Patch Now: Critical Windows Kerberos Bug Bypasses Microsoft Security

Microsoft eased enterprise security teams into 2024 with a relatively light January security update consisting of patches for 48 unique CVEs, just two of which the company identified as being of critical severity.
For the second straight month, Microsoft's Patch Tuesday did not include any zero-day bugs, meaning administrators won't have to contend with any new vulnerabilities that attackers are actively exploiting at the moment - something that happened frequently in 2023.
Just Two Critical Severity Bugs As is typically the case, the CVEs that Microsoft disclosed Jan. 9 affected a wide range of its products and included privilege escalation vulnerabilities, remote code execution flaws, security bypass bugs, and other vulnerabilities.
The company classified 46 of the flaws as being of Important severity, including several that attackers were more likely than not to exploit.
One of two critical severity bugs in Microsoft's latest update is CVE-2024-20674, a Windows Kerberos security feature bypass vulnerability that allows attackers to bypass authentication mechanisms and launch impersonation attacks.
The vulnerability requires the attacker to have access to the same local network as the target.
Ken Breen, senior director of threat research at Immersive Labs, identified CVE-2024-20674 as a bug that organizations would do well to patch quickly.
The other critical vulnerability in Microsoft's latest batch of security updates is CVE-2024-20700, a remote code execution vulnerability in Windows Hyper-Virtualization technology.
The vulnerability is not especially easy to exploit because to do so, an attacker would already first need to be inside the network and adjacent to a vulnerable computer, according to a statement from Ben McCarthy, lead cybersecurity engineer at Immersive Labs.
The vulnerability also involves a race condition - a type of issue that's harder for an attacker to exploit than many other vulnerability types.
High-Priority Remote Code Execution Bugs Security researchers pointed to two other RCE bugs in the January update that merit priority attention: CVE-2024-21307 in Windows Remote Desktop Client and CVE-2024-21318 in SharePoint Server.
Microsoft identified CVE-2024-21307 as a vulnerability that attackers are more likely to exploit but has provided little information on why, according to Breen.
The company has noted that unauthorized attackers need to wait for a user to initiate a connection to be able to exploit the vulnerability.
A Few More Exploitable Privilege Escalation Bugs Microsoft's January update included patches for several privilege escalation vulnerabilities.
Among the most severe of them is for CVE-2023-21310, a privilege escalation bug in Windows Cloud Files Mini Filter Driver.
The flaw is very similar to CVE-2023-36036, a zero-day privilege escalation vulnerability in the same technology, which Microsoft disclosed in its November 2023 security update.
Attackers actively exploited that flaw to try and gain system level privileges on local machines - something they can do with the newly disclosed vulnerability as well.
Some of the other important privilege escalation bugs included CVE-2024-20653 in the Windows Common Log File System, CVE-2024-20698 in Windows Kernel, CVE-2024-20683 in Win32k, and CVE-2024-20686 in Win32k.
Microsoft has rated all of these flaws as issues attackers are more likely to exploit, according to a statement from Satnam Narang, senior staff research engineer at Tenable.
The flaw enables an attacker to perform a machine-in-the-middle attack, intercepting and potentially altering TLS traffic between a client and server, he notes.


This Cyber News was published on www.darkreading.com. Publication date: Tue, 09 Jan 2024 23:00:34 +0000


Cyber News related to Patch Now: Critical Windows Kerberos Bug Bypasses Microsoft Security

