On Patch Tuesday, Home windows methods might be up to date with a flood of safety fixes. In November, Home windows patched 4 zero-day vulnerabilities, two of which have been exploited.
Patch Tuesdays are a great time for admin groups to remind staff of the significance of conserving working methods and functions updated. Within the meantime, software program makers like Microsoft and Adobe may have caught issues and closed backdoors.
As well as, as XDA identified, sharp-eyed Home windows customers have a helpful new possibility this month: remapping the Copilot key. This allows you to use the AI button to launch the application of your alternative as an alternative.
Microsoft patches two actively exploited vulnerabilities
Microsoft patched two vulnerabilities attackers had already exploited: CVE-2024-49039 and CVE-2024-43451.
An attacker operating a bespoke software exploited a bug within the Home windows Activity Scheduler, CVE-2024-49039, to raise their privileges to a Medium Integrity Stage. From there, they may execute RPC features to name processes from a distant computer.
SEE: The November replace to the Microsoft PowerToys quality-of-life suite included bug fixes, a brand new search for the utility menu, and extra.
With CVE-2024-43451, an attacker can trick a person into interacting with a malicious file, then uncover that person’s NTLMv2 hash and spoof their credentials.
“To remain totally protected, we suggest that clients who set up Safety Solely updates set up the IE Cumulative updates for this vulnerability,” Microsoft recommended.
Different notable vulnerabilities goal Home windows domains and permissions
Ben McCarthy, lead cybersecurity engineer at Immersive Labs, identified CVE-2024-43639 as “one of the vital threatening CVEs from this patch launch.”
CVE-2024-43639 lets attackers execute code inside a Home windows area. It originates in Kerberos, an authentication protocol.
“Home windows domains are used within the majority of enterprise networks,” McCarthy advised TechRepublic in an e-mail, “and by making the most of a cryptographic protocol vulnerability, an attacker can carry out privileged acts on a distant machine throughout the community, probably giving them eventual access to the area controller, which is the objective for a lot of attackers when attacking a website.”
An elevation of privilege vulnerability, CVE-2024-49019, originated in sure certificates created utilizing the version 1 certificate template in a Public Key Infrastructure atmosphere. Microsoft mentioned directors ought to look out for certificates by which the Supply of the topic identify is about to “Equipped within the request” and the Enroll permissions are granted to a broader set of accounts, resembling area customers or area computer systems.
“That is usually a misconfiguration, and certificates created from templates just like the Net Server template may very well be affected,” mentioned McCarthy. “Nonetheless, the Net Server template shouldn’t be weak by default due to its restricted enroll permissions.”
Together with putting in the patch updates, Microsoft mentioned one mitigation for this vulnerability is to keep away from making use of overly broad enrollment permissions to certificates.
Microsoft has not detected attackers utilizing this vulnerability. Nonetheless, “as a result of it’s associated to Home windows domains and is used closely throughout enterprise organizations, it is extremely vital to patch this vulnerability and search for misconfigurations that may very well be left behind,” McCarthy mentioned.
Microsoft repairs 4 crucial vulnerabilities
4 vulnerabilities this month have been listed as crucial:
- CVE-2024-43498, a Kind Confusion flaw in .NET and Visible Studio functions that might permit for distant code execution.
- CVE-2024-49056, an elevation of privilege vulnerability on airlift.microsoft.com.
- CVE-2024-43625, an execution of privilege vulnerability within the Hyper-V host execution atmosphere.
- CVE-2024-43639 is detailed above.
An entire checklist of Home windows security updates from Nov. 12 could be discovered at Microsoft Support.
Source link