Microsoft’s November 2024 Patch Tuesday addresses a total of 88 vulnerabilities and includes one advisory, marking a slight reduction in volume from October. This month’s patch cycle fixes four critical vulnerabilities and resolves two zero-days, with one zero-day disclosed alongside a proof of concept (PoC). PoCs have been developed for two additional vulnerabilities, though they have not yet been actively exploited.
The vulnerabilities addressed in this month’s updates include:
- 28 Elevation of Privilege (EoP) vulnerabilities
- 43 Remote Code Execution (RCE) vulnerabilities
- 6 Information Disclosure vulnerabilities
- 26 Denial of Service (DoS) vulnerabilities
- 7 Security Feature Bypass vulnerabilities
- 7 Spoofing vulnerabilities
These totals exclude three Edge-related vulnerabilities, which were patched earlier on October 3rd. For non-security updates, administrators can review cumulative updates for Windows 11 (KB5044284 and KB5044285) and Windows 10 (KB5044273).
Zero-Day Vulnerabilities
Two zero-days were resolved this month, one of which was actively exploited. Details of these zero-day vulnerabilities are as follows:
CVE-2024-43451 | NTLM Hash Disclosure Spoofing Vulnerability
Affects: NTLM Authentication in Microsoft Windows This vulnerability stems from improper handling of NTLM hashes, specifically NTLMv2, allowing attackers to obtain hash values via a maliciously crafted file. Attackers can exploit this by deceiving users into minimal interaction, such as right-clicking or opening the file, which then exposes NTLMv2 hashes without full file execution. This vulnerability, rated at a CVSS score of 6.5, is particularly impactful in environments using MSHTML and EdgeHTML platforms, and is effectively exploited in phishing attacks.
CVE-2024-49039 | Windows Task Scheduler Elevation of Privilege Vulnerability
Affects: Windows Task Scheduler This vulnerability allows attackers to bypass authentication mechanisms in the Windows Task Scheduler under certain conditions, enabling privilege escalation. Classified under CWE-287, it affects systems where the Task Scheduler service is widely used for automation. Attackers leveraging this flaw can elevate privileges from low-level user accounts, granting them access to typically restricted Remote Procedure Call (RPC) functions. The vulnerability holds a high CVSS score of 8.8, reflecting its significant threat level.
Other Critical Vulnerabilities
CVE-2024-49019 | Active Directory Certificate Services Elevation of Privilege Vulnerability
Affects: Active Directory Certificate Services (AD CS) This vulnerability impacts systems with version 1 certificate templates where overly broad ‘Enroll’ permissions are combined with certificates set to “Supplied in the request.” Attackers exploiting this flaw can manipulate certificate requests to gain domain administrator privileges, significantly endangering systems utilizing Active Directory. This vulnerability holds a CVSS score of 7.8, signaling a high risk in enterprise environments with complex certificate configurations.
CVE-2024-49040 | Microsoft Exchange Server Spoofing Vulnerability
Affects: Microsoft Exchange Server This flaw permits attackers to manipulate the P2 FROM header in email, allowing for sender spoofing. Exploitation could enable phishing attacks by deceiving users into downloading malicious content or revealing sensitive data. Rated at a CVSS score of 7.5, the vulnerability poses a substantial risk to organizations dependent on Exchange for communications, especially in high-stakes industries such as finance and healthcare.
Vendor Updates: Adobe, Cisco, Apple, and More
Adobe: Multiple products were updated, including:
- Adobe Acrobat and Reader: Addressed four vulnerabilities, two of which are critical RCE flaws.
- Adobe Photoshop: Fixed memory corruption issues that could lead to RCE.
Cisco: Notable updates include patches for:
- ASA and FTD: A DoS vulnerability (CVE-2024-20481) in Remote Access VPN service, part of a brute-force campaign targeting VPN services across multiple vendors.
Apple: Addressed 70+ vulnerabilities in iOS 18 and macOS Sequoia 15, focusing on issues ranging from information disclosure to heap corruption.
Best Practice for Users
To protect systems against this month’s vulnerabilities, it’s advised that users apply the November 2024 Patch Tuesday updates immediately. Prioritizing patches for critical flaws, especially the actively exploited zero-days, will help prevent potential exploitation. For more details, consult Microsoft’s security release documentation or contact IT support teams to ensure robust protection across networks.
How Can Netizen Help?
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.
Questions or concerns? Feel free to reach out to us any time –
https://www.netizen.net/contact
