November 12, 2024 at 08:32PM
Microsoft’s recent Patch Tuesday update addressed 89 security flaws, including two under active attack. Vulnerabilities CVE-2024-49039 and CVE-2024-43451 enable privilege escalation and account impersonation, respectively. Additionally, severe flaws in Azure and .NET products could lead to remote code execution. CISA highlighted an increase in zero-day exploitations throughout 2023.
### Meeting Takeaways
1. **Patch Tuesday Overview**:
– Microsoft released fixes for **89 CVE-listed security flaws**, including two actively exploited vulnerabilities.
2. **Key Vulnerabilities**:
– **CVE-2024-49039**:
– **Type**: Privilege escalation via Windows Task Scheduler
– **CVSS**: 8.8
– **Details**: Can be exploited by a low-privilege AppContainer; allows unauthorized execution of RPC functions.
– **CVE-2024-43451**:
– **Type**: Spoofing vulnerability in NTLM code
– **CVSS**: 6.5
– **Details**: Minimal user interaction could exploit the flaw to obtain NTLMv2 hashes for impersonation.
– **CVE-2024-43602**:
– **Type**: Remote code execution in Azure CycleCloud
– **CVSS**: 9.9
– **Details**: Allows modification of CycleCloud cluster configurations.
– **CVE-2024-43498**:
– **Type**: Vulnerability in .NET and Visual Studio
– **CVSS**: 9.8
– **Details**: Can be exploited via malicious requests to web apps or files in desktop apps.
– **CVE-2024-43639**:
– **Type**: Vulnerability in Windows Kerberos
– **CVSS**: 9.8
– **Details**: Remote code execution through cryptographic protocol exploitation.
3. **CISA Insights**:
– The U.S. CISA has added newly addressed issues to its Known Exploited Vulnerabilities Catalog, including the aforementioned vulnerabilities and other historical vulnerabilities in Atlassian and Cisco products.
– Notable statistics were shared about the increase in exploited zero-day vulnerabilities in 2023 compared to 2022, emphasizing the heightened importance of timely patching.
4. **Recent Activity from Other Companies**:
– **Citrix**: Released patches for flaws in NetScaler ADC and Gateway.
– **Intel**: Issued **47 patches** for supported processors.
– **AMD**: Released **8 security patches**.
– **Adobe**: Launched a patch bundle with nearly **50 fixes** across multiple applications.
5. **Action Points**:
– Organizations should prioritize patching the listed vulnerabilities to mitigate potential risks before significant events (e.g., holidays) affect IT support capabilities.