- 278/2024
- Critical
Microsoft has released its monthly patch of security updates, known as Patch Tuesday. The mentioned patch addressed five zero-day vulnerabilities.
Microsoft has fixed (118) vulnerabilities, with (2) classified as critical as they could allow the attacker to execute arbitrary code, gain access, which could result in remote code execution, gain access, and gain elevated privileges to the affected products by persuading the victim to open specially crafted content.
October’s Patch Tuesday was released to fix security flaws acrossseveral Microsoft products such as .NET and Visual Studio, Azure CLI, Internet Small Computer Systems Interface (iSCSI), Microsoft ActiveX, Microsoft Configuration Manager, Microsoft Defender for Endpoint, Microsoft Graphics Component, Microsoft Office Visio, Microsoft Simple Certificate Enrollment Protocol, Microsoft WDAC OLE DB provider for SQL, OpenSSH for Windows, Power BI, Remote Desktop Client, Windows Hyper-V, RPC Endpoint Mapper Service, Visual C++ Redistributable Installer, Windows BitLocker, Windows Common Log File System Driver, Windows Kerberos, Windows Kernel, Windows MSHTML Platform, Windows Network Address Translation (NAT), Windows Remote Desktop Services, Windows Routing and Remote Access Service (RRAS), Microsoft Office, Microsoft Office Excel, Microsoft Office Visio, and Microsoft Office SharePoint.
The actively exploited zero-day vulnerabilities in October’s Patch are:
- Windows MSHTML Platform Spoofing Vulnerability “CVE-2024-43573” allows attackers to abuse MSHTML to spoof file extensions when opening files.
- Microsoft Management Console Remote Code Execution Vulnerability “CVE-2024-43572 ” allows the remote attacker to perform remote code execution on vulnerable devices.
- Open Source Curl Remote Code Execution Vulnerability “CVE-2024-6197” allows the remote attacker to perform a denial of service condition or remote code execution.
- Windows Hyper-V Security Feature Bypass Vulnerability “CVE-2024-20659” allows attackers to bypass security restrictions, and compromise the hypervisor and kernel.
- Winlogon Elevation of Privilege Vulnerability “CVE-2024-43583” allows attackers to gain SYSTEM privileges in Windows.
Sample of the addressed vulnerabilities:
1. Microsoft Configuration Manager Remote Code Execution (CVE-2024-43468):
- CVSS: 9.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
2. Windows Netlogon Elevation of Privilege Vulnerability (CVE-2024-38124):
- CVSS: 9
- Attack Vector: Adjacent Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Privileges
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.