Microsoft fixed 91 vulnerabilities in November while 117 were fixed last month. According to the Zero Day Initiative (ZDI), the year 2024 is the second in terms of fixes for the Redmond firm. In total, 949 CVEs were addressed even before the December updates.
While Microsoft teams are working on Windows 12, flaws are also in the Redmond firm's sights. Of the 91 flaws fixed in November, hoping that the update does not add new bugs, two were exploited by pirates. Fortunately, the Tuesday Nov 2024 Patch addresses vulnerabilities.
What flaws are fixed by the Tuesday Nov 2024 Patch?
The first flaw, CVE-2024-43451, allows hackers to carry out a spoofing attack that reveals the NTLMv2 hash of targeted users. Satnam Narang, senior research engineer at Tenable, says this is the third such vulnerability exploited in 2024. very dangerous since it allows hackers to authenticate on systems via the technique of “pass-the-hash” and move laterally in a network.
This is the windows task scheduler which is targeted by the exploitation of the CVE-2024-49039 flaw. The hacker must first be authenticated before opening a malicious application remotely that allows them to elevate their privileges and execute code. Particularly via remote procedure calls.
Among the fixes, on note deux zero-day. The first is CVE-2024-49019 which concerns Active Directory Certificate Services privilege escalations. The second, CVE-2024-49040, is related to a spoofing vulnerability in Microsoft Exchange Server.
Several other critical flaws are fixed by Microsoft: CVE-2024-43639 (remote code execution in Kerberos) and CVE-2024-43625 (elevation of privilege in VMSwitch). Another very dangerous vulnerability, with a CVSS score of 9.9, has been fixed: CVE-2024-43602, a remote execution vulnerability in Azure CycleCloud. Satnam Narang notes that the flaw allowed an attacker with minimal permissions to gain root privileges by simply sending a request modifying a vulnerable CycleCloud cluster.
