Microsoft releases October 2024 Patch, fixes 118 flaws including 5 zero day and 3 critical

Microsoft has released its October 2024 Patch Tuesday security updates, addressing 118 vulnerabilities, including five zero-day flaws, of which two are actively being exploited.

Summary of Vulnerability Types

• Remote Code Execution (RCE): 43 vulnerabilities, including critical ones affecting the Microsoft Configuration Manager, Remote Desktop Protocol, and Visual Studio Code.
• Elevation of Privilege (EoP): 28 vulnerabilities, with key issues in Winlogon and Azure CLI.
• Denial of Service (DoS): 26 vulnerabilities, primarily targeting Windows services and drivers.
• Spoofing: 7 vulnerabilities, including the actively exploited MSHTML spoofing flaw.
• Information Disclosure: 6 vulnerabilities, typically leaking unspecified memory contents.
• Security Feature Bypass (SFB): 7 vulnerabilities, such as the Hyper-V UEFI bypass.

Actively Exploited Zero-Day Vulnerabilities

• CVE-2024-43572 (CVSS score 7.8) - Microsoft Management Console Remote Code Execution Vulnerability - This flaw allows remote code execution through malicious Microsoft Saved Console (MSC) files. The vulnerability affects multiple versions of Windows, including Windows Server 2008 through 2022 and Windows 10 and 11.

• CVE-2024-43573 (CVSS score 6.5) - Windows MSHTML Platform Spoofing Vulnerability - This vulnerability involves the MSHTML platform, which is used in Internet Explorer mode in Microsoft Edge. Although rated as moderate in severity, it is being actively exploited. It allows attackers to spoof content, potentially leading to further exploits through social engineering tactics. Affected systems include various versions of Windows and Windows Server.

Publicly Disclosed Zero-Day Vulnerabilities (Not Actively Exploited)

• CVE-2024-6197 (CVSS score 7.5 to 8.8) - Open Source Curl Remote Code Execution Vulnerability - This flaw impacts the libcurl library, allowing commands to be executed if a client connects to a malicious server offering a specially crafted TLS certificate. Microsoft has mitigated the issue by updating the libcurl library bundled with Windows.

• CVE-2024-43583 (CVSS score 7.8) - Winlogon Elevation of Privilege Vulnerability - This vulnerability could allow attackers to gain SYSTEM privileges on affected Windows systems. Microsoft advises enabling a Microsoft first-party Input Method Editor (IME) to mitigate potential exploitation during the login process.

• CVE-2024-20659 (CVSS score 7.1) - Windows Hyper-V Security Feature Bