Tuesday , April 1 2025
windows

Microsoft November Patch Tuesday: 4 Zero-Days & 89 flaws

Microsoft’s latest Patch Tuesday update fixes 89 security vulnerabilities. Four of these are zero-day vulnerabilities, with two currently being exploited. This patch release highlights the need for timely updates to guard against cyber threats.

Zero-Day Vulnerabilities Patched:

CVE-2025-1268
Patch urgently! Canon Fixes Critical Printer Driver Flaw

Canon has announced a critical security vulnerability, CVE-2025-1268, in printer drivers for its production printers, multifunction printers, and laser printers....
Read More
CVE-2025-1268  Patch urgently! Canon Fixes Critical Printer Driver Flaw

Within Minute, RamiGPT To Escalate Privilege Gaining Root Access

RamiGPT is an AI security tool that targets root accounts. Using PwnTools and OpwnAI, it quickly navigated privilege escalation scenarios...
Read More
Within Minute, RamiGPT To Escalate Privilege Gaining Root Access

Australian fintech database exposed in 27000 records

Cybersecurity researcher Jeremiah Fowler recently revealed a sensitive data exposure involving the Australian fintech company Vroom by YouX, previously known...
Read More
Australian fintech database exposed in 27000 records

Over 200 Million Info Leaked Online Allegedly Belonging to X

Safety Detectives' Cybersecurity Team found a forum post where a threat actor shared a .CSV file with over 200 million...
Read More
Over 200 Million Info Leaked Online Allegedly Belonging to X

FBI investigating cyberattack at Oracle, Bloomberg News reports

The Federal Bureau of Investigation (FBI) is probing the cyberattack at Oracle (ORCL.N), opens new tab that has led to...
Read More
FBI investigating cyberattack at Oracle, Bloomberg News reports

OpenAI Offering $100K Bounties for Critical Vulns

OpenAI has increased its maximum bug bounty payout to $100,000, up from $20,000, to encourage the discovery of critical vulnerabilities...
Read More
OpenAI Offering $100K Bounties for Critical Vulns

Splunk Alert User RCE and Data Leak Vulns

Splunk has released a security advisory about critical vulnerabilities in Splunk Enterprise and Splunk Cloud Platform. These issues could lead...
Read More
Splunk Alert User RCE and Data Leak Vulns

CIRT alert Situational Awareness for Eid Holidays

As the Eid holidays near, cybercriminals may try to take advantage of weakened security during this time. The CTI unit...
Read More
CIRT alert Situational Awareness for Eid Holidays

Cyberattack on Malaysian airports: PM rejected $10 million ransom

Operations at Kuala Lumpur International Airport (KLIA) were unaffected by a cyber attack in which hackers demanded US$10 million (S$13.4...
Read More
Cyberattack on Malaysian airports: PM rejected $10 million ransom

Micropatches released for Windows zero-day leaking NTLM hashes

Unofficial patches are available for a new Windows zero-day vulnerability that allows remote attackers to steal NTLM credentials by deceiving...
Read More
Micropatches released for Windows zero-day leaking NTLM hashes

The four zero-day vulnerabilities patched in this update include two that attackers have actively exploited:

CVE-2024-43451 – NTLM Hash Disclosure Spoofing Vulnerability:

This vulnerability lets remote attackers access NTLMv2 hashes with minimal user interaction, like clicking on a malicious file. They can use these hashes to impersonate the user and gain unauthorized access to sensitive systems. It has been actively exploited and poses a serious risk to all supported Windows versions.

CVE-2024-49039 – Windows Task Scheduler Elevation of Privilege Vulnerability:

This flaw lets attackers gain higher privileges by exploiting a vulnerability in the Windows Task Scheduler, allowing them to run restricted RPC functions and possibly execute unauthorized code or access resources. Similar to CVE-2024-43451, this vulnerability is actively being exploited.

Additionally, two other zero-day vulnerabilities were publicly disclosed but not yet actively exploited:

Attend a Free Webinar on How to Maximize Cybersecurity Program ROI

CVE-2024-49040 : Microsoft Exchange Server Spoofing Vulnerability:

This vulnerability lets attackers fake email addresses in Microsoft Exchange Server, tricking recipients into engaging with harmful content.

CVE-2024-49019 – Active Directory Certificate Services Elevation of Privilege Vulnerability

Attackers can exploit a flaw in Active Directory Certificate Services due to weak authentication methods, allowing them to gain domain administrator privileges.
Vulnerabilities Overview.

The 89 vulnerabilities addressed in this update span a wide range of categories:

52 Remote Code Execution (RCE) vulnerabilities: These flaws let attackers run their own code on affected systems from a distance.

26 Elevation of Privilege (EoP) vulnerabilities: These allow attackers to gain unauthorized higher-level access.

4 Denial of Service (DoS) vulnerabilities: These can disrupt services by overloading systems.

3 Spoofing vulnerabilities

2 Security Feature Bypass (SFB) vulnerabilities

1 Information Disclosure vulnerability.

Critical Vulnerabilities:

Four vulnerabilities have been rated as critical by Microsoft due to their potential for severe exploitation:

CVE-2024-43639 : Windows Kerberos Remote Code Execution Vulnerability:

This vulnerability lets attackers execute remote code by exploiting weaknesses in the Windows Kerberos protocol. Microsoft rates it as critical but believes exploitation is unlikely due to its complexity.

CVE-2024-43625 – Hyper-V VMSwitch Elevation of Privilege Vulnerability:

An attacker could use this flaw to send specific network packets and gain higher access on a Hyper-V host.

CVE-2024-43498: .NET and Visual Studio Remote Code Execution Vulnerability:

This serious vulnerability lets attackers run harmful code on weak .NET programs by sending specially designed requests.

CVE-2024-43602: Azure CycleCloud Remote Code Execution Vulnerability:

If an attacker with basic user access takes advantage of this issue, they could obtain higher privileges on an Azure CycleCloud cluster.

Organizations and users must apply these patches immediately due to the serious nature of the vulnerabilities, especially the two active zero-days. Delaying updates risks exposing systems to attacks.

Windows users can obtain cumulative updates for Windows 10 and 11 through Windows Update or the Microsoft Update Catalog. Administrators in large environments should prioritize patching systems that are most vulnerable to critical and actively exploited flaws.

Microsoft’s November Patch Tuesday underscores the importance of cybersecurity, as attackers exploit zero-day vulnerabilities. Keeping systems updated is crucial to reduce risks from these security issues.

Check Also

RCE

IngressNightmare
Over 40% of cloud environments are vulnerable to RCE

Kubernetes users of the Ingress NGINX Controller are advised to fix four newly found remote …

Leave a Reply

Your email address will not be published. Required fields are marked *