On October 10, 2024, Microsoft released its latest Patch Tuesday updates, tackling a total of 118 vulnerabilities. Among these, five zero-day vulnerabilities have been publicly disclosed, with two confirmed as actively exploited in the wild.
Key Insights from This Month’s Updates
This Patch Tuesday includes fixes for three critical vulnerabilities, all of which pertain to remote code execution (RCE). The breakdown of vulnerabilities by category is as follows:
• 28 Elevation of Privilege Vulnerabilities
• 7 Security Feature Bypass Vulnerabilities
• 43 Remote Code Execution Vulnerabilities
• 6 Information Disclosure Vulnerabilities
• 26 vulnerabilities Denial of Service Vulnerabilities
• 7 Spoofing Vulnerabilities
It is important to note that this total does not include three Edge vulnerabilities that were addressed on October 3.
Understanding Zero-Day Vulnerabilities
This month's updates address five zero-day vulnerabilities, all of which have been publicly disclosed. A zero-day vulnerability is defined as one that is either publicly known or actively exploited before a fix is available.
The two actively exploited vulnerabilities included in this release are:
CVE-2024-43573: Windows MSHTML Platform Spoofing Vulnerability
• Although Microsoft has not released extensive details on how this vulnerability is exploited, it involves the MSHTML platform, previously associated with Internet Explorer and Legacy Microsoft Edge. Despite the retirement of the Internet Explorer 11 application on select platforms, the underlying components of MSHTML remain in use across various applications.
• Microsoft noted, "While the Internet Explorer 11 application has been retired and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms continue to be supported."
• This vulnerability may be a continuation of previous issues that exploited MSHTML to spoof file extensions in alerts. A similar flaw was disclosed last month, utilising Braille characters in filenames to misrepresent file types.
CVE-2024-43572: Microsoft Management Console Remote Code Execution Vulnerability
• This vulnerability allows malicious Microsoft Saved Console (MSC) files to execute remote code on vulnerable systems. Microsoft has addressed this by preventing untrusted MSC files from being opened, thereby protecting users against potential risks.
• Details on how this flaw was exploited remain unclear, but it was disclosed by researchers "Andres and Shady."
Other Vulnerabilities Addressed
In addition to the actively exploited zero-days, the following vulnerabilities were publicly disclosed but not known to be actively exploited:
CVE-2024-6197: Open Source Curl Remote Code Execution Vulnerability
This flaw could lead to command execution when Curl connects to a malicious server. Microsoft addressed this by updating the libcurl library bundled with Windows.
CVE-2024-20659: Windows Hyper-V Security Feature Bypass Vulnerability
This vulnerability could allow attackers to bypass UEFI protections, potentially compromising the hypervisor and kernel. Physical access to the device and a reboot are necessary for exploitation.
CVE-2024-43583: Winlogon Elevation of Privilege Vulnerability
This vulnerability could allow attackers to gain SYSTEM privileges on Windows devices. Microsoft recommends that administrators enable a Microsoft first-party Input Method Editor (IME) to help mitigate the risks associated with third-party IMEs during the sign-in process.
Recent Security Updates from Other Vendors
In addition to Microsoft, several other vendors have also released security updates in October 2024:
• Cisco: Security updates for products, including Cisco Meraki MX and Z Series Teleworker Gateway.
• DrayTek: Security updates for 14 vulnerabilities across various router models.
• Fortinet: Fixed four vulnerabilities in firmware, with none reported as actively exploited.
• Ivanti: Released updates for three zero-days involved in active attacks.
• Optigo Networks: Addressed two vulnerabilities in ONS-S8 Aggregation Switch products.
• Qualcomm: Released patches for a zero-day vulnerability affecting the Digital Signal Processor (DSP) service.
• SAP: Issued security updates for multiple products as part of October Patch Day.
For a detailed description of each vulnerability and affected systems, access the full report here