Microsoft’s October 2024 Patch Tuesday addresses a total of 118 vulnerabilities, including five zero-days, two of which have been actively exploited. Three critical vulnerabilities were patched this month, all of which are remote code execution (RCE) flaws.
The breakdown of vulnerabilities patched includes:
- 28 Elevation of Privilege (EoP) vulnerabilities
- 43 Remote Code Execution (RCE) vulnerabilities
- 6 Information Disclosure vulnerabilities
- 26 Denial of Service (DoS) vulnerabilities
- 7 Security Feature Bypass vulnerabilities
- 7 Spoofing vulnerabilities
This count excludes three Edge-related vulnerabilities, which were patched earlier on October 3rd. To learn more about non-security updates, you can review the latest Windows 11 KB5044284 and KB5044285 cumulative updates, along with the Windows 10 KB5044273 update.
Zero-Day Vulnerabilities
This month’s Patch Tuesday fixes five zero-days, two of which were actively exploited and all five were publicly disclosed.
CVE-2024-43573 | Windows MSHTML Platform Spoofing Vulnerability
This vulnerability affects the MSHTML platform, previously used by Internet Explorer and Legacy Microsoft Edge, components of which are still present in Windows. Although Microsoft has not released specific exploitation details, it is suspected to involve spoofing file extensions in alerts when opening files. This vulnerability may be related to a similar spoofing flaw from the previous month, involving the use of Braille characters to spoof PDF files. It was rated as actively exploited due to its targeting of legacy Windows components used by the Internet Explorer mode in Microsoft Edge.
CVE-2024-43572 | Microsoft Management Console Remote Code Execution (RCE) Vulnerability
This flaw allowed malicious Microsoft Saved Console (MSC) files to execute remote code on vulnerable devices. The vulnerability was resolved by preventing untrusted MSC files from being opened. Though exploitation details have not been disclosed, this zero-day was actively exploited. Discovered by security researchers Andres and Shady, the flaw presents a significant risk to systems utilizing MSC files.
CVE-2024-6197 | Open Source Curl Remote Code Execution (RCE) Vulnerability
A vulnerability in libcurl could lead to remote code execution when connecting to a malicious server offering a specially crafted TLS certificate. The flaw was resolved by updating the libcurl library bundled with Windows. This vulnerability was discovered by z2_ and was publicly disclosed through a HackerOne report. Though not exploited in attacks, it poses a serious threat to systems that use the Curl executable for secure connections.
CVE-2024-20659 | Windows Hyper-V Security Feature Bypass Vulnerability
This vulnerability impacts Virtual Machines within a Unified Extensible Firmware Interface (UEFI) host machine. On specific hardware, attackers may be able to bypass UEFI protections, potentially leading to the compromise of the hypervisor and secure kernel. Physical access and a system reboot are required to exploit this flaw. Discovered by Francisco Falcón and Iván Arce of Quarkslab, this issue has not been observed in attacks but was publicly disclosed.
CVE-2024-43583 | Winlogon Elevation of Privilege (EoP) Vulnerability
This flaw in Winlogon could allow attackers to gain SYSTEM-level privileges. Microsoft advises administrators to enable a Microsoft first-party Input Method Editor (IME) to mitigate the risk of exploitation involving third-party IMEs. While this zero-day has been publicly disclosed, no exploitation in the wild has been reported.
Other Critical Vulnerabilities
CVE-2024-43574 | Microsoft Office Remote Code Execution (RCE) Vulnerability
This vulnerability affects Microsoft Office and allows remote attackers to execute code by tricking users into opening specially crafted files. Exploitation could allow an attacker to gain control over the system if the user opens a malicious document. The flaw is rated critical due to the ease with which it can be exploited via common phishing methods.
CVE-2024-43575 | Windows TCP/IP Stack Denial of Service (DoS) Vulnerability
This vulnerability impacts the Windows TCP/IP stack, allowing remote attackers to trigger a denial of service by sending specially crafted packets. While this vulnerability does not lead to code execution, it can cause system crashes, making it a disruptive and potentially costly issue for enterprises.
Adobe and Other Vendor Updates
In addition to Microsoft’s patches, Adobe has released updates addressing vulnerabilities across several products, including:
- Adobe Acrobat and Reader: Addressing 4 vulnerabilities, two of which are critical RCE flaws that can be triggered by malicious PDFs.
- Adobe Photoshop: Fixes include memory corruption issues that could lead to RCE, affecting multiple versions of the software.
Best Practices for Users
It is highly recommended that users and administrators apply these patches immediately, given the critical nature of the vulnerabilities, particularly the two actively exploited zero-days.
How Can Netizen Help?
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.
Questions or concerns? Feel free to reach out to us any time –
https://www.netizen.net/contact
