Microsoft issued an important security update, resolving critical product vulnerabilities. To be more precise, as many as 90+ problems were found, with four of them being zero-day issues, and it is known that two of them are actively exploited. The users must patch the systems as soon as possible.
Read Also: Here’s The Exact Time Black Ops 6 And Warzone Season 1 Go Live And What To Expect
The November 2024 Patch Tuesday update patches four zero-day vulnerabilities, those Microsoft characterizes as either known to exist publicly or being actively exploited. Both CVE-2024-43451 and CVE-2024-49039 are now being actively exploited.
Read Also: Apple Ring Unlikely to Happen, Says Oura CEO But Is Apple Ready to Prove Him Wrong?
CVE-2024-43451 is a spoofing authentication flaw in the NTLM protocol, which could allow an attacker to use password hashing techniques and impersonate users. For example, it requires user interaction to open another malicious file received via phishing.
CVE-2024-49039 is a privilege elevation vulnerability for Windows Task Scheduler. Through this, an attacker may attain elevated access to a system after the initial entry. This is achieved by running a malicious application on the compromised gadget. The experts advise on the immediate implementation of the latest patch as a way of counter-attacks.
Read Also: Google Play’s upcoming update could make sideloading apps much easier
The other two weaknesses are rated as 9.8 by the Common Vulnerability Scoring System (CVSS): CVE-2024-43498 and CVE-2024-43639. These weaknesses attack .NET web applications, enabling a remote attacker to perform malicious requests without authentication and Windows Kerberos regarding unauthorized code execution.
Read Also: Galaxy S24 Series gets November 2024 security update in more countries
These weaknesses exist in many Microsoft products, such as Windows OS, Office, SQL Server, Exchange Server, .NET, and Visual Studio. Experts believe Windows OS needs to be given the highest priority; Microsoft Exchange Server should also be included because these patches address actively exploited vulnerabilities.
Updating the related issues is the only way to keep your system secure. An updated state will disallow attackers from using the mentioned critical security vulnerability to strike against the devices.
