On Patch Tuesday, Windows systems will be updated with a flood of security fixes. In November, Windows patched four zero-day vulnerabilities, two of which were exploited.

Patch Tuesdays are a good time for administration teams to remind employees of the importance of keeping operating systems and applications up to date. In the meantime, software companies like Microsoft and Adobe will have detected problems and closed backdoors.

Moreover, as XDA pointed out, sharp-eyed Windows users have a useful new option this month: remap the Copilot key. This allows you to use the AI ​​button to launch the app of your choice.

Microsoft fixes two actively exploited vulnerabilities

Microsoft has fixed two vulnerabilities already exploited by attackers: CVE-2024-49039 and CVE-2024-43451.

An attacker running a custom application exploited a bug in Windows Task Scheduler, CVE-2024-49039, to elevate their privileges to a medium integrity level. From there, they could run RPC functions to call processes from a remote computer.

SEE: The November update of the Microsoft PowerToys The quality of life suite included bug fixes, a new look for the utility menu, and much more.

With CVE-2024-43451, an attacker can trick a user into interacting with a malicious file, then discover that user’s NTLMv2 hash and spoof their credentials.

“To stay fully protected, we recommend that customers who install security updates only install IE Cumulative Updates for this vulnerability,” Microsoft recommended.

Other notable vulnerabilities target Windows domains and permissions

Ben McCarthy, principal cybersecurity engineer at Immersive Labs, highlighted CVE-2024-43639 as “one of the most threatening CVEs in this patch release.”

CVE-2024-43639 allows attackers to execute code in a Windows domain. It comes from Kerberos, an authentication protocol.

“Windows domains are used in the majority of enterprise networks,” McCarthy told TechRepublic in an email, “and by taking advantage of a vulnerability in the cryptographic protocol, an attacker can perform privileged acts on a remote machine within the network, potentially giving them possible access to the domain controller, which is the goal of many attackers when attacking a domain.

An elevation of privilege vulnerability, CVE-2024-49019, originated in certain certificates created using the certificate model version 1 in a public key infrastructure environment. Microsoft said administrators should look for certificates where the subject name source is set to “Provided in request” and enrollment permissions are granted to a broader set of accounts, such as domain users or domain computers.

“This is usually a misconfiguration and certificates created from templates such as the web server template could be affected,” McCarthy said. “However, the web server template is not vulnerable by default due to its restricted registration permissions.”

Along with installing patch updates, Microsoft said one mitigation for this vulnerability is to avoid applying overly broad enrollment permissions to certificates.

Microsoft has not detected any attackers using this vulnerability. However, “because it is tied to Windows domains and is widely used in businesses, it is very important to patch this vulnerability and look for misconfigurations that might be left behind,” McCarthy said. .

Microsoft fixes four critical vulnerabilities

This month, four vulnerabilities were listed as critical:

• CVE-2024-43498A Type Confusion flaw in .NET and Visual Studio applications that could allow remote code execution.
• CVE-2024-49056An elevation of privilege vulnerability on airlift.microsoft.com.
• CVE-2024-43625A privileged execution vulnerability in the Hyper-V host runtime environment.
• CVE-2024-43639 is detailed above.

A complete list of Windows security updates for November 12 is available at Microsoft Support.