Hello and welcome to the Wednesday, November 13th, 2024 edition of the Sansonet Storms on a Stormcast.

My name is Johannes Ulrich and today I'm recording from Jacksonville, Florida.

Well, it's Microsoft Patch Tuesday. We got patches for 83 vulnerabilities.

Three of them are classified as critical to have been exploited already and

two have also been disclosed prior to this Tuesday. So let's highlight some of the

vulnerabilities that Renato, who wrote up our diary day, found notable. First of all, yet

another NTLM hash disclosure, spoofing

vulnerability. This one is exploited via Outlook. It's yet another one of these MSHtml

vulnerability. So that's an explorer component that still hangs around in modern versions

of Windows. What's also interesting here is the victim

does not have to actually open the attachment. It's sufficient to select it, so just single-click

it or to inspect it by right-clicking it. That'll already trigger the vulnerability here.

You also got a purge escalation vulnerability in Windows Task Schedular.

Haven't seen them in a while, but the Task Scheduleer, of course, runs code from various users.

And there's always a little risk here of some loss of control over what user the code is actually running at.

We also got yet another one.

I think we had a big one like last year,

a per-wich escalation vulnerability for the Active Directory Certificate Services.

So these were the disclosed or already exploited vulnerabilities.

Among the critical vulnerabilities, we then have Windows Kerberos remote code execution

vulnerability.

That sounds quite interesting.

...