November 13, 2024 at 07:15AM
Microsoft’s November 2024 Patch Tuesday addressed 90 security flaws, including two actively exploited vulnerabilities in Windows NTLM and Task Scheduler. Notably, CVE-2024-43451 affects NTLMv2 hash disclosure, while CVE-2024-49039 allows privilege escalation. The update also highlights critical vulnerabilities in Azure CycleCloud and .NET, alongside adopting CSAF for improved vulnerability reporting.
**Meeting Takeaways – November 13, 2024**
1. **Active Exploitation of Vulnerabilities**:
– Microsoft has identified two vulnerabilities under active exploitation:
– **CVE-2024-43451** (NTLM Hash Disclosure, CVSS score: 6.5)
– **CVE-2024-49039** (Task Scheduler Elevation of Privilege, CVSS score: 8.8)
2. **Patch Tuesday Update**:
– Microsoft addressed a total of **90 security vulnerabilities**:
– 4 rated as **Critical**
– 85 rated as **Important**
– 1 rated as **Moderate**
– Notably, **52 vulnerabilities** are related to remote code execution.
3. **Previous Vulnerabilities and Ongoing Threats**:
– CVE-2024-43451 is the third vulnerability this year allowing NTLMv2 hash disclosures, highlighting a trend of exploitation in this area.
– CVE-2024-49039 requires an authenticated attacker to exploit, indicating the need for user protection against credential theft.
4. **Newly Discovered Flaws**:
– **CVE-2024-49019** (CVSS score: 7.8) is a zero-day vulnerability related to Active Directory Certificate Services.
– **CVE-2024-43498** and **CVE-2024-43639** have been noted for their critical remote code execution implications, both rated at CVSS scores of 9.8.
– **CVE-2024-43602**, with a CVSS score of 9.9, poses significant risks through Azure CycleCloud, emphasizing the vulnerabilities of cloud resources.
5. **OpenSSL Flaw**:
– A remote code execution flaw in OpenSSL (CVE-2024-5535, CVSS score: 9.1) was also patched, emphasizing the attack vectors through email and messaging.
6. **Common Security Advisory Framework (CSAF)**:
– Microsoft has adopted the CSAF standard for machine-readable vulnerability disclosures to improve response and remediation efforts across its products.
7. **Additional Software Patches**:
– Other software vendors have also released updates to address various vulnerabilities in recent weeks.
**Next Steps**:
– IT teams should prioritize patching the identified vulnerabilities, especially those marked as critical and under active exploitation, and continue to educate users about potential phishing attacks that could exploit these flaws.