Microsoft<\/strong> today released updates to plug at least 89 security holes in its Windows<\/strong> operating systems and other software. November\u2019s patch batch includes fixes for two zero-day vulnerabilities that are already being exploited by attackers, as well as two other flaws that were publicly disclosed prior to today.<\/p>\n The zero-day flaw tracked as CVE-2024-49039<\/a> is a bug in the Windows Task Scheduler<\/strong> that allows an attacker to increase their privileges on a Windows machine. Microsoft credits Google\u2019s Threat Analysis Group<\/strong> with reporting the flaw.<\/p>\n The second bug fixed this month that is already seeing in-the-wild exploitation is CVE-2024-43451<\/a>, a spoofing flaw that could reveal\u00a0Net-NTLMv2 hashes<\/a>, which are used for authentication in Windows environments.<\/p>\n Satnam Narang<\/strong>, senior staff research engineer at Tenable<\/strong>, says the danger with stolen NTLM hashes is that they enable so-called \u201cpass-the-hash\u201d attacks, which let an attacker masquerade as a legitimate user without ever having to log in or know the user\u2019s password. Narang notes that CVE-2024-43451 is the third NTLM zero-day so far this year.<\/p>\n \u201cAttackers continue to be adamant about discovering and exploiting zero-day vulnerabilities that can disclose NTLMv2 hashes, as they can be used to authenticate to systems and potentially move laterally within a network to access other systems,\u201d Narang said.<\/span><\/p>\n The two other publicly disclosed weaknesses Microsoft patched this month are CVE-2024-49019<\/a>, an elevation of privilege flaw in Active Directory Certificate Services<\/strong> (AD CS); and CVE-2024-49040<\/a>, a spoofing vulnerability in Microsoft Exchange Server<\/strong>.<\/p>\n Ben McCarthy<\/strong>, lead cybersecurity engineer at Immersive Labs<\/strong>, called special attention to CVE-2024-43639<\/a>, a remote code execution vulnerability in Windows Kerberos<\/strong>, the authentication protocol that is heavily used in Windows domain networks.<\/p>\n \u201cThis is one of the most threatening CVEs from this patch release,\u201d McCarthy said. \u201cWindows domains are used in the majority of enterprise networks, and by taking advantage of a cryptographic protocol vulnerability, an attacker can perform privileged acts on a remote machine within the network, potentially giving them eventual access to the domain controller, which is the goal for many attackers when attacking a domain.\u201d<\/p>\n McCarthy also pointed to CVE-2024-43498<\/a>, a remote code execution flaw in .NET<\/strong> and Visual Studio<\/strong> that could be used to install malware. This bug has earned a CVSS severity rating of 9.8 (10 is the worst).<\/p>\n Finally, at least 29 of the updates released today tackle memory-related security issues involving SQL server<\/strong>, each of which earned a threat score of 8.8. Any one of these bugs could be used to install malware if an authenticated user connects to a malicious or hacked SQL database server.<\/p>\n For a more detailed breakdown of today\u2019s patches from Microsoft, check out the SANS Internet Storm Center\u2019s list<\/a>. For administrators in charge of managing larger Windows environments, it pays to keep an eye on Askwoody.com<\/a>, which frequently points out when specific Microsoft updates are creating problems for a number of users.<\/p>\n As always, if you experience any problems applying any of these updates, consider dropping a note about it in the comments; chances are excellent that someone else reading here has experienced the same issue, and maybe even has found a solution.<\/p>\n<\/div>\n![\"\"](\"https:\/\/i0.wp.com\/krebsonsecurity.com\/wp-content\/uploads\/2021\/07\/windupate.png?resize=749%2C527&ssl=1\")
<\/p>\n