Krebs on Security: Microsoft Patch Tuesday, November 2024 Edition

Source URL: https://krebsonsecurity.com/2024/11/microsoft-patch-tuesday-november-2024-edition/
Source: Krebs on Security
Title: Microsoft Patch Tuesday, November 2024 Edition

Feedly Summary: Microsoft today released updates to plug at least 89 security holes in its Windows operating systems and other software. November’s patch batch includes fixes for two zero-day vulnerabilities that are already being exploited by attackers, as well as two other flaws that were publicly disclosed prior to today.

AI Summary and Description: Yes

**Summary:** Microsoft has released critical patches for 89 security vulnerabilities, including two zero-day flaws currently being exploited. Notable vulnerabilities affect Windows authentication protocols and systems, posing significant risks for enterprises. The findings underscore the urgency for cybersecurity professionals to proactively address these vulnerabilities to protect their networks.

**Detailed Description:**
Microsoft’s recent patch release addresses several critical security vulnerabilities in its operating systems and software, emphasizing the ongoing challenges organizations face in safeguarding their networks against evolving threats. With at least 89 vulnerabilities patched, professionals in security, privacy, and compliance should note the following key points:

– **Zero-Day Vulnerabilities:**
– **CVE-2024-49039**: A significant flaw in the Windows Task Scheduler allows attackers to escalate privileges.
– **CVE-2024-43451**: A spoofing flaw that could disclose Net-NTLMv2 hashes used for authentication is actively being exploited. The risk involves “pass-the-hash” attacks where an attacker impersonates a user without needing their password.

– **Publicly Disclosed Vulnerabilities:**
– **CVE-2024-49019**: An elevation of privilege vulnerability in Active Directory Certificate Services.
– **CVE-2024-49040**: A spoofing flaw associated with Microsoft Exchange Server.
– **CVE-2024-43602**: A remote code execution vulnerability in Windows Kerberos, critical due to its significance in enterprise network authentication.
– **CVE-2024-43498**: A remote code execution flaw in .NET and Visual Studio, rated 9.8 on the CVSS scale, indicating very high risk.

– **Database Security Concerns:**
– At least 29 updates focus on memory-related security issues in SQL server. The vulnerabilities are exploitable if authenticated users connect to malicious or compromised SQL databases, highlighting the importance of stringent access controls.

– **Recommendations for Security Professionals:**
– **Stay Informed:** Cybersecurity teams must keep up with vendor announcements and assessment reports regarding vulnerabilities.
– **Patch Management:** Regular updates and patch management processes must be in place to mitigate risks associated with known vulnerabilities.
– **Proactive Monitoring:** Continuous monitoring and threat intelligence can help identify potential exploits related to these vulnerabilities.

Overall, these patches reflect critical efforts in maintaining the security integrity of Windows environments, but they also highlight the persistent threat posed by zero-day vulnerabilities and exploitation techniques that attackers continue to uncover. As organizations navigate these threats, implementing a robust security posture is essential for protecting sensitive infrastructure.