The Register: Admins can give thanks this November for dollops of Microsoft patches

Source URL: https://www.theregister.com/2024/11/13/november_patch_tuesday/
Source: The Register
Title: Admins can give thanks this November for dollops of Microsoft patches

Feedly Summary: Don’t be a turkey – get these fixed
Patch Tuesday Patch Tuesday has swung around again, and Microsoft has released fixes for 89 CVE-listed security flaws in its products – including two under active attack – and reissued three more.…

AI Summary and Description: Yes

Summary: Microsoft’s recent Patch Tuesday release addresses 89 security vulnerabilities across its products, including critical flaws that allow privilege escalation and remote code execution. The report highlights the ongoing exploitation of zero-day vulnerabilities, with notable entries from CISA detailing trends and concerns within the cybersecurity landscape, especially regarding Microsoft’s vulnerabilities.

Detailed Description:
The latest Patch Tuesday from Microsoft has brought to light numerous security vulnerabilities that pose serious threats to users and systems. Here are the key points regarding the disclosed vulnerabilities:

– **Critical Vulnerabilities**:
– **CVE-2024-49039**: A CVSS score of 8.8 indicates a privilege escalation flaw in the Windows Task Scheduler that can be exploited through a low-privilege AppContainer. Attackers who gain initial access can manipulate system settings and potentially create new users.
– **CVE-2024-43451**: Rated at 6.5, this NTLM code spoofing flaw could allow an attacker to impersonate a victim by acquiring their NTLMv2 hash with minimal user interaction.
– **CVE-2024-43602**: This vulnerability (CVSS 9.9) affects Azure CycleCloud, allowing remote code execution through malicious configuration requests.
– **CVE-2024-43498** and **CVE-2024-43639**: Both have a CVSS score of 9.8, with risks tied to .NET/Visual Studio and Windows Kerberos, respectively, enabling either webapp exploitation or remote code execution.

– **CISA Updates**:
– The US government’s CISA has included several of these vulnerabilities in its Known Exploited Vulnerabilities Catalog, emphasizing the need for immediate attention and patching.
– CISA reported an increase in the exploitation of zero-day vulnerabilities, noting a trend where most commonly exploited flaws in 2023 were zero-day issues, a significant rise from previous years.

– **Industry Trends**:
– Cyber actors are increasingly targeting vulnerabilities soon after their public disclosure, typically within two years of announcement.
– The decreasing utility of zero-day vulnerabilities over time is noted, as systems are updated and patched, reducing the attackers’ options.

– **Other Patch Releases**: Alongside Microsoft, other tech giants like Citrix, Intel, AMD, and Adobe have also released patches for various vulnerabilities across their products, highlighting the widespread nature of cybersecurity threats.

This information is critical for security professionals, as it underscores the urgency of applying patches, monitoring for exploitations, and staying informed about the changing landscape of vulnerabilities amid ongoing cyber threats. Emphasizing a proactive approach to patch management and vulnerability remediation can significantly bolster the security posture of organizations.