Jump to content
  • Sign Up
×
×
  • Create New...

Recommended Posts

  • Diamond Member

This is the hidden content, please

This is the hidden content, please
fixes 89 CVEs on penultimate Patch Tuesday of 2024

This is the hidden content, please
has issued fixes addressing a total of 89 new Common Vulnerabilities and Exposures (CVEs) – 92 including third-party disclosures – to mark the penultimate
This is the hidden content, please
of 2024, including four critical issues and a number of flaws that could be considered zero-days.

Of these issues, one meets the full traditional definition of a full zero-day, a vulnerability that is both public and known to be exploited. This is

This is the hidden content, please
, a spoofing vulnerability in New Technology LAN Manager (NTLM) Hash.

NTLM is a set of security protocols used to authenticate users’ identities. It dates back years and has been largely supplanted by vastly more secure protocols –

This is the hidden content, please
has not recommended its use in over a decade, but since it was used in Internet Explorer, it ******** supported to some extent and continues to cause problems, not least because at this stage, it is incredibly insecure.

In this instance, successful exploitation of this issue could lead to “total loss of confidentiality”, according to

This is the hidden content, please
, as it discloses a user’s NTLMv2 hash to an attacker who could then use it to authenticate as the user – if the victim can be tricked into minimal interaction with a malicious file, which could include merely selecting or clicking it, not even opening it. This may make it considerably more dangerous than its comparatively low severity score may indicate.

Mike Walters, president and co-founder of

This is the hidden content, please
, explained: “This issue arises from the mechanism where NTLM authentication credentials, specifically NTLMv2 hashes, are improperly exposed via a maliciously crafted file.

“The root cause of this vulnerability ***** in improperly handling file interactions within systems, potentially allowing attackers to extract NTLMv2 hashes without requiring complete file **********,” he told Computer Weekly in emailed commentary.

All supported versions of

This is the hidden content, please
Windows are vulnerable to this issue, said Walters, especially if they use applications reliant on MSHTML and EdgeHTML platforms, while risk is further increased across different system environments thanks to the involvement of other scripting engines.

Walters said the main concern with CVE-2024-43451 is the disclosure of NTLMv2 hashes that can be used to authenticate as the user and leveraged in pass-the-hash attacks, enabling further lateral movement for a canny threat actor.

“This vulnerability is particularly effective in phishing scenarios, where users might be deceived into interacting with malicious files. Once NTLM hashes are obtained, attackers can combine them with other network vulnerabilities to extend their access and compromise additional systems,” he said.

“Organisations that heavily use Windows in environments with substantial network file sharing or legacy applications dependent on Internet Explorer and related platforms face heightened risk. Those lacking robust user training and monitoring systems to detect unusual file interactions may be more susceptible to exploitation.”

Also on the list is

This is the hidden content, please
, which is exploited but not yet public. This is an elevation of privilege (EoP) vulnerability in Windows Task Scheduler.

This stems from an issue where authentication tokens or credentials are improperly managed and could allow a low-privileged attacker to gain deeper access if they can ******** a malicious application designed for the purpose. It impacts multiple versions of Windows that incorporate Task Scheduler as part of their routine task automation processes, and it is thought that environments with shared or multiple-user setups may be particularly vulnerable to it.

“This vulnerability serves as a potential entry point for attackers who have already accessed a system with low privilege. Once privileges are escalated, these attackers can utilise this foothold for further lateral movement within a network or to exploit other vulnerabilities that necessitate higher access levels,” said Walters.

“The nature of this vulnerability is especially concerning in corporate settings where individual users possess specific task automation privileges that could be exploited to gain unauthorised access.”

Not yet exploited

Four further vulnerabilities have been made public but as of yet have seen no exploitation, according to

This is the hidden content, please
, and one of these,
This is the hidden content, please
, a remote code ********** issue in OpenSSL, is among the three third-party disclosures incorporated into this month’s drop.

The other three are

This is the hidden content, please
, a remote code ********** (RCE) vulnerability in .NET and Visual Studio,
This is the hidden content, please
, an EoP vulnerability in Active Directory Certificate Services, and
This is the hidden content, please
, a spoofing vulnerability in
This is the hidden content, please
Exchange Server.

Chris Goettl, vice president of security products at

This is the hidden content, please
, shared further thoughts on both the Active Directory and
This is the hidden content, please
Exchange Server issues, and urged defenders to treat them as higher priorities than the official guidance might imply.

“[CVE-2024-49019] … is rated Important and has a CVSS v3.1 score of 7.8…. If exploited, the attacker could gain domain administrator privileges. The vulnerability does provide additional mitigations including removing overly broad enrol or auto-enrol permissions, removing unused templates from certificate authorities, and securing templates that allow you to specify the subject in the request,” said Goettl.

“The vulnerability affects Windows Server 2008 and later Server OS editions. From a risk-based perspective, a public disclosure puts this vulnerability at a higher risk of being exploited and may warrant treating the vulnerability as a higher severity.”

Goettl continued: “[CVE-2024-49040] is rated Important and has a CVSS v3.1 score of 7.5…. The vulnerability exists in the P2 From header verification.

This is the hidden content, please
Exchange Server is often targeted by threat actors who specialise in Exchange exploits. From a risk-based prioritisation perspective, the public disclosure and availably of PoC level exploit code warrants treating this vulnerability as Critical.”  

Finally, three other Critical issues are listed as,

This is the hidden content, please
, an EoP vulnerability in
This is the hidden content, please
Windows VMSwitch;
This is the hidden content, please
, an RCE vulnerability in Windows Kerberos; and
This is the hidden content, please
, an EoP vulnerability in Airlift.
This is the hidden content, please
.com. In each of these instances, no proof of concept has yet been made public and no exploitation in the wild has been observed.



This is the hidden content, please

#

This is the hidden content, please
#fixes #CVEs #penultimate #Patch #Tuesday

This is the hidden content, please

This is the hidden content, please

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Vote for the server

    To vote for this server you must login.

    Jim Carrey Flirting GIF

  • Recently Browsing   0 members

    • No registered users viewing this page.

Important Information

Privacy Notice: We utilize cookies to optimize your browsing experience and analyze website traffic. By consenting, you acknowledge and agree to our Cookie Policy, ensuring your privacy preferences are respected.