Active exploitation of 2 Microsoft zero-day vulnerabilities CVE-2024-49039 and CVE-2024-43451

Streamscan observes active exploits of 2 Microsoft zero-day vulnerabilities currently.

These are:

• CVE-2024-49039 (score of 8.8/10): is a vulnerability in the Windows Task Scheduler which is  exploited to elevate privileges on targeted systems.

• CVE-2024-43451 (score 7.8/10): is a vulnerability that allows attackers to elevate privileges on targeted Windows and Windows Server machines by disclosing the user's NTLMv2 hash, which contains authentication information.

Urgent action required

Microsoft has created patches for these vulnerabilities. Here are the links to download them:

• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43451
• https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49039

More generally, we recommend that you apply the November 2024 Microsoft patches. They include patches for these 2 vulnerabilities as well as several other Microsoft vulnerabilities: https://msrc.microsoft.com/update-guide/releaseNote/2024-Nov

What Streamscan does to protect you

If you are a Streamscan partner :

• We have set up a crisis unit to monitor the evolution of this critical vulnerability. We will apply the appropriate response measures.

• Our DRG/MDR security monitoring team remains vigilant in monitoring your network.