89 Vulnerabilities, and 1 Zero-Day – Expert Insights

Welcome to the November 2024 Patch Tuesday! This month, we saw 89 vulnerabilities released, and 1 Zero-Day. 

For a deeper dive into these vulnerabilities, don't miss the Patch [FIX] Tuesday podcast, where you'll find expert analysis and detailed coverage. 

Before we get insights from Automox’s cybersecurity experts on how these vulnerabilities impact your systems, let’s take a look back and see how this Patch Tuesday stacks up.

At its core, CVE 2024-43451 exposes a user's NTLMv2 hash – a crucial component of the NT LAN Manager (NTLM) authentication protocol – to an attacker. 

NTLM hashing is a method used to protect passwords by converting them into a fixed-length string of characters, which is then transmitted for authentication purposes. When this hash is disclosed, an attacker can potentially authenticate as the user, compromising system security. The vulnerability requires user interaction—specifically, a user needs to open a crafted file that an attacker might send through phishing attempts.

This vulnerability is confirmed and exploitation has been detected. The only current remediation is an official fix. Prioritize patching this vulnerability to prevent unauthorized access. Without mitigation or a workaround, swift patching is paramount to protect your network from potential exploitation. 

– Ryan Braunstein, Team Lead of Security Operations, Automox

CVE 2024-5535 (CVSS 9.1/10) represents a significant threat as it affects Microsoft Defender for Endpoint, posing a Remote Code Execution (RCE) risk. This vulnerability allows attackers to execute code remotely on a victim's machine, exploiting the very tool designed to help secure your endpoints. 

An attacker could exploit this by sending a malicious link via email or instant messaging. Once clicked, the attack unfolds without requiring further interaction from you. 

In addition to immediate patching, it is recommended to enhance your email filters and educate users about the dangers of unsolicited links. Proactive measures and prompt patching are your best defenses against the potential exploitation of this vulnerability.

— Seth Hoyt, Senior Security Engineer, Automox

CVE 2024-49039 (CVSS 8.8/10) is a vulnerability involving the Windows Task Scheduler, which may allow attackers to elevate their privileges on a target system. This elevation of privilege vulnerability exploits Remote Procedure Call (RPC) functions, essential for executing commands and transferring data between a client and server. 

In this scenario, an attacker must first gain access to the system, subsequently running a specifically crafted application to exploit the vulnerability. This could lead to unauthorized execution of privileged RPC functions, potentially allowing the creation of new users or modification of system settings at a higher privilege level than the attacker initially possessed.

To mitigate this vulnerability, patching is your most effective strategy. Microsoft has acknowledged the existence of functional exploit code for this vulnerability, making it imperative to apply any available updates promptly. 

– Henry Smith, Senior Security Engineer, Automox