November 2024 Patch Tuesday patches four zero days and three critical flaws
The other two zero days being patched are CVE-2024-49040, a flaw in Exchange rated “important” that could allow an attacker to spoof the email address of a sender, and CVE-2024-49019, an elevation of privileges flaw in Active Directory (AD) which an attacker could use to gain the powers of a domain admin.
Microsoft Fixes Four More Zero-Days in November Patch Tuesday
It’s been another busy Patch Tuesday for system administrators, with Microsoft releasing updates for nearly 100 vulnerabilities, four of which are classed as zero-days. Microsoft classifies a zero-day flaw as a CVE that has been publicly disclosed or actively exploited before a patch is available.
Admins can give thanks this November for dollops of Microsoft patches
Don't be a turkey – get these fixed Patch Tuesday Patch Tuesday has swung around again, and Microsoft has released fixes for 89 CVE-listed security flaws in its products – including two under active attack – and reissued three more.
Patch Tuesday: Four Critical Vulnerabilities Paved Over
On Patch Tuesday, Windows systems will be updated with a flood of security fixes. In November, Windows patched four zero-day vulnerabilities, two of which have been exploited. Patch Tuesdays are a good time for admin teams to remind employees of the importance of keeping operating systems and applications up to date.
Critical Windows Zero-Days Patched in November Update
These updates will be rolled out to all supported Windows 10 and Windows 11 PCs over the coming days. Apple is the last one to show up to the AI party, but how does its Clean Up tool compare to Samsung's Object Eraser?
Microsoft Patch Tuesday, November 2024 Edition
Microsoft credits Google’s Threat Analysis Group with reporting the flaw. The second bug fixed this month that is already seeing in-the-wild exploitation is CVE-2024-43451, a spoofing flaw that could reveal Net-NTLMv2 hashes,
The Hacker News6h
Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails
The vulnerability in question, CVE-2024-43451 (CVSS score: 6.5), refers to an NTLM hash disclosure spoofing vulnerability ...
Windows Users Must Update Now As Microsoft Confirms 4 New Zero-Days
Microsoft has issued the latest Patch Tuesday round-up of Windows security fixes and this time it’s serious: 2 of 4 new ...
Five Eyes infosec agencies list 2024's most exploited software flaws
The top two spots on the list go to Citrix, which topped the chart with a remote code execution bug in versions 12 and 13 of ...
The Hacker News1d
Microsoft Fixes 90 New Flaws, Including Actively Exploited NTLM and Task Scheduler Bugs
Microsoft’s November Patch Tuesday addresses 90 security flaws, including actively exploited NTLM and Task Scheduler ...
Microsoft patches Windows zero-day exploited in attacks on Ukraine
Suspected Russian hackers were caught exploiting a recently patched Windows vulnerability as a zero-day in ongoing attacks ...
The Register on MSN14d
Windows Themes zero-day bug exposes users to NTLM credential theft
There's a Windows Themes spoofing zero-day bug on the loose that allows attackers to steal people's NTLM credentials. That's ...
Redmond Magazine17h
Microsoft Addresses 4 Zero-Day Holes in November Security Patch
The second flaw in active exploitation is an NTLM hash disclosure spoofing vulnerability (CVE-2024-43451), which could lead ...
Neowin5mon
Microsoft confirms NTLM is dead beyond Windows 11 24H2 and Server 20250 0
Back in October last year, Microsoft expressed its desire to eventually disable NTLM authentication. The company on its official website has updated the list of deprecated Windows features where ...
CSOonline13d
Take action now to plug Windows Themes vulnerability, says expert
Compounding the problem is the fact that the user password that goes out is sent in an easily cracked NTLM hash, which ...