Microsoft Releases November Security Update Addressing 89 Vulnerabilities
/ 3 min read
Quick take - Microsoft’s November security update addresses 89 vulnerabilities, including four zero-day vulnerabilities, with a focus on remote code execution flaws and recommendations for mitigating risks associated with specific vulnerabilities.
Fast Facts
- Microsoft’s November security update addresses 89 CVEs, including four zero-day vulnerabilities, two of which are actively exploited.
- Key vulnerabilities include CVE-2024-43451, which discloses NTLMv2 hashes, and CVE-2024-49039, allowing privilege escalation via the Windows Task Scheduler.
- Approximately 60% of the vulnerabilities are remote code execution (RCE) flaws, with CVE-2024-43639 rated 9.8 on the CVSS scale for its high severity.
- Microsoft has identified eight vulnerabilities as more likely to be exploited, including issues in Active Directory and Windows Exchange Server.
- The company has adopted the Common Security Advisory Framework (CSAF) to enhance its vulnerability disclosure process, aiding organizations in threat response.
Microsoft November Security Update
Microsoft has released its November security update, addressing a total of 89 common vulnerabilities and exposures (CVEs). Among these, four zero-day vulnerabilities have been identified, with two currently under active exploitation.
Key Vulnerabilities Addressed
The update highlights a significant presence of remote code execution (RCE) flaws. Other types of vulnerabilities addressed include elevation of privileges, spoofing, security bypass, and denial-of-service issues. Microsoft has identified eight vulnerabilities within this update as being more likely to be exploited by attackers.
Notably, CVE-2024-43451, a zero-day vulnerability affecting all versions of Windows, enables attackers to disclose a user’s NTLMv2 hash with minimal user interaction required. CVE-2024-49039, another active zero-day related to the Windows Task Scheduler, allows for elevation of privilege through executing remote procedure calls (RPC). This vulnerability was reported by Google’s Threat Analysis Group, indicating potential involvement of advanced persistent threat actors.
Two further zero-day vulnerabilities have been disclosed but are not currently exploited. CVE-2024-49019 poses an elevation-of-privilege risk in Active Directory Certificate Services, while CVE-2024-49040 is a spoofing vulnerability in Windows Exchange Server that could enable attackers to create deceptive emails mimicking legitimate sources for spear phishing attacks. Microsoft has advised on securing certificate templates to mitigate the risks associated with CVE-2024-49019.
Remote Code Execution Vulnerabilities
Approximately 60% of the vulnerabilities in the November update are categorized as RCE vulnerabilities, with some permitting unauthenticated access. A notable RCE vulnerability, CVE-2024-43639, found in Windows Kerberos, has been assigned a high Common Vulnerability Scoring System (CVSS) severity score of 9.8. This vulnerability can be exploited remotely by unauthenticated attackers. While Microsoft has assessed this particular vulnerability as less likely to be exploited, experts have cautioned against underestimating its potential risk.
Other significant RCE vulnerabilities include CVE-2024-49050, related to the Visual Studio Code Python Extension; CVE-2024-43498, which affects .NET and Visual Studio; CVE-2024-49033, found in Microsoft Word; and CVE-2024-43623, a privilege escalation flaw in the Windows NT operating system kernel. This flaw allows attackers to gain system-level access and has been flagged by Microsoft as being more likely to be exploited.
Enhancements in Vulnerability Disclosure
In a move to enhance its vulnerability disclosure process, Microsoft has adopted the Common Security Advisory Framework (CSAF). This framework allows for vulnerabilities to be disclosed in a machine-readable format. The adoption of CSAF is believed to support organizations in improving their vulnerability response and remediation processes, ensuring a more robust defense against potential threats.
Original Source: Read the Full Article Here
