On Patch Tuesday, Windows programs might be up to date with a ton of safety fixes. In November, Windows patched 4 zero-day vulnerabilities, two of which had been exploited.
Patch Tuesdays are time for admin groups to remind workers of the significance of retaining working programs and functions updated. Meanwhile, software program makers like Microsoft and Adobe can have encountered issues and closed backdoors.
Also, how XDA As identified, savvy Windows customers have a helpful new possibility this month: remapping the Copilot key. This as an alternative permits you to use the AI button to launch the appliance of your selection.
Microsoft fixes two actively exploited vulnerabilities
Microsoft has patched two vulnerabilities already exploited by attackers: CVE-2024-49039 and CVE-2024-43451.
An attacker operating a customized utility exploited a bug in Windows Task Scheduler, CVE-2024-49039, to raise their privileges to medium integrity stage. From there they might execute RPC features to invoke processes from a distant laptop.
SEE: The November replace to the Microsoft EnergyToys suite contains bug fixes, a brand new search for the utilities menu, and extra.
With CVE-2024-43451, an attacker can trick a consumer into interacting with a malicious file, then uncover the consumer’s NTLMv2 hash and spoof their credentials.
“To stay totally protected, we advocate that prospects putting in security-only updates set up the IE cumulative updates for this vulnerability,” Microsoft recommended.
Other notable vulnerabilities have an effect on Windows domains and permissions
Ben McCarthy, lead cybersecurity engineer at Immersive Labs, highlighted CVE-2024-43639 as “some of the threatening CVEs on this patch launch.”
CVE-2024-43639 permits attackers to execute code inside a Windows area. It originates in Kerberos, an authentication protocol.
“Windows domains are utilized in most company networks,” McCarthy informed TechRepublic in an electronic mail, “and by exploiting a cryptographic protocol vulnerability, an attacker can carry out privileged actions on a distant machine inside the community , probably giving them entry to the area controller, which is the goal of many attackers when attacking a website.”
An elevation of privilege vulnerability, CVE-2024-49019, originated in some certificates created utilizing certificate template version 1 in a public key infrastructure setting. Microsoft stated directors ought to search for certificates the place the topic title supply is ready to “Provided in request” and enrollment permissions are granted to a broader set of accounts, akin to area customers or area computer systems.
“This is often a misconfiguration, and certificates created by templates just like the Web Server template might be affected,” McCarthy stated. “However, the net server mannequin just isn’t susceptible by default resulting from restricted logging permissions.”
In addition to putting in patch updates, Microsoft stated one mitigation for this vulnerability is to keep away from making use of overly broad enrollment permissions to certificates.
Microsoft has not detected attackers exploiting this vulnerability. However, “as a result of it’s associated to Windows domains and is broadly utilized in enterprise organizations, it is extremely essential to patch this vulnerability and search for misconfigurations that could be left behind,” McCarthy stated.
Microsoft fixes 4 vital vulnerabilities
Four vulnerabilities this month had been listed as vital:
- CVE-2024-43498a sort confusion flaw in .NET and Visual Studio functions that would permit distant code execution.
- CVE-2024-49056An elevation of privilege vulnerability in airlift.microsoft.com.
- CVE-2024-43625An execution privilege vulnerability within the Hyper-V host execution setting.
- CVE-2024-43639 is detailed above.
An entire record of November 12 Windows safety updates is accessible at Microsoft Support.
