*Important note: These are not the only vulnerabilities that were recently released; however, these are the vulnerabilities RedLegg has identified as critical and require immediate attention.
VULNERABILITIES
NTLM Hash Disclosure Spoofing Vulnerability
CVSS Score: 8.8 (High)
Identifier: CVE-2024-43451
Exploit or POC: Yes, this vulnerability is actively exploited in the wild.
Update: CVE-2024-43451 – Microsoft Security Update Guide https://msrc.microsoft.com/update-guide
Description: CVE-2024-43451 is a critical spoofing vulnerability in NTLM that allows attackers to impersonate network credentials. By leveraging this flaw, an attacker can intercept NTLM hashes, potentially leading to unauthorized access to network resources. Exploitation of this vulnerability could allow attackers to gain higher privileges within a network environment, posing significant risks to data integrity and security.
Mitigation Recommendation: Patching is currently the only method of mitigation. Please update to the latest software versions as listed in the Microsoft Security Update Guide. Applying the patch immediately is recommended to mitigate potential exploitation.
Windows Task Scheduler Elevation of Privilege Vulnerability
CVSS Score: 8.8 (High)
Identifier: CVE-2024-49039
Exploit or POC: Yes, this vulnerability is actively exploited in the wild.
Update: CVE-2024-49039 – Microsoft Security Update Guide
Description: CVE-2024-49039 is an elevation of privilege vulnerability in Windows Task Scheduler. An authenticated attacker can exploit this flaw by running a specially crafted application, allowing them to gain elevated privileges and execute code with higher permissions. This vulnerability has been actively exploited in the wild, posing significant risks to affected systems.
Mitigation Recommendation: Patching is currently the only method of mitigation. Please update to the latest software versions as listed in the Microsoft Security Update Guide. Immediate patching is recommended to prevent potential exploitation.
Microsoft Exchange Server Spoofing Vulnerability
CVSS Score: 8.8 (High)
Identifier: CVE-2024-49040
Exploit or POC: Yes, this vulnerability is actively exploited in the wild.
Update: CVE-2024-49040 – Microsoft Security Update Guide https://msrc.microsoft.com/update-guide
Description: CVE-2024-49040 is a spoofing vulnerability in Microsoft Exchange Server 2016 and 2019. This flaw allows attackers to forge legitimate senders on incoming emails, making malicious messages appear more credible. The vulnerability arises from improper parsing of recipient addresses, enabling email spoofing that can be exploited for phishing attacks and other malicious activities.
Mitigation Recommendation: Patching is currently the only method of mitigation. Please update to the latest software versions as listed in the Microsoft Security Update Guide. Immediate patching is recommended to prevent potential exploitation.
Active Directory Certificate Services (ADCS) Enhanced Key Usage (EKU) Spoofing Vulnerability
CVSS Score: 8.8 (High)
Identifier: CVE-2024-49019
Exploit or POC: Yes, this vulnerability is actively exploited in the wild.
Update: CVE-2024-49019 – Microsoft Security Update Guide https://msrc.microsoft.com/update-guide
Description: CVE-2024-49019 is a spoofing vulnerability in Active Directory Certificate Services (ADCS) related to Enhanced Key Usage (EKU) handling. An attacker can exploit this flaw by crafting a certificate with specific EKU attributes, allowing them to impersonate trusted entities or perform man-in-the-middle attacks. This vulnerability has been actively exploited, posing significant risks to network security.
Mitigation Recommendation: Patching is currently the only method of mitigation. Please update to the latest software versions as listed in the Microsoft Security Update Guide. Immediate patching is recommended to prevent potential exploitation.