What Is Kerberos Authentication?: Implementing Effective Security Protocols - Kerberos is a vital security protocol that any serious computer user must be familiar with. It is an open standard that provides a secure way of verifying the identity of user across multiple systems. The Kerberos authentication protocol is a ...
1 year ago Heimdalsecurity.com
Microsoft Security Copilot improves speed and efficiency for security and IT teams - First announced in March 2023, Microsoft Security Copilot-Microsoft's first generative AI security product-has sparked major interest. With the rapid innovations of Security Copilot, we have taken this solution beyond security operations use cases ...
10 months ago Microsoft.com
Patch Now: Critical Windows Kerberos Bug Bypasses Microsoft Security - Microsoft eased enterprise security teams into 2024 with a relatively light January security update consisting of patches for 48 unique CVEs, just two of which the company identified as being of critical severity. For the second straight month, ...
9 months ago Darkreading.com
Microsoft Incident Response lessons on preventing cloud identity compromise - Microsoft Incident Response is often engaged in cases where organizations have lost control of their Microsoft Entra ID tenant, due to a combination of misconfiguration, administrative oversight, exclusions to security policies, or insufficient ...
10 months ago Microsoft.com
Windows 10 Extended Security Updates Promised for Small Businesses and Home Users - Already common for enterprises, for the first time, individuals will also get the option to pay for extended security updates for a Windows operating system that's out of support. Windows 10 will stop getting free updates, including security fixes, ...
10 months ago Techrepublic.com
Microsoft Ships Urgent Fixes for Critical Flaws in Windows Kerberos, Hyper-V - Microsoft hit the ground running with the first Patch Tuesday release for 2024, rolling out security fixes for at least 49 security defects in a wide range of Windows OS and software components. The company called special attention to a pair of flaws ...
9 months ago Securityweek.com
CVE-2009-4212 - Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly ...
4 years ago
​​Microsoft named as a Leader in three IDC MarketScapes for Modern Endpoint Security 2024 - With these security concerns top of mind, there is no surprise that in the last five years, the Modern Endpoint Security market has nearly tripled in size to defend against emerging, sophisticated, and persistent threats. Microsoft Defender for ...
7 months ago Techcommunity.microsoft.com
Microsoft extends Windows Server 2012 ESUs to October 2026 - Microsoft provides three more years of Windows Server 2012 Extended Security Updates until October 2026, giving administrators more time to upgrade or migrate to Azure. The company also prolonged the end date for Windows Server 2012 and extended ...
11 months ago Bleepingcomputer.com
Getting a Remote Desktop Freeze? Microsoft Fixes Windows 11 Issue - Microsoft has released a patch to fix the Remote Desktop freeze bug in Windows 11. This bug caused computers to freeze after some users tried to connect using the Remote Desktop protocol. Microsoft's technical support team has been working on the ...
1 year ago Bleepingcomputer.com
How Patch Management Software Solves the Update Problem - I've never met an IT leader who doesn't know how important patch management is. At Heimdal, we believe patch management software provides the solution to this problem. Patch management software is a technology that allows businesses to automate the ...
4 months ago Heimdalsecurity.com
Windows 10 KB5032278 update adds Copilot AI assistant, fixes 13 bugs - Microsoft has started rolling out its Copilot AI assistant to Windows 10 with the KB5032278 November 2023 non-security preview update for systems running Windows 10, version 22H2. Two weeks ago, the company introduced Copilot to Windows 10 Insiders ...
11 months ago Bleepingcomputer.com
Generative AI Takes on SIEM - With more vendors adding support for generative AI to their platforms and products, life for security analysts seems to be getting deceptively easier. While adding generative AI capabilities to security information and event management is still in ...
11 months ago Darkreading.com
Why you might not be done with your January Microsoft security patches - The January patching window for your firm has probably come and gone. Has it? While January included a huge release of patches, several releases in other months have provided more than one headache for the patch management community. These are the ...
1 year ago Csoonline.com
Cybersecurity jobs available right now: October 2, 2024 - Help Net Security - As an Applied Cybersecurity Engineer (Center for Securing the Homeland), you will apply interdisciplinary competencies in secure systems architecture and design, security operations, threat actor behavior, risk assessment, and network security to ...
1 month ago Helpnetsecurity.com
How to conduct security patch validation and verification - Validation and verification are important steps in the security patch management lifecycle. They help to determine the impact of a patch on the security and efficiency of an organization's IT assets. Patch validation is the process of examining newly ...
6 months ago Techtarget.com
Microsoft security bypass bug said to be under exploit The Register - Patch Tuesday Microsoft fixed 149 security flaws in its own products this week, and while Redmond acknowledged one of those vulnerabilities is being actively exploited, we've been told another hole is under attack, too. The bug the IT giant said was ...
6 months ago Go.theregister.com
Vulnerability Summary for the Week of March 11, 2024 - Published 2024-03-15 CVSS Score not yet calculated Source & Patch Info CVE-2021-47111416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - Product linux - linux Description In the ...
7 months ago Cisa.gov
Five business use cases for evaluating Azure Virtual WAN security solutions - To help organizations who are evaluating security solutions to protect their Virtual WAN deployments, this article considers five business use cases and explains how Check Point enhances and complements Azure security with its best-of-breed, ...
5 months ago Blog.checkpoint.com
Microsoft is a Leader in the 2024 Gartner® Magic Quadrant™ for Security Information and Event Management​​ - We are pleased to announce that Microsoft has been recognized as a Leader in the Gartner® Magic Quadrant™ for Security Information and Event Management. 1 We believe our position in the Leaders quadrant validates our vision and continued ...
5 months ago Microsoft.com
Attackers Exploit Microsoft Security-Bypass Zero-Day Bugs - Microsoft's scheduled Patch Tuesday security update for February includes fixes for two zero-day security vulnerabilities under active attack, plus 71 other flaws across a wide range of its products. In all, five of the vulnerabilities for which ...
8 months ago Darkreading.com
Microsoft No Longer Selling Windows 10 Licenses Redirects to Windows 11 Product Pages - Marking an end to an era, Microsoft is no longer directly selling Windows 10 product keys on their website, instead redirecting users to Windows 11 product pages. This month, Microsoft began displaying an alert on their Windows 10 Home and Pro ...
1 year ago Bleepingcomputer.com
Key software patch testing best practices - To ensure a predictable rollout when a patch is deployed across your network, it is important to test it first in a nonproduction environment. Companies install software and firmware patches to fix bugs, remove vulnerabilities and add new features, ...
6 months ago Techtarget.com
Microsoft to let Windows 10 home users buy Extended Security Updates - Microsoft says that all Windows 10 customers will be able to pay for three extra years of security updates through the company's Extended Security Updates program after the end of support date. After Windows 10 reaches the end of support on October ...
10 months ago Bleepingcomputer.com
Microsoft to let Windows 10 home users buy Extended Security Updates - Microsoft says that all Windows 10 customers will be able to pay for three extra years of security updates through the company's Extended Security Updates program after the end of support date. After Windows 10 reaches the end of support on October ...
10 months ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)