Vulnerable component: Windows NTLM
Impact: Spoofing
CVSS 3.1: 6.5
This critical zero-day vulnerability enables attackers to capture a user's NTLMv2 hash with minimal user interaction. This presents a security risk as it could allow unauthorized access to network resources. By simply selecting or right-clicking a malicious file, users may expose their NTLMv2 hash which could be used by an attacker to exploit for unauthorized authentication.
Speaking of the mitigation, Microsoft has issued an essential security patch to address this flaw, and users are strongly prompted to apply the latest patches/updates immediately. Enterprises and organizations should also educate the end users on the risks of interacting with unsolicited files.
This vulnerability has been publicly disclosed and is being actively exploited.
Vulnerable component: Windows Task Scheduler
Impact: Elevation of Privilege
CVSS 3.1: 8.8
This zero-day vulnerability allows attackers to execute unauthorized code or gain access to resources at a higher privilege level than what’s typically allowed in a low-privilege AppContainer environment.
Threat actors can exploit this vulnerability to escalate privileges, permitting them to perform Remote Procedure Call functions which are normally restricted to privileged accounts and affect the Windows systems that rely on Task Scheduler.
This vulnerability is being actively exploited.
3) CVE-2024-49040
Vulnerable component: Microsoft Exchange Server
Impact: Spoofing
CVSS 3.1: 7.5
While Microsoft is aware of this vulnerability, much has not yet been released in the MSRC blog. However, they have released additional information about the steps to be performed or actions to be taken after the update.
This vulnerability has been publicly disclosed.
4) CVE-2024-49019
Vulnerable component: Windows Active Directory Certificate Services
Impact: Elevation of privilege
CVSS 3.1: 7.8
This zero-day is commonly referred to as ESC15 or "EKUwu." By leveraging this vulnerability, attackers can exploit misconfigurations within certificate templates. This would potentially lead to unauthorized access and privilege escalation in the affected systems. By manipulating the Enhanced Key Usage (EKU) extensions, threat actors can also obtain certificates, providing them with elevated privileges.
This vulnerability has been publicly disclosed.
Besides the vulnerabilities fixed in this month’s Patch Tuesday, Microsoft has also republished four CVE IDs. These are as follows: