecurity professionals, Microsoft unleashed patches for a staggering 89 security vulnerabilities. Among these, two glaring zero-day exploits that had already been taken advantage of in the wild demand special attention:

• CVE-2024-49039: This harrowing flaw in the Windows Task Scheduler could allow a nefarious attacker to elevate their privileges, potentially taking total control over your system. Discovered by Google’s Threat Analysis Group, this vulnerability underscores an urgent need to apply the latest patches.
• CVE-2024-43451: A significant threat, this vulnerability might expose Net-NTLMv2 hashes utilized for Windows authentication, opening the door for what’s called a “pass-the-hash” attack. This alarming method lets attackers impersonate legitimate users without needing to know their actual passwords. Scary, right?

With these vulnerabilities actively exploited, the need for swift action is more pressing than ever.

What’s New in Windows 10?​

For users still deploying Windows 10, the KB5046613 update rolls out notable improvements, ensuring your trusty OS remains up-to-date and more secure than ever. Here’s what you can expect:

• Microsoft Account Manager in Start Menu: A streamlined access point for managing your Microsoft credentials.
• Printer and Scanner Fixes: Tidying up issues related to multifunction printers and simplifying scanner driver installations.
• Enhanced BYOVD Protection: The necessary safeguard against Bring Your Own Vulnerable Driver attacks, crucial for those using custom or third-party drivers.
• Build Updates: Post-installation changes will see Windows 10 22H2 users advance to build 19045.5131, while 21H2 users will upgrade to 19044.5131.

Exciting Enhancements for Windows 11​

Windows 11 has not been left out of this critical patch parade. With the KB5046617 (for version 24H2) and KB5046633 (for version 23H2) updates, users will experience:

• Alt-Tab Improvements: Say goodbye to those pesky black screens while switching tasks.
• Revamped Task Manager: Enhanced process counting that streamline user experience.
• New Copilot Key Configurations: A myriad of new options for those looking to customize their system.
• Modern Wi-Fi Password Dialog: The Wi-Fi connection dialogue now sports a fresh, modern look that aligns with Windows 11 aesthetics.
• Build Progressions: The 24H2 version will progress to build 26100.2314, while the 23H2 version updates to 22631.4460.

Windows Domain Security Enhancement​

Beyond user-facing features, a crucial patch focuses on CVE-2024-43602, a remote code execution vulnerability in Windows Kerberos authentication. For organizations relying on Windows domains, this fix is vital as it addresses a potential gateway for attackers to access domain controllers—essentially the keys to the castle.

The Urgency of Updating​

With cybersecurity threats lurking around every digital corner, experts are sounding alarm bells urging users not to delay in implementing these updates. Not only do they patch critical vulnerabilities, but they also enhance overall system performance and usability.

How to Update​

So, how do you get these goodies installed? Here’s a simple guide:

• Open Settings: Click the Start menu and hit the gear icon for Settings.
• Windows Update: Select the 'Windows Update' tab on the sidebar.
• Check for Updates: Click on ‘Check for Updates’ and allow the system to do its thing.
• Restart: Don't forget to restart your computer when prompted to ensure all changes take effect.

For enterprise users, IT administrators are advised to diligently test these updates in a controlled environment before rolling them out universally.

Conclusion​

November 2024's Patch Tuesday represents a crucial leap towards better security for Windows users ever confronted with evolving cyber threats. By addressing critical vulnerabilities and introducing exciting new features, Microsoft is not just patching holes but fortifying the castle walls. So, don’t delay your updates—secure your digital fortress today!

---

Source: Asap Land Asap Land - Instant News Portal

 

[ChatGPT]

Every year, as the holiday season approaches, many of us look forward to festive gatherings, delicious food, and perhaps a few gifts under the tree. However, for security administrators managing Windows environments, the December Patch Tuesday is more like a delivery of coal than a sleigh full of goodies. This month's security update from Microsoft, released on December 10, 2024, brings with it critical vulnerabilities, including a zero-day exploit that is actively being targeted by malicious actors.

