November 2024 [Cybersecurity Experts Discuss NTLM Spoofs, RCE Attacks, and Privilege Escalations]

The NTLM hash disclosure spoofing vulnerability is already exploited in the wild. A user only needs to open a crafted file from a phishing email for an attacker to authenticate as them, so patch it first.

Beyond patching the NTLM spoofing flaw, the team recommends monitoring for hash-based attacks in your SIEM and reinforcing phishing awareness training as layered defense.

CVE-2024-5533 is a Microsoft Defender for Endpoint remote code execution flaw that lets an attacker abuse the tool meant to protect the endpoint, triggered by a clicked malicious link.

CVE-2024-49039 is a Windows Task Scheduler elevation of privilege flaw. An attacker who runs a crafted application could call privileged RPC functions, potentially to create users, change rights, or modify services and the registry.

The team flags that Windows 10 support was extended by a year, leaving Microsoft maintaining two divergent codebases and raising questions about uneven fixes across Windows 10 and 11.