N-able

Soluciones para MSP y equipos de TI

Head Nerds
Administración de parches
Seguridad

PODCAST | Beyond the Horizon : Windows 11 24H2 Installs Issue, Exploited Outlook Remote Code Execution Vulnerability, and more

By Lewis Pope

Head Nerd

marzo 6th, 2025 5 mins

In this month’s security update, N‑able Head Nerd Lewis Pope covers a major Windows 11 installation bug, a newly exploited Outlook vulnerability, law enforcement crackdowns on cybercriminals, and the latest patching priorities.

NOTE: The Cybersecurity News Review is taken from Lewis’s Monthly Security Office Hours. Office Hours are open to everyone including non-N‑able customers, just click the link to register: www.n-able.com/events/office-hours-security

If you would like find out more about this this or any of the other N‑able Head Nerd Office Hours click this link: www.n-able.com/events

Disclaimer: This podcast provides educational information about issues that may be relevant to information technology service providers. Nothing in the podcast should be construed as any recommendation or endorsement by N‑able, or as legal or any other advice. The views expressed by guests are their own and their appearance on the podcast does not imply an endorsement of them or any entity they represent. Views and opinions expressed by N‑able employees are those of the employees and do not necessarily reflect the view of N‑able or its officers and directors. The podcast may also contain forward-looking statements regarding future product plans, functionality, or development efforts that should not be interpreted as a commitment from N‑able related to any deliverables or timeframe. All content is based on information available at the time of recording, and N‑able has no obligation to update any forward-looking statements.

Here’s what’s included in this episode in detail…

  1. Windows 11 24H2 Installation Issue
    • Affected systems: Windows 11 24H2 installations from media created in Oct/Nov.
    • Issue: Prevents systems from receiving updates.
    • Fix: No in-place solution—Microsoft advises reinstalling the OS.
    • Action: Review deployments and confirm affected systems are addressed.
  1. Outlook Remote Code Execution Vulnerability (CVE-2024-21413)
    • Initial fix: Released February 13, 2024.
    • Exploitation: Confirmed active in 2025 despite being marked «unlikely» a year ago.
    • Risk: Attackers can bypass Outlook security, capture NTLM hashes, and masquerade as legitimate users.
    • Urgency: Federal entities now mandated to patch ASAP.
  1. Cybercrime and Law Enforcement Crackdowns
    • Recent takedowns of cybercrime forums and groups, including:
      • Alphabay, World Market, Lockbit affiliates.
      • Over 1,000 cybercriminal arrests in Africa last month.
    • Key takeaway: While arrests happen, new groups emerge with updated tactics.
  1. LOLRMM List – Monitoring Remote Access Tools
    • A compiled list of remote monitoring tools (legitimate but often exploited by attackers).
    • How to use:
      • Check for unauthorized installations.
      • Add detections to EDR/XDR systems.
      • Improve client security posture & reduce risk of insider threats.
  1. Zyxel Vulnerability (CVE-2025-0890) – No Fix Available
    • Issue: Default insecure credentials in Telnet service.
    • Impact: Full command-line access for attackers.
    • Resolution: No patch—affected devices must be replaced.
    • Lesson: Hardware end-of-life planning is crucial before vulnerabilities arise.
  1. ESXi Ransomware & SSH Tunneling Threats
    • Attackers targeting VMware ESXi servers due to lack of monitoring.
    • New tactic: SSH tunneling for persistence, allowing repeated access.
    • Mitigation:
      • Implement server monitoring and threat hunting.
      • Update incident response playbooks to detect SSH tunnels.
  1. Zero Trust Architecture – Updated NIST Guidelines (1835)
    • NIST 1835: Best practices for Zero Trust security models.
    • Recommendation: Review and implement relevant aspects to strengthen cybersecurity posture.
  1. Microsoft Patch Tuesday – February 2025
    • 55 vulnerabilities addressed (down from 160 last month).
    • Key concerns:
      • 4 zero-days, 3 under active exploitation.
      • NTLM hash attack vulnerabilities still prevalent.
      • 1200 product impact mappings highlight patching complexity.
  1. Certificate-Based Authentication Change (KB 5014754)
    • Stronger key binding enforcement is rolling out.
    • Potential issue: Older setups may break if not properly configured.
    • Check for warning signs: DC logs Event IDs 39, 40, 41.
  1. Patch Management is More Than Just Updates
    • Challenge: Some clients assume «auto-updates» are enough.
    • Reality: Microsoft often delays fixes, requiring additional security layers.
    • Action: Educate clients on patching AND proactive security measures.

© N‑able Solutions ULC y N‑able Technologies Ltd. Todos los derechos reservados.

Este documento solo se proporciona con fines informativos. No debe utilizarse para obtener orientación legal. N‑able no ofrece ninguna garantía, implícita o explícita, ni asume ninguna responsabilidad legal o jurídica por la exactitud, integridad o utilidad de cualquier información contenida en este documento.

N-ABLE, N-CENTRAL y otras marcas comerciales y logotipos de N‑able son propiedad exclusiva de N‑able Solutions ULC y N‑able Technologies Ltd., y pueden ser marcas sujetas al derecho anglosajón, estar registradas o pendientes de registro en la Oficina de Patentes y Marcas de Estados Unidos o en otros países. El resto de marcas comerciales mencionadas en este documento solo se utilizan con fines de identificación y son marcas comerciales (o marcas comerciales registradas) de sus respectivas empresas.