2 Zero-Day Bugs in Microsoft’s Nov. Update Under Active Exploit

2 Zero-Day Bugs in Microsoft's Nov. Update Under Active Exploit

November 12, 2024 at 05:45PM

Microsoft’s November security update addresses 89 vulnerabilities, including four zero-day bugs actively exploited by attackers. Among these, CVE-2024-43451 allows unauthorized access to NTLMv2 hashes, while CVE-2024-49039 enables privilege escalation. Microsoft also adopted the Common Security Advisory Framework (CSAF) to improve vulnerability disclosure.

### Meeting Takeaways:

1. **Vulnerability Update**:
– Microsoft has addressed four zero-day vulnerabilities, two of which are actively being exploited by attackers.
– CVEs in focus:
– **CVE-2024-43451** (CVSS 6.5): NTLMv2 hash disclosure allowing unauthorized access.
– **CVE-2024-49039** (CVSS 8.8): Elevation of privilege through Windows Task Scheduler.

2. **Publicly Disclosed but Unexploited Zero-Days**:
– **CVE-2024-49019** (CVSS 7.8): Elevation of privilege vulnerability in Active Directory Certificate Services.
– **CVE-2024-49040** (CVSS 7.5): Spoofing flaw in Windows Exchange Server can lead to spear phishing attacks.

3. **Microsoft’s Adoption of CSAF**:
– Microsoft has adopted the Common Security Advisory Framework (CSAF) standard for machine-readable vulnerability disclosures, aimed at improving response and remediation processes.

4. **RCE Vulnerabilities**:
– A significant portion of the November update (52 out of 89 vulnerabilities) consists of Remote Code Execution (RCE) vulnerabilities, particularly affecting MS SQL Server and other software.
– Notable critical RCEs include:
– **CVE-2024-43639** (CVSS 9.8): Kerberos vulnerability allowing unauthenticated remote exploitation.
– **CVE-2024-49050** (CVSS 8.8): RCE within Visual Studio Code Python Extension, which has 139 million downloads.

5. **Recommendations**:
– Organizations are urged to prioritize patching vulnerabilities, particularly those assessed as highly exploitable, such as:
– **CVE-2024-43498** (CVSS 9.8): RCE in .NET and Visual Studio.
– **CVE-2024-49019** (CVSS 7.8): Active Directory elevation of privilege.
– **CVE-2024-49033** (CVSS 7.5): Microsoft Word security bypass.

6. **General Observations**:
– Attackers are persistently targeting vulnerabilities that can disclose sensitive information, such as NTLMv2 hashes.
– The security community acknowledges Microsoft’s new CSAF adoption as a positive step in enhancing overall security measures.

7. **Event Reminder**:
– A virtual event titled “Know Your Enemy: Understanding Cybercriminals and Nation-State Threat Actors” is scheduled for November 14, featuring discussions on various security topics and expert speakers.

These points summarize critical vulnerabilities, security responses, and recommendations for proactive measures in maintaining cybersecurity.

Full Article