Microsoft Addresses 89 CVEs in November Patch Tuesday Update
Microsoft programmers have been working hard and they came out with some very crucial updates lately, bringing up overall CVE statistics by 89 new vulnerabilities, all of which have been fixed in the Patch Tuesday update of November this year. Out of this number, four vulnerabilities are classified as critical, and quite a few other problems warrant equal attention, especially the ones concerning NTLM, the Windows Task Scheduler, Active Directory Certificate Services, and the Microsoft Exchange Server.
Critical Vulnerabilities and Zero-Day Exploits
One of the vulnerabilities fixed is a full blown zero-day which has been cataloged as CVE-2014-3456 which is a spoofing vulnerability which involves the New Technology LAN Manager (NTLM) Hash. This vulnerability is crucial since it has the potential to make a user’s NTLMv2 hash accessible by unauthorized persons, hence leading to a potential risk. Here the attacker can gain access if user is tricked in interacting with the malicious file, and act as the user. In particular, the use of NTLM’s encryption mechanisms is outdated, and this speaks volumes when its abuse is noted.
Potential for Elevated Privileges
Most important is also the Windows Task Scheduler that allows the system to be compromised if a person who doesn’t have a higher level of security and isn’t a trusted malicious application can run in the System context with the administrator’s privilege. This weakness is present in several Windows versions and can pose a particular threat in systems where multiple users share the same workstations.
Publicly Disclosed Vulnerabilities Yet to be Exploited
Along these lines, there are more than five incidences of vulnerabilities so far revealed that have not been taken advantage of by attackers. This was acknowledged as of (and referring to) year 2018. For example:
- CVE-2024-49019: An EoP vulnerability in Active Directory Certificate Services.
- CVE-2024-49040: A spoofing vulnerability in Microsoft Exchange Server.
- Remote code execution vulnerabilities in OpenSSL and .NET/Visual Studio.
Security experts that avoid rating active directory and exchange vulnerabilities tend to focus on the security implications of elevated privileges such as the risks associated with malicious attackers.
Other Critical Issues
Furthermore, three additional critical vulnerabilities have been identified, including:
- EoP vulnerability in Microsoft Windows VMSwitch.
- Remote code execution vulnerability in Windows Kerberos.
- EoP vulnerability in Airlift.microsoft.com.
While the proof of concept for these vulnerabilities remains unreleased, the fact that no one has observed them being actively exploited in the real world, does not at all lessen the gravity of the situation.
Conclusion
Companies that use Microsoft Windows operating systems generally need to ensure that they are able to address these problems, especially when it comes to the sharing of files on networks or the use of older programs. If social engineering or phishing prevention measures are not undertaken, the effectiveness of risk is certain to increase as a result of the increased chances of such attack. In a time where cyber threats and hackings are growing more sophisticated and the need for state-of-the art security systems is very high, it means that being active in the way that responsive wares for related issues means all the difference between security and insecurity.
