Microsoft released its monthly security update, Patch Tuesday, addressing 89 vulnerabilities, including four critical zero-day flaws.

What is a Zero-Day Flaw?
A zero-day flaw is a newly discovered security hole that hackers can exploit before a fix is available. This makes it particularly dangerous. Out of the four zero-day vulnerabilities fixed this month, two were actively being exploited by hackers to attack systems.

Why Should You Care?
These vulnerabilities could allow hackers to:

  • Take control of your computer.
  • Steal sensitive data, like passwords or personal information.
  • Lock your files and demand payment to release them (ransomware).

How to Protect Yourself

  • Update your devices and software immediately, especially if you use Windows or Microsoft Exchange.
  • Be cautious with unknown files or emails, as they might be part of a hacker’s trick to exploit these flaws.

Highlights of November 2024 Patch Tuesday
Here’s what Microsoft’s update addressed:

  • 26 vulnerabilities where hackers could gain higher control over devices (e.g., admin privileges).
  • 52 vulnerabilities that could allow attackers to remotely take over systems.
  • 4 flaws that could cause systems to stop working.
  • Plus, issues involving spoofing, security bypasses, and data leaks.

Breakdown of the Four Zero-Day Vulnerabilities

1. NTLM Hash Disclosure (CVE-2024-43451)

  • Type: Spoofing vulnerability.
  • Description: Hackers can trick your device into revealing password hashes (special encrypted codes) with minimal interaction, such as clicking or inspecting a malicious file.
  • Status: Actively exploited in attacks.

2. Windows Task Scheduler Privilege Escalation (CVE-2024-49039)

  • Type: Elevation of privilege vulnerability.
  • Description: Hackers can run malicious programs to gain higher access rights, allowing them to perform actions that should be restricted.
  • Status: Actively exploited in attacks.

3. Microsoft Exchange Spoofing (CVE-2024-49040)

  • Type: Spoofing vulnerability.
  • Description: Attackers can fake email sender addresses to make malicious messages appear trustworthy.
  • Status: Publicly disclosed but not actively exploited.

4. Active Directory Certificate Services Privilege Escalation (CVE-2024-49019)

  • Type: Elevation of privilege vulnerability.
  • Description: Hackers can abuse certain certificate templates to gain high-level administrator privileges.
  • Status: Publicly disclosed but not actively exploited.