In a sweeping update that may cause both anxiety and relief for Windows users, Microsoft has announced it has patched 89 new Common Vulnerabilities and Exposures (CVEs) during the November Patch Tuesday—marking a critical phase in the company’s security response as 2024 draws to a close. This update is especially significant given that among these vulnerabilities, several are categorized as critical and one stands out as a full-fledged zero-day exploit.
According to Microsoft, successful exploitation of this flaw could lead to what is essentially a total breach of confidentiality. The risk arises when users unwittingly interact with malicious files, potentially simply by clicking on them. As Mike Walters, president at Action1, elaborates, this vulnerability puts NTLMv2 hashes—crucial pieces of identity verification—into the hands of attackers. If they are successful, the stakes are high, as attackers could authenticate as the user and extend their reach within networks.
So, are you ready to roll up your sleeves and tackle these updates? Dive in before the cyber wolves come knocking!
Source: Computer Weekly Microsoft fixes 89 CVEs on penultimate Patch Tuesday of 2024
A Closer Look at the Vulnerabilities
The Notorious NTLM Spoofing Threat
One of the top-tier concerns—and practically a poster child for outdated protocols—is CVE-2024-43451, a spoofing vulnerability in NTLM (New Technology LAN Manager) Hash. This ancient authentication protocol, once a staple of Windows identity verification, is now a relic that even Microsoft has been urging users to abandon for over a decade. Unfortunately, it seems to linger like a bad smell.According to Microsoft, successful exploitation of this flaw could lead to what is essentially a total breach of confidentiality. The risk arises when users unwittingly interact with malicious files, potentially simply by clicking on them. As Mike Walters, president at Action1, elaborates, this vulnerability puts NTLMv2 hashes—crucial pieces of identity verification—into the hands of attackers. If they are successful, the stakes are high, as attackers could authenticate as the user and extend their reach within networks.
Windows Task Scheduler Elevation of Privilege
Another key vulnerability to be aware of is CVE-2024-49309, an elevation of privilege (EoP) flaw tied to the Windows Task Scheduler. This vulnerability can permit low-privileged attackers to gain administrative access to systems through malicious apps, making it a gateway for further exploitation within corporate environments where shared accounts and automated tasks are common occurrences.Other Noteworthy Vulnerabilities
The November update also includes other vulnerabilities that, while not currently exploited, hold potential risks:- CVE-2024-49019: Concerns a similar EoP vulnerability in Active Directory Certificate Services. Given its ability to confer domain administrator privileges if exploited, this vulnerability should be treated with high priority, despite its “Important” rating.
- CVE-2024-49040: This vulnerability affects Microsoft Exchange Server and is rated as significant because Exchange is often a prime target for cybercriminals. With a CVSS score of 7.5, it is advisable for IT teams to address this risk proactively.
- Additionally, the update addresses issues in OpenSSL, .NET, and Windows Kerberos, all of which can pose serious concerns depending on the nature of your organization's operations.
What Should Users Do Now?
Prioritize Your Patch Management
In light of these vulnerabilities, prioritizing patch management and establishing rigorous update protocols becomes essential. IT professionals should:- Assess Vulnerability Impact: Determine which systems and applications could potentially be affected by these patches, especially if NTLM is still in use.
- Implement User Training: Invest in training programs to educate users on the risks associated with malicious files, especially in environments where NTLM is still being utilized.
- Monitor for Unusual Activity: Employ monitoring solutions to detect anomalies in file interactions that could indicate exploitation attempts.
Conclusion
With Microsoft proactively patching these worrying vulnerabilities, now is the time for Windows users to ensure their systems are up-to-date. The evolving landscape of cybersecurity threats means that staying educated and vigilant can make a world of difference. Remember, while some of these vulnerabilities may seem low-impact based on their scoring, the context of your environment can certainly alter their risk profile.So, are you ready to roll up your sleeves and tackle these updates? Dive in before the cyber wolves come knocking!
Source: Computer Weekly Microsoft fixes 89 CVEs on penultimate Patch Tuesday of 2024
