Thursday , June 5 2025
windows

Microsoft November Patch Tuesday: 4 Zero-Days & 89 flaws

Microsoft’s latest Patch Tuesday update fixes 89 security vulnerabilities. Four of these are zero-day vulnerabilities, with two currently being exploited. This patch release highlights the need for timely updates to guard against cyber threats.

Zero-Day Vulnerabilities Patched:

CVSS 9.6: IBM QRadar & Cloud Pak Security Flaws Exposed

IBM has issued a security advisory for vulnerabilities in its QRadar Suite Software and Cloud Pak for Security platforms. These...
Read More
CVSS 9.6: IBM QRadar & Cloud Pak Security Flaws Exposed

ALERT
Thousands of IP addresses compromised nationwide: CIRT warn

As Bangladesh prepares for the extended Eid-ul-Adha holidays, the BGD e-GOV Computer Incident Response Team (CIRT) has issued an urgent...
Read More
ALERT  Thousands of IP addresses compromised nationwide: CIRT warn

New Android Malware ‘Crocodilus’ Targets Banks in 8 Countries

In March 2025, the Threatfabric mobile Threat Intelligence team identified Crocodilus, a new Android banking Trojan designed for device takeover....
Read More
New Android Malware ‘Crocodilus’ Targets Banks in 8 Countries

Qualcomm Patches 3 Zero-Days Used in Targeted Android Attacks

Qualcomm has issued security patches for three zero-day vulnerabilities in the Adreno GPU driver, affecting many chipsets that are being...
Read More
Qualcomm Patches 3 Zero-Days Used in Targeted Android Attacks

Critical RCE Flaw Patched in Roundcube Webmail

Roundcube Webmail has fixed a critical security flaw that could enable remote code execution after authentication. Disclosed by security researcher...
Read More
Critical RCE Flaw Patched in Roundcube Webmail

Hacker claim Leak of Deloitte Source Code & GitHub Credentials

A hacker known as "303" claim to breach the company's systems and leaked sensitive internal data on a dark web...
Read More
Hacker claim Leak of Deloitte Source Code & GitHub Credentials

CISA Issued Guidance for SIEM and SOAR Implementation

CISA and ACSC issued new guidance this week on how to procure, implement, and maintain SIEM and SOAR platforms. SIEM...
Read More
CISA Issued Guidance for SIEM and SOAR Implementation

Linux flaws enable password hash theft via core dumps in Ubuntu, RHEL, Fedora

The Qualys Threat Research Unit (TRU) found two local information-disclosure vulnerabilities in Apport and systemd-coredump. Both issues are race-condition vulnerabilities....
Read More
Linux flaws enable password hash theft via core dumps in Ubuntu, RHEL, Fedora

Australia enacts mandatory ransomware payment reporting

New ransomware payment reporting rules take effect in Australia yesterday (May 30) for all organisations with an annual turnover of...
Read More
Australia enacts mandatory ransomware payment reporting

Why Govt Demands Foreign CCTV Firms to Submit Source Code?

Global makers of surveillance gear have clashed with Indian regulators in recent weeks over contentious new security rules that require...
Read More
Why Govt Demands Foreign CCTV Firms to Submit Source Code?

The four zero-day vulnerabilities patched in this update include two that attackers have actively exploited:

CVE-2024-43451 – NTLM Hash Disclosure Spoofing Vulnerability:

This vulnerability lets remote attackers access NTLMv2 hashes with minimal user interaction, like clicking on a malicious file. They can use these hashes to impersonate the user and gain unauthorized access to sensitive systems. It has been actively exploited and poses a serious risk to all supported Windows versions.

CVE-2024-49039 – Windows Task Scheduler Elevation of Privilege Vulnerability:

This flaw lets attackers gain higher privileges by exploiting a vulnerability in the Windows Task Scheduler, allowing them to run restricted RPC functions and possibly execute unauthorized code or access resources. Similar to CVE-2024-43451, this vulnerability is actively being exploited.

Additionally, two other zero-day vulnerabilities were publicly disclosed but not yet actively exploited:

Attend a Free Webinar on How to Maximize Cybersecurity Program ROI

CVE-2024-49040 : Microsoft Exchange Server Spoofing Vulnerability:

This vulnerability lets attackers fake email addresses in Microsoft Exchange Server, tricking recipients into engaging with harmful content.

CVE-2024-49019 – Active Directory Certificate Services Elevation of Privilege Vulnerability

Attackers can exploit a flaw in Active Directory Certificate Services due to weak authentication methods, allowing them to gain domain administrator privileges.
Vulnerabilities Overview.

The 89 vulnerabilities addressed in this update span a wide range of categories:

52 Remote Code Execution (RCE) vulnerabilities: These flaws let attackers run their own code on affected systems from a distance.

26 Elevation of Privilege (EoP) vulnerabilities: These allow attackers to gain unauthorized higher-level access.

4 Denial of Service (DoS) vulnerabilities: These can disrupt services by overloading systems.

3 Spoofing vulnerabilities

2 Security Feature Bypass (SFB) vulnerabilities

1 Information Disclosure vulnerability.

Critical Vulnerabilities:

Four vulnerabilities have been rated as critical by Microsoft due to their potential for severe exploitation:

CVE-2024-43639 : Windows Kerberos Remote Code Execution Vulnerability:

This vulnerability lets attackers execute remote code by exploiting weaknesses in the Windows Kerberos protocol. Microsoft rates it as critical but believes exploitation is unlikely due to its complexity.

CVE-2024-43625 – Hyper-V VMSwitch Elevation of Privilege Vulnerability:

An attacker could use this flaw to send specific network packets and gain higher access on a Hyper-V host.

CVE-2024-43498: .NET and Visual Studio Remote Code Execution Vulnerability:

This serious vulnerability lets attackers run harmful code on weak .NET programs by sending specially designed requests.

CVE-2024-43602: Azure CycleCloud Remote Code Execution Vulnerability:

If an attacker with basic user access takes advantage of this issue, they could obtain higher privileges on an Azure CycleCloud cluster.

Organizations and users must apply these patches immediately due to the serious nature of the vulnerabilities, especially the two active zero-days. Delaying updates risks exposing systems to attacks.

Windows users can obtain cumulative updates for Windows 10 and 11 through Windows Update or the Microsoft Update Catalog. Administrators in large environments should prioritize patching systems that are most vulnerable to critical and actively exploited flaws.

Microsoft’s November Patch Tuesday underscores the importance of cybersecurity, as attackers exploit zero-day vulnerabilities. Keeping systems updated is crucial to reduce risks from these security issues.

Check Also

ASUS routers

CVE-2023-39780
Botnet hacks thousands of ASUS routers

GreyNoise has discovered a campaign where attackers have gained unauthorized access to thousands of internet-exposed …

Leave a Reply

Your email address will not be published. Required fields are marked *