In this week's Tech Brief, Director of Security Intelligence Carlos Perez breaks down Microsoft's crucial November 2024 Patch Tuesday, featuring 89 critical vulnerabilities including four dangerous zero-days. Two of these are actively being exploited in the wild, with one being used by Russian threat actors against Ukraine.

Key Topics Covered:

• Critical NTLM hash disclosure vulnerability (CVE-2443-451)
• Windows Task Scheduler privilege escalation (CVE-2449-039)
• Exchange Server spoofing vulnerability
• TrustedSec's discovery of Active Directory Certificate Services flaw
• NEW Palo Alto zero-day authentication bypass
• Breaking: FortiGate credential exposure vulnerability

https://msrc.microsoft.com/update-guide/releaseNote/2024-Nov

https://security.paloaltonetworks.com/CVE-2024-0012

https://security.paloaltonetworks.com/CVE-2024-9474

https://www.volexity.com/blog/2024/11/15/brazenbamboo-weaponizes-forticlient-vulnerability-to-steal-vpn-credentials-via-deepdata/