November 2024 Patch Tuesday comes with fixes for 89 vulnerabilities including 4 zero-days

November 2024 Patch Tuesday comes with fixes for 89 vulnerabilities including 4 zero-days

Hey folks, 

Microsoft's November 2024 Patch Tuesday has released updates for the four following zero-days:

1) CVE-2024-43451

Vulnerable component: Windows NTLM

Impact: Spoofing

CVSS 3.1: 6.5

This critical zero-day vulnerability enables attackers to capture a user's NTLMv2 hash with minimal user interaction. This presents a security risk as it could allow unauthorized access to network resources. By simply selecting or right-clicking a malicious file, users may expose their NTLMv2 hash which could be used by an attacker to exploit for unauthorized authentication.

 

Speaking of the mitigation, Microsoft has issued an essential security patch to address this flaw, and users are strongly prompted to apply the latest patches/updates immediately. Enterprises and organizations should also educate the end users on the risks of interacting with unsolicited files.

 

This vulnerability has been publicly disclosed and is being actively exploited.

 

2) CVE-2024-49039

Vulnerable component: Windows Task Scheduler

Impact: Elevation of Privilege

CVSS 3.1: 8.8

This zero-day vulnerability allows attackers to execute unauthorized code or gain access to resources at a higher privilege level than what’s typically allowed in a low-privilege AppContainer environment.

 

Threat actors can exploit this vulnerability to escalate privileges, permitting them to perform Remote Procedure Call functions which are normally restricted to privileged accounts and affect the Windows systems that rely on Task Scheduler.

 

This vulnerability is being actively exploited.

3) CVE-2024-49040

Vulnerable component: Microsoft Exchange Server
  

Impact: Spoofing

CVSS 3.1: 7.5

While Microsoft is aware of this vulnerability, much has not yet been released in the MSRC blog. However, they have released additional information about the steps to be performed or actions to be taken after the update.

This vulnerability has been publicly disclosed.

4) CVE-2024-49019

Vulnerable component: Windows Active Directory Certificate Services

Impact: Elevation of privilege


CVSS 3.1: 7.8

This zero-day is commonly referred to as ESC15 or "EKUwu." By leveraging this vulnerability, attackers can exploit misconfigurations within certificate templates. This would potentially lead to unauthorized access and privilege escalation in the affected systems. By manipulating the Enhanced Key Usage (EKU) extensions, threat actors can also obtain certificates, providing them with elevated privileges.

This vulnerability has been publicly disclosed.

Republished CVE IDs

Besides the vulnerabilities fixed in this month’s Patch Tuesday, Microsoft has also republished four CVE IDs. These are as follows:


Note: A detailed blog regarding the Patch Tuesday updates for November 2024 will be posted shortly.

Cheers,
The ManageEngine Team

                New to ADSelfService Plus?