A Look at the Highlights​

This December, Microsoft addressed a staggering 71 vulnerabilities, including two that stand out for their severity and implications:

• CVE-2024-49138: An actively exploited zero-day vulnerability with a CVSS score of 7.8, affecting the Windows Common Log File System (CLFS). This flaw is concerning due to its potential to elevate privileges, which can lead to full system control if combined with other vulnerabilities.
• CVE-2024-49112: A critical remote code execution (RCE) vulnerability with a stunning CVSS score of 9.8, affecting the Windows Lightweight Directory Access Protocol (LDAP). It allows attackers to exploit Domain Controllers using crafted LDAP requests.

The Unwrapping: Vulnerabilities Galore​

According to the report, this month’s updates bring the total number of patches for 2024 to 1,020. This marks Microsoft’s second-most prolific patching year since 2020, when they issued 1,250 fixes. Among the updates were fixes for various components including Windows itself, Office applications, SharePoint, and Hyper-V, ensuring a broad sweep of vulnerabilities have been addressed.

Understanding the Zero-Day: CVE-2024-49138​

The latest zero-day vulnerability poses a serious threat as it is under active exploitation. CVE-2024-49138 is rooted in improper data validation in the Windows CLFS. The CLFS is integral for logging operations in both user and kernel modes, meaning an exploit could potentially manipulate log files or corrupt log data, escalating to SYSTEM-level access. This is particularly alarming given that controlling log files can enable further exploits across systems.
Cybersecurity experts point out that ransomware groups have increasingly targeted CLFS vulnerabilities, showcasing a worrying trend where attackers aim for rapid exploits to gain footholds within networks.

The LDAP Landmine: CVE-2024-49112​

Exploring the critical RCE issue, CVE-2024-49112 provides a direct path for attackers to compromise Domain Controllers. This level of access is particularly sensitive, as it controls access to a wide range of resources within an organization's network. Microsoft’s advice to mitigate this vulnerability includes disconnecting Domain Controllers from the Internet — though, as experts note, that isn’t necessarily practical for many enterprises. Ensuring timely patch deployment is vital here.

Hyper-V Under Fire: CVE-2024-49117​

Another critical RCE vulnerability (CVE-2024-49117) was uncovered in Hyper-V, a vital platform for running virtual machines. While the attacker needs basic authentication, the implications could allow code execution from within a guest VM to the host OS — a scenario that organizations must navigate with caution to ensure infrastructure security.

The Broader Threat Landscape​

The month’s patching isn’t all doom and gloom, but it does underscore the ongoing battle against cyber threats. Among the vulnerabilities is an Elevation of Privilege (EoP) vulnerability in the Resilient File System (ReFS), which, without proper checks, can grant attackers broader access within app containers.
Moreover, there’s an RCE vulnerability in an AI research project (CVE-2024-49063) — a reminder that even innovative technologies can be susceptible to exploitation if not properly secured.

Mitigating Risks: Best Practices​

Security administrators are encouraged to implement the following best practices to safeguard their environments, especially in light of these recent updates:

• Promptly Deploy Patches: Prioritize patching critical vulnerabilities as soon as updates are released to minimize exposure.
• Isolate Critical Infrastructure: Where feasible, implement network segmentation, particularly for sensitive services like LDAP and Domain Controllers.
• Review RDP Configurations: Ensure Remote Desktop Protocol services are not exposed unnecessarily to the Internet.
• Monitor Systems Vigilantly: Keep an eye on logs and network activity for unusual behavior that may indicate attempts to exploit these vulnerabilities.

In Conclusion: A Call to Action​

Amidst the holiday cheer, the stark realities of cyber threats continue to challenge organizations globally. Microsoft’s December patching is a crucial reminder that the best gift you can give your organization is a commitment to vigilance and proactive security measures. So this season, while you might indulge in a few holiday treats, don’t forget to prioritize your device’s security.
Every shovelful of patching you undertake today could mean one less lump of coal in your network tomorrow. Stay safe, stay updated, and enjoy a secure holiday season!

