PODCAST | Beyond the Horizon : Windows 11 24H2 Installs Issue, Exploited Outlook Remote Code Execution Vulnerability, and more
 
                  
                  In this month’s security update, N‑able Head Nerd Lewis Pope covers a major Windows 11 installation bug, a newly exploited Outlook vulnerability, law enforcement crackdowns on cybercriminals, and the latest patching priorities.
NOTE: The Cybersecurity News Review is taken from Lewis’s Monthly Security Office Hours. Office Hours are open to everyone including non-N‑able customers, just click the link to register: www.n-able.com/events/office-hours-security
If you would like find out more about this this or any of the other N‑able Head Nerd Office Hours click this link: www.n-able.com/events
Disclaimer: This podcast provides educational information about issues that may be relevant to information technology service providers. Nothing in the podcast should be construed as any recommendation or endorsement by N‑able, or as legal or any other advice. The views expressed by guests are their own and their appearance on the podcast does not imply an endorsement of them or any entity they represent. Views and opinions expressed by N‑able employees are those of the employees and do not necessarily reflect the view of N‑able or its officers and directors. The podcast may also contain forward-looking statements regarding future product plans, functionality, or development efforts that should not be interpreted as a commitment from N‑able related to any deliverables or timeframe. All content is based on information available at the time of recording, and N‑able has no obligation to update any forward-looking statements.
Here’s what’s included in this episode in detail…
- Windows 11 24H2 Installation Issue
- 
- Affected systems: Windows 11 24H2 installations from media created in Oct/Nov.
- Issue: Prevents systems from receiving updates.
- Fix: No in-place solution—Microsoft advises reinstalling the OS.
- Action: Review deployments and confirm affected systems are addressed.
 
- Outlook Remote Code Execution Vulnerability (CVE-2024-21413)
- 
- Initial fix: Released February 13, 2024.
- Exploitation: Confirmed active in 2025 despite being marked „unlikely“ a year ago.
- Risk: Attackers can bypass Outlook security, capture NTLM hashes, and masquerade as legitimate users.
- Urgency: Federal entities now mandated to patch ASAP.
 
- Cybercrime and Law Enforcement Crackdowns
- 
- Recent takedowns of cybercrime forums and groups, including:
- Alphabay, World Market, Lockbit affiliates.
- Over 1,000 cybercriminal arrests in Africa last month.
 
- Key takeaway: While arrests happen, new groups emerge with updated tactics.
 
- Recent takedowns of cybercrime forums and groups, including:
- LOLRMM List – Monitoring Remote Access Tools
- 
- A compiled list of remote monitoring tools (legitimate but often exploited by attackers).
- How to use:
- Check for unauthorized installations.
- Add detections to EDR/XDR systems.
- Improve client security posture & reduce risk of insider threats.
 
 
- Zyxel Vulnerability (CVE-2025-0890) – No Fix Available
- 
- Issue: Default insecure credentials in Telnet service.
- Impact: Full command-line access for attackers.
- Resolution: No patch—affected devices must be replaced.
- Lesson: Hardware end-of-life planning is crucial before vulnerabilities arise.
 
- ESXi Ransomware & SSH Tunneling Threats
- 
- Attackers targeting VMware ESXi servers due to lack of monitoring.
- New tactic: SSH tunneling for persistence, allowing repeated access.
- Mitigation:
- Implement server monitoring and threat hunting.
- Update incident response playbooks to detect SSH tunnels.
 
 
- Zero Trust Architecture – Updated NIST Guidelines (1835)
- 
- NIST 1835: Best practices for Zero Trust security models.
- Recommendation: Review and implement relevant aspects to strengthen cybersecurity posture.
 
- Microsoft Patch Tuesday – February 2025
- 
- 55 vulnerabilities addressed (down from 160 last month).
- Key concerns:
- 4 zero-days, 3 under active exploitation.
- NTLM hash attack vulnerabilities still prevalent.
- 1200 product impact mappings highlight patching complexity.
 
 
- Certificate-Based Authentication Change (KB 5014754)
- 
- Stronger key binding enforcement is rolling out.
- Potential issue: Older setups may break if not properly configured.
- Check for warning signs: DC logs Event IDs 39, 40, 41.
 
- Patch Management is More Than Just Updates
- 
- Challenge: Some clients assume „auto-updates“ are enough.
- Reality: Microsoft often delays fixes, requiring additional security layers.
- Action: Educate clients on patching AND proactive security measures.
 
© N‑able Solutions ULC und N‑able Technologies Ltd. Alle Rechte vorbehalten.
Dieses Dokument dient nur zu Informationszwecken und stellt keine Rechtsberatung dar. N‑able übernimmt weder ausdrücklich noch stillschweigend Gewähr noch Haftung oder Verantwortung für Korrektheit, Vollständigkeit oder Nutzen der in diesem Dokument enthaltenen Informationen.
N-ABLE, N-CENTRAL und andere Marken und Logos von N‑able sind ausschließlich Eigentum von N‑able Solutions ULC und N‑able Technologies Ltd. Sie sind gesetzlich geschützte Marken und möglicherweise beim Patent- und Markenamt der USA und in anderen Ländern registriert oder zur Registrierung angemeldet. Alle anderen hier genannten Marken dienen ausschließlich zu Informationszwecken und sind Marken (oder registrierte Marken) der entsprechenden Unternehmen.
