Patch Tuesday 2024-11-12
#patches #news
That time again folks. This months Patch Tuesday addressed 89 vulnerabilities, 4 of those were Zero-Day and 4 were Critical. Zero-Day Vulnerabilities CVE-2024-43451: NTLM Hash Disclosure Spoofing Vulnerability. CVE-2024-49039: Windows Task Scheduler Elevation of Privilege Vulnerability. CVE-2024-49040: Microsoft Exchange Server Spoofing Vulnerability. CVE-2024-49019: Active Directory Certificate Services Elevation of Privilege Vulnerability. Critical Vulnerabilities CVE-2024-43498: .NET and Visual Studio Type Confusion Vulnerability. CVE-2024-43625: Windows VMSwitch Use After Free Vulnerability. CVE-2024-43639: Windows Kerberos Remote Code Execution Vulnerability.
Password Best Practices
#opinion
A month or so ago, I was on a call with a security consultant at a well-respected firm that conducted an external pen test for the company I work at. Everything was going along smoothly, no major issues to address. We had some extra time and were just chatting when the subject of password rotation came up. One of my coworkers asked what the best practice for password rotation is. To my amazement, they said to force changes every 30-45 days but definitely no longer than 90 days.
Patch Tuesday 2024-10-08
#patches #news
Another busy patch Tuesday. Microsoft is addressing 118 vulnerabilities, 5 are zero day exploits. The 5 zero days are listed below. CVE-2024-43572: A remote code execution (RCE) vulnerability in the Microsoft Management Console. CVSS: 7.8 | Exploited: Yes | NIST | MSRC CVE-2024-43573: A spoofing vulnerability in the Windows MSHTML platform. CVSS: 6.5 | Exploited: Yes | NIST | MSRC CVE-2024-43468: A pre-authentication RCE vulnerability in Microsoft Configuration Manager. CVSS: 9.
2024. Skip Barker - All rights reserved.