The tech giant has recently rolled out updates that effectively patch at least 89 vulnerabilities in its operational processes and various software applications. November’s security patch batch tackles a pressing issue, addressing not one, but three critical flaws: two zero-day exploits already being leveraged by nefarious actors and two previously disclosed vulnerabilities.
The zero-day vulnerability, tracked as ZZZ, is a critical bug within Windows’ that enables attackers to elevate their privileges on a compromised Home windows machine, allowing for potentially devastating consequences if left unmitigated. Microsoft credits Google with reporting the flaw.
A previously unknown vulnerability in the Windows operating system’s authentication mechanism has been rapidly exploited in the wild, with the second such bug discovered this month. The newly identified issue, a spoofing flaw, allows attackers to manipulate and potentially disclose sensitive information, including those used for authentication purposes in Home windows environments.
At, a senior employee and analysis engineer notes that the peril associated with stolen NTLM hashes lies in their ability to facilitate “pass-the-hash” attacks, where an unauthorized party can impersonate a legitimate user without authenticating or knowing their password – all while exploiting this compromising information. Narang highlights that CVE-2024-43451 marks the third NTLM zero-day vulnerability disclosed so far in 2024, a concerning trend for security practitioners.
As attackers persist in their quest to uncover and exploit zero-day vulnerabilities capable of revealing NTLMv2 hashes, they can leverage these compromised credentials to authenticate to systems and potentially pivot laterally within an organization, ultimately gaining access to additional systems.
Two publicly disclosed vulnerabilities patched by Microsoft this month include an elevation of privilege flaw in Active Directory Certificate Services (AD CS), as well as a spoofing vulnerability in the Windows Network List Manager.
As a lead cybersecurity engineer at Microsoft, renowned for meticulous attention to detail, I pinpointed a critical distant code execution vulnerability within Windows’ authentication protocol, extensively leveraged across home networks.
McCarthy noted that this particular vulnerability might well represent one of the most significant threats to emerge from this batch of patches. “Enterprise networks rely heavily on Windows domains. By exploiting a cryptographic protocol flaw, an attacker can gain remote control over a device, potentially leading to full access to the domain controller – a coveted goal for many cybercriminals seeking to compromise an entire network.”
McCarthy highlighted a previously unknown vulnerability in both Google’s Chrome and Mozilla’s Firefox browsers, noting that it could potentially be exploited to inject malicious code. This highly critical bug boasts a CVSS severity score of an unprecedented 9.8, with 10 being the most devastating vulnerability possible.
Notably, at least 29 recent updates addressed memory-related security vulnerabilities, each with an average menace level of 8.8. One bug alone could potentially enable the injection of malware when an authenticated user connects to a compromised or malicious SQL database server, providing access for an attacker to introduce harmful code.
For in-depth details on the latest patches from Microsoft, refer to the following: For IT directors overseeing large-scale Windows environments, it is crucial to stay vigilant regarding potential issues arising from specific Microsoft updates that may be affecting numerous users.
When applying these updates, should you encounter any difficulties, please consider posting a note in the comments section; it is likely that someone else reading this article has experienced the same issue and may have found a solution.
