WINDOWS KERBEROS REMOTE CODE EXECUTION VULNERABILITY - CVE-2024-43639

14 Nov / 2024

Cyber Security

WINDOWS KERBEROS REMOTE CODE EXECUTION VULNERABILITY

CVE-2024-43639

What is vulnerable?

The Kerberos Authentication system in Windows Server 2012, 2016, 2019, 2022, 2025 (Server Core included)

What has happened?

Microsoft have released an update and advisory as part of the November Patching Cycle for the new vulnerability CVE-2024-43639.

This vulnerability has been assigned the CVSS 3 score of 9.8/10. The vulnerability allows an unauthenticated attacker to use a specially crafted application to leverage a cryptographic protocol vulnerability in Windows Kerberos to perform remote code execution against the target. This process does not require any user interaction and there are no workarounds to mitigate this vulnerability.

What you can do:

The remediation for this vulnerability is to apply the November Monthly Rollup Security updates relevant to the version of Windows Server being patched. Microsoft advise that there is no evidence of this being exploited in the wild, but it is expected that this vulnerability will be reverse engineered and weaponised.

Further Information:

Microsoft’s advisory for this specific vulnerability: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43639

Rapid7’s analysis for this patch cycle: https://www.rapid7.com/blog/post/2024/11/12/patch-tuesday-november-2024/

CrowdStrike’s analysis for this patch cycle: https://www.crowdstrike.com/en-us/blog/patch-tuesday-analysis-november-2024/

Cythera is actively monitoring for exposure and exploitation activity for MDR and Vulnerability Management clients.

Resources

You may be interested in

PaperCut Vulnerability - CVE-2023-27350, CVE-2023-27351

PaperCut MF & PaperCut NG VulnerabilitiesCVE: CVE-2023-27350, CVE-2023-27351 WHAT IS VULNERABLE? PaperCut MF or NG version 8.0 or later, on a…

Read More arrow_forward

Unlocking Growth Through Security: Operationalising MDR for Australian Organisations

Australian small and medium-sized enterprises (SMEs) are at a critical juncture regarding cybersecurity. Recent data shows that 60% of Australia…

Read More arrow_forward

Cyber Insurance And Penetration Testing: How Australian Businesses Can Mitigate Cyber Risk

Cyber Insurance And Penetration Testing: How Australian Businesses Can Mitigate Cyber RiskIn the early 2000s, cyber insurance was a relatively n…

Read More arrow_forward