REDLEGG BLOG

Patch Tuesday - November 2024

11/13/24 3:45 PM  |  by RedLegg Blog

*Important note: These are not the only vulnerabilities that were recently released; however, these are the vulnerabilities RedLegg has identified as critical and require immediate attention.

VULNERABILITIES

NTLM Hash Disclosure Spoofing Vulnerability

CVSS Score: 8.8 (High) 
Identifier: CVE-2024-43451 
Exploit or POC: Yes, this vulnerability is actively exploited in the wild.
Update: CVE-2024-43451 – Microsoft Security Update Guide https://msrc.microsoft.com/update-guide

Description: CVE-2024-43451 is a critical spoofing vulnerability in NTLM that allows attackers to impersonate network credentials. By leveraging this flaw, an attacker can intercept NTLM hashes, potentially leading to unauthorized access to network resources. Exploitation of this vulnerability could allow attackers to gain higher privileges within a network environment, posing significant risks to data integrity and security.

Mitigation Recommendation: Patching is currently the only method of mitigation. Please update to the latest software versions as listed in the  Microsoft Security Update Guide. Applying the patch immediately is recommended to mitigate potential exploitation.


Windows Task Scheduler Elevation of Privilege Vulnerability

CVSS Score: 8.8 (High)
Identifier: CVE-2024-49039
Exploit or POC: Yes, this vulnerability is actively exploited in the wild.
Update: CVE-2024-49039 – Microsoft Security Update Guide

Description: CVE-2024-49039 is an elevation of privilege vulnerability in Windows Task Scheduler. An authenticated attacker can exploit this flaw by running a specially crafted application, allowing them to gain elevated privileges and execute code with higher permissions. This vulnerability has been actively exploited in the wild, posing significant risks to affected systems.

Mitigation Recommendation: Patching is currently the only method of mitigation. Please update to the latest software versions as listed in the Microsoft Security Update Guide. Immediate patching is recommended to prevent potential exploitation.


Microsoft Exchange Server Spoofing Vulnerability

CVSS Score: 8.8 (High)
Identifier: CVE-2024-49040
Exploit or POC: Yes, this vulnerability is actively exploited in the wild. 
Update: CVE-2024-49040 – Microsoft Security Update Guide https://msrc.microsoft.com/update-guide

Description: CVE-2024-49040 is a spoofing vulnerability in Microsoft Exchange Server 2016 and 2019. This flaw allows attackers to forge legitimate senders on incoming emails, making malicious messages appear more credible. The vulnerability arises from improper parsing of recipient addresses, enabling email spoofing that can be exploited for phishing attacks and other malicious activities.

Mitigation Recommendation: Patching is currently the only method of mitigation. Please update to the latest software versions as listed in the  Microsoft Security Update Guide. Immediate patching is recommended to prevent potential exploitation.


Active Directory Certificate Services (ADCS) Enhanced Key Usage (EKU) Spoofing Vulnerability

CVSS Score: 8.8 (High)
Identifier: CVE-2024-49019
Exploit or POC: Yes, this vulnerability is actively exploited in the wild.
Update: CVE-2024-49019 – Microsoft Security Update Guide https://msrc.microsoft.com/update-guide

Description: CVE-2024-49019 is a spoofing vulnerability in Active Directory Certificate Services (ADCS) related to Enhanced Key Usage (EKU) handling. An attacker can exploit this flaw by crafting a certificate with specific EKU attributes, allowing them to impersonate trusted entities or perform man-in-the-middle attacks. This vulnerability has been actively exploited, posing significant risks to network security.

Mitigation Recommendation: Patching is currently the only method of mitigation. Please update to the latest software versions as listed in the Microsoft Security Update Guide. Immediate patching is recommended to prevent potential exploitation.

Get Blog Updates

Related Articles

Emergency Security Bulletin: Microsoft & Ivanti Vulnerabilities Bulletin, Vulnerability Bulletins

Emergency Security Bulletin: Microsoft & Ivanti Vulnerabilities

About: RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide ...
Emergency Security Bulletin: PAN-OS Management Interface Remote Code Execution Vulnerability Bulletin, Vulnerability Bulletins

Emergency Security Bulletin: PAN-OS Management Interface Remote Code Execution Vulnerability

About: RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide ...
Critical Security Vulnerabilities Bulletin