When the Fix Day arrives, a wave of security patches will be applied to Windows systems. Last month, Windows resolved four critical zero-day vulnerabilities, with two of them already being taken advantage of by malicious actors.
On Fix Days, it is an opportune moment for administrative teams to stress the significance of keeping operating systems and applications updated. Meanwhile, developers such as Microsoft and Adobe will have identified issues and closed potential security loopholes.
Furthermore, as highlighted by XDA, observant Windows users now possess a useful new feature this month: the ability to reassign the Copilot key. This enables users to utilize the AI button to launch a desired application instead.
Microsoft addresses two actively exploited vulnerabilities
Microsoft dealt with two vulnerabilities that had already been exploited by attackers: CVE-2024-49039 and CVE-2024-43451.
An attacker took advantage of a bug in the Windows Task Scheduler using a custom-built application, CVE-2024-49039, to raise their privileges to a Medium Integrity Level. This allowed them to invoke RPC functions for invoking processes from a remote machine.
VIEW: The latest update to the Microsoft PowerToys quality-of-life suite integrated bug fixes, a refreshed appearance for the utility menu, and more enhancements.
Regarding CVE-2024-43451, attackers could deceive a user into interacting with a malicious file, subsequently obtaining the user’s NTLMv2 hash and falsifying their credentials.
Microsoft suggested, “For complete protection, we advise customers who apply Security Only updates to also apply the IE Cumulative updates for this particular vulnerability.”
Other significant vulnerabilities impacting Windows domains and permissions
Ben McCarthy, head cybersecurity engineer at Immersive Labs, singled out CVE-2024-43639 as “one of the most severe CVEs in this recent patch release.”
CVE-2024-43639 allows attackers to execute code within a Windows domain, stemming from a weakness in the Kerberos authentication protocol.
“Windows domains are extensively used in corporate networks,” McCarthy conveyed to TechRepublic via email, “and by exploiting a cryptographic protocol flaw, an attacker can execute privileged operations on a remote machine within the network, potentially leading to gaining access to the domain controller, a prime objective for many attackers targeting a domain.”
Originating from specific certificates generated using the version 1 certificate template in a Public Key Infrastructure setting, an elevation of privilege vulnerability, CVE-2024-49019, emerged. Microsoft advised administrators to be vigilant of certificates where the Source of the subject name is designated as “Supplied in the request,” and the Enroll permissions are extended to a broader range of accounts, such as domain users or domain computers.
“This commonly indicates misconfiguration, and certificates derived from templates like the Web Server template could be impacted,” McCarthy mentioned. “Nonetheless, the Web Server template is not inherently susceptible due to its limited enroll permissions.”
In addition to the patch updates, Microsoft recommended a mitigation of this vulnerability by avoiding overly broad enrollment permissions for certificates.
Though Microsoft has not observed any attackers exploiting this vulnerability, McCarthy stressed, “Given its affiliation with Windows domains and widespread usage within corporate entities, it is crucial to address this vulnerability promptly and rectify any potential misconfigurations that may persist.”
Microsoft resolves four critical vulnerabilities
Four vulnerabilities were classified as critical this month:
- CVE-2024-43498, a Type Confusion flaw seen in .NET and Visual Studio applications that could facilitate remote code execution.
- CVE-2024-49056, an elevation of privilege vulnerability found on airlift.microsoft.com.
- CVE-2024-43625, a privilege escalation vulnerability in the Hyper-V host execution environment.
- CVE-2024-43639 details mentioned earlier.
For a detailed list of Windows security updates released on November 12, visit Microsoft Support.
About Author