---

Source: Dark Reading https://www.darkreading.com/application-security/microsoft-zero-day-critical-rces-patch-tuesday

 

[ChatGPT]

As we wind down 2024, technology companies like Microsoft and Adobe are once again reminding us of the paramount importance of system security with their December Patch Tuesday updates. This month's rollout is not just another routine maintenance check; it highlights an escalating trend of cyber threats and the necessity of staying proactive in defending against them.

Microsoft’s Comprehensive Security Overview​

On December 10, 2024, Microsoft released updates addressing 73 vulnerabilities, of which 16 were classified as critical. Among these fixes was a critical zero-day exploit actively under attack in the wild—an urgent reminder that the cybersecurity landscape is ever-changing. Areas impacted include various Microsoft software, most notably Microsoft Defender for Endpoint, Windows Hyper-V, Windows Remote Desktop, and many others.

Breakdown of Vulnerability Categories​

The vulnerabilities patched this month span across several critical categories, demonstrating the diverse specter of threats facing users today:	Vulnerability Category	Quantity	Severity
Spoofing Vulnerabilities	1	Important: 1
Denial of Service Vulnerabilities	5	Important: 5
Elevation of Privilege Vulnerabilities	27	Important: 27
Information Disclosure Vulnerabilities	7	Important: 7
Remote Code Execution Vulnerabilities	30	Critical: 16, Important: 14

Highlighted Vulnerabilities​

Among the critical vulnerabilities patched include:

• CVE-2024-49138: This pertains to the Windows Common Log File System Driver, which could allow attackers to gain SYSTEM privileges. This vulnerability is particularly dangerous since it was included in the Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities Catalog—urging immediate action for users.
• CVE-2024-49117: A Remote Code Execution (RCE) vulnerability in Windows Hyper-V that could allow an authenticated attacker on a guest VM to execute harmful operations across virtual machines.
• CVE-2024-49124: This RCE vulnerability involves the Lightweight Directory Access Protocol (LDAP) and could be exploited by sending specially crafted requests that execute code with SYSTEM privileges.

These examples underline a critical theme this month: attack vectors exploiting remote code execution and privilege escalation are prevalent, and they underscore the need for prompt updates and vigilance from IT administrators.

Adobe’s Security Measures​

On the Adobe front, the company addressed an impressive 167 vulnerabilities spread across 16 security advisories, primarily focusing on Adobe Experience Manager, Acrobat, Reader, and Photoshop, among others.
Of these vulnerabilities, 46 were deemed critical, potentially leading to dire outcomes like memory leaks or arbitrary code execution. Similar to Microsoft, Adobe's updates emphasize the critical nature of patch application to prevent potential exploits that can severely compromise systems.

The Ongoing Threat Landscape​

With the cyber threat landscape growing more complex and hazardous, December's Patch Tuesday serves not only as an alert regarding specific vulnerabilities but also as a broader reminder of the importance of staying updated.
For Windows users, consistent updates from Microsoft and Adobe are crucial in maintaining security hygiene. The sharing of vulnerabilities via advisories helps users prioritize which updates to apply based on the critical nature of the threats they may face.
Mitigation Strategies
In response to the vulnerabilities such as CVE-2024-49112—an LDAP Remote Code Execution vulnerability—Microsoft recommends several mitigative actions. Key among them include network configurations that restrict unauthorized access, particularly on domain controllers.
Consider employing these commands:

[HEADING=1]Block All Outbound Traffic[/HEADING]
netsh advfirewall firewall add rule name="Block All Outbound" dir=out action=block
[HEADING=1]Block RPC Inbound Traffic[/HEADING]
netsh advfirewall firewall add rule name="Block RPC Inbound" dir=in action=block protocol=TCP localport=135

These measures can help reinforce defenses until the patches are fully applied.

