Security News > 2024 > November > Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039)

Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039)
2024-11-12 20:49

November 2024 Patch Tuesday is here, and Microsoft has dropped fixes for 89 new security issues in its various products, two of which – CVE-2024-43451 and CVE-2024-49039 – are actively exploited by attackers. The exploited vulnerabilities (CVE-2024-43451, CVE-2024-49039) CVE-2024-43451 is yet another vulnerability that allows attackers to elevate their privileges on targeted Windows and Windows Server machines by disclosing the user’s NTLMv2 hash, which contains their authentication credentials. The hash can then be used by … More → The post Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039) appeared first on Help Net Security.


News URL

https://www.helpnetsecurity.com/2024/11/12/cve-2024-43451-cve-2024-49039/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-11-12 CVE-2024-49039 Unspecified vulnerability in Microsoft products
Windows Task Scheduler Elevation of Privilege Vulnerability
local
low complexity
microsoft
8.8
2024-11-12 CVE-2024-43451 Unspecified vulnerability in Microsoft products
NTLM Hash Disclosure Spoofing Vulnerability
network
low complexity
microsoft
6.5

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 365 50 1369 2819 161 4399