Zum Inhalt der Seite gehen
Microsoft fixes 91 Vulnerabilities & 4 Zero-Days.

Microsoft’s November Patch Update fixes 91 Windows security vulnerabilities, including 4 zero-days. The critical fixes address actively exploited flaws in Windows. It is strongly recommended that users apply these updates as soon as possible to mitigate possible security risks. Updates can be installed via Windows Update.

https://msrc.microsoft.com/update-guide/

#microsoft #windows #update #it #security #privacy #engineer #media #tech #news
It is worth noting that, four vulnerabilities are rated as critical, including two remote code executions and two elevations of privilege flaws. The two actively exploited zero-day vulnerabilities are: • CVE-2024-43451: An NTLM Hash Disclosure Spoofing Vulnerability that exposes NTLMv2 hashes to remote attackers with minimal user interaction, such as selecting or right-clicking a malicious file. • CVE-2024-49039: A Windows Task Scheduler Elevation of Privilege Vulnerability allowing attackers to execute RPC functions typically restricted to privileged accounts, potentially leading to unauthorized code execution or resource access. Additionally, two publicly disclosed but not actively exploited vulnerabilities were addressed: • CVE-2024-49040: A Microsoft Exchange Server Spoofing Vulnerability enabling threat actors to spoof sender email addresses to local recipients. • CVE-2024-49041: A Windows MSHTML Platform Spoofing Vulnerability that could be leveraged to deceive users into interacting with malicious content. The 91 vulnerabilities fixed in this update are categorized as follows: • 3 Spoofing vulnerabilities • 4 Denial of Service vulnerabilities • 1 Information Disclosure vulnerability • 26 Elevation of Privilege vulnerabilities • 2 Security Feature Bypass vulnerabilities • 52 Remote Code Execution vulnerabilities.
#news #windows #privacy #tech #media #security #microsoft #it #engineer #update