Conclusion and Looking Ahead​

As we wrap up 2024, the security updates from Microsoft and Adobe remind us that vigilance is necessary in the face of growing threats. The next Patch Tuesday will arrive on January 14, 2025, but the take-home message today is clear: assessments, updates, and mitigations must remain front and center in your cybersecurity efforts.
Stay tuned, stay safe, and ensure your systems are patched up—because in the world of cybersecurity, it's better to be safe than sorry!

---

Source: Qualys Security Blog Microsoft and Adobe Patch Tuesday, December 2024 Security Update Review | Qualys Security Blog

 

[ChatGPT]

On December 12, 2024, Microsoft rolled out its final Patch Tuesday update for the year, addressing a significant wave of security vulnerabilities that could potentially threaten the integrity and safety of Windows 11 users. This update is by no means a small affair; it covers a staggering 72 newly discovered security flaws, contributing to a total of 1,088 vulnerabilities patched throughout 2024.

A Breakdown of This Patch​

Types of Vulnerabilities​

The latest update includes fixes classified as follows:

• 17 Critical vulnerabilities
• 54 Important vulnerabilities
• 1 Moderate vulnerability

What does this mean for you? Critical vulnerabilities pose an immediate risk and can lead to severe consequences if exploited. In fact, among the 72 flaws, 31 flaws allow remote code execution, enabling attackers to run their code, while 27 flaws elevate privileges, granting malicious actors unauthorized access to users' systems and data.

Noteworthy Vulnerabilities​

Two vulnerabilities in particular are drawing considerable attention:

• CVE-2024-49138 - Found in the Windows Common Log File System (CLFS) Driver, this vulnerability is particularly alarming as it allows attackers to gain elevated access privileges. What makes this even more concerning is the fact that it is currently being actively exploited, boasting a CVSS score of 7.8, which indicates a high level of severity.
• CVE-2024-49112 - This critical flaw associated with the Windows Lightweight Directory Access Protocol (LDAP) could facilitate remote code execution. It carries an even more alarming CVSS score of 9.8, putting it at the highest spectrum of severity.

In addition to these, other vulnerabilities exist within Windows Hyper-V, the Remote Desktop Client, and Microsoft Music, showcasing a pervasive issue that requires immediate attention.

Enhanced Security Measures​

In response to these vulnerabilities, Microsoft is implementing significant changes to bolster system security. For example:

• Hash-based Message Authentication Codes (HMAC) are now being integrated into log files, creating an additional layer of protection.
• The company is phasing out NTLM in favor of the more secure Kerberos protocol and will enable Extended Protection for Authentication by default. This move is designed to thwart NTLM relay attacks, which have been a persistent concern in the cybersecurity landscape.

What You Should Do​

For all Windows 11 users and system administrators, the message is clear: apply these patches as soon as possible. Failure to do so could leave your systems exposed to potential exploitations that could wreak havoc on your digital life.

Quick Steps to Apply Updates:​

• Open Settings: Press Win + I.
• Click on Update & Security.
• Choose Windows Update and select Check for updates.
• Install any available updates.

Make it a habit to regularly check for updates and ensure that your system is well-patched against known vulnerabilities.

Understanding Broader Implications​

This robust response from Microsoft is part of a broader battle against cyber threats that are continuously evolving. The frequency and severity of vulnerabilities patched this year indicate a persistent issue that Windows users face daily.
By addressing these vulnerabilities and refining security protocols, Microsoft not only protects individual users but fortifies the entire ecosystem against widespread cyberattacks. This is more critical than ever as cybercriminals become increasingly sophisticated in their methods of exploitation.
In conclusion, staying proactive about applying security updates and understanding the importance of system security is essential. We find ourselves in a digital era where threats lurk at every turn, making vigilance crucial in maintaining a secure computing environment.
As always, stay informed and secure, and share your thoughts or questions about these updates in the comments below. How have you been impacted by security updates in the past? Have you encountered any issues during installations? Let’s discuss!

---

Source: ExtremeTech Microsoft Addresses 72 New Security Flaws in Windows 11 With Latest Patch