2024. nov. 12.
Biztonsági szemle
Microsoft November 2024 Patch Tuesday, (Tue, Nov 12th)
This month, Microsoft is addressing a total of 83 vulnerabilities. Among these, 3 are classified as critical, 2 have been exploited in the wild, and another 2 have been disclosed prior to Patch Tuesday. Organizations are encouraged to prioritize these updates to mitigate potential risks and enhance their security posture.
 
 Notable Vulnerabilities:
 
 NTLM Hash Disclosure Spoofing Vulnerability ( CVE-2024-43451)
 This vulnerability, identified as CVE-2024-43451, has been exploited and disclosed, carrying an Important severity rating with a CVSS score of 6.5. It allows an attacker to disclose a user's NTLMv2 hash, enabling them to authenticate as that user, which could lead to a total loss of confidentiality. Exploitation requires minimal user interaction, such as selecting or inspecting a malicious file. The vulnerability affects all supported versions of Microsoft Windows, and while Internet Explorer has been retired on certain platforms, updates addressing this vulnerability are included in the IE Cumulative Updates to ensure continued protection.
Tovább