Wednesday, February 12, 2025

November 2024 Patch Tuesday: Key Vulnerabilities Uncovered!

Share

In today’s VERT Alert, we focus on Microsoft’s November 2024 Security Updates. VERT is diligently working to enhance its coverage for these vulnerabilities and anticipates releasing ASPL-1132 promptly upon completion.

Active Vulnerabilities and Noteworthy CVEs

CVE-2024-43451: This vulnerability enables unauthorized access to NTLMv2 hashes. Alarmingly, it has been both disclosed publicly and exploited in the wild. The exploit is trivial; significant interaction is not needed, as merely right- or left-clicking a malicious file can trigger the vulnerability. Microsoft has flagged it as Exploitation Detected.

CVE-2024-49039: This vulnerability within Windows Task Scheduler permits low-privilege users to elevate their permissions to a Medium Integrity Level, allowing potential code execution. Microsoft indicates that exploitation is currently detected.

CVE-2024-49040: Found in Microsoft Exchange Server, it permits spoofing of email senders through non-compliant P2 FROM headers. After applying recent updates, users receive guidance for enhanced security against this type of fraud. Microsoft has categorized this issue as Exploitation More Likely.

Moreover, a recently published advisory regarding Microsoft SharePoint Server outlines a defense-in-depth approach to mitigate potential redirection threats.


Vocabulary List:

  1. Vulnerability /ˌvʌl.nəˈbɪl.ɪ.ti/ (noun): The quality or state of being exposed to the possibility of being harmed.
  2. Unauthorized /ʌnˈɔː.θə.raɪzd/ (adjective): Not having official permission or approval.
  3. Exploitation /ˌɛk.splɔɪˈteɪ.ʃən/ (noun): The action of making use of a resource or situation for gain.
  4. Mitigate /ˈmɪt.ɪ.ɡeɪt/ (verb): To make less severe or serious.
  5. Spoofing /ˈspuːfɪŋ/ (verb): The act of deceiving or tricking by impersonating someone or something.
  6. Detection /dɪˈtɛkʃən/ (noun): The action of discovering or identifying the presence of something.

Read more

Local News