On Patch Tuesday, Home windows techniques will likely be up to date with a flood of safety fixes. In November, Home windows patched 4 zero-day vulnerabilities, two of which have been exploited.
Patch Tuesdays are a very good time for admin groups to remind staff of the significance of conserving working techniques and purposes updated. Within the meantime, software program makers like Microsoft and Adobe can have caught issues and closed backdoors.
As well as, as XDA identified, sharp-eyed Home windows customers have a helpful new choice this month: remapping the Copilot key. This allows you to use the AI button to launch the appliance of your selection as a substitute.
Microsoft patches two actively exploited vulnerabilities
Microsoft patched two vulnerabilities attackers had already exploited: CVE-2024-49039 and CVE-2024-43451.
An attacker operating a bespoke software exploited a bug within the Home windows Process Scheduler, CVE-2024-49039, to raise their privileges to a Medium Integrity Degree. From there, they may execute RPC features to name processes from a distant laptop.
SEE: The November replace to the Microsoft PowerToys quality-of-life suite included bug fixes, a brand new search for the utility menu, and extra.
With CVE-2024-43451, an attacker can trick a person into interacting with a malicious file, then uncover that person’s NTLMv2 hash and spoof their credentials.
“To remain totally protected, we advocate that clients who set up Safety Solely updates set up the IE Cumulative updates for this vulnerability,” Microsoft recommended.
Different notable vulnerabilities goal Home windows domains and permissions
Ben McCarthy, lead cybersecurity engineer at Immersive Labs, identified CVE-2024-43639 as “one of the vital threatening CVEs from this patch launch.”
CVE-2024-43639 lets attackers execute code inside a Home windows area. It originates in Kerberos, an authentication protocol.
“Home windows domains are used within the majority of enterprise networks,” McCarthy informed TechRepublic in an electronic mail, “and by profiting from a cryptographic protocol vulnerability, an attacker can carry out privileged acts on a distant machine throughout the community, doubtlessly giving them eventual entry to the area controller, which is the purpose for a lot of attackers when attacking a site.”
An elevation of privilege vulnerability, CVE-2024-49019, originated in sure certificates created utilizing the version 1 certificate template in a Public Key Infrastructure atmosphere. Microsoft mentioned directors ought to look out for certificates wherein the Supply of the topic identify is ready to “Provided within the request” and the Enroll permissions are granted to a broader set of accounts, reminiscent of area customers or area computer systems.
“That is sometimes a misconfiguration, and certificates created from templates just like the Net Server template may very well be affected,” mentioned McCarthy. “Nonetheless, the Net Server template will not be susceptible by default due to its restricted enroll permissions.”
Together with putting in the patch updates, Microsoft mentioned one mitigation for this vulnerability is to keep away from making use of overly broad enrollment permissions to certificates.
Microsoft has not detected attackers utilizing this vulnerability. Nonetheless, “as a result of it’s associated to Home windows domains and is used closely throughout enterprise organizations, it is rather vital to patch this vulnerability and search for misconfigurations that may very well be left behind,” McCarthy mentioned.
Microsoft repairs 4 essential vulnerabilities
4 vulnerabilities this month had been listed as essential:
- CVE-2024-43498, a Sort Confusion flaw in .NET and Visible Studio purposes that would permit for distant code execution.
- CVE-2024-49056, an elevation of privilege vulnerability on airlift.microsoft.com.
- CVE-2024-43625, an execution of privilege vulnerability within the Hyper-V host execution atmosphere.
- CVE-2024-43639 is detailed above.
A whole listing of Home windows safety updates from Nov. 12 could be discovered at Microsoft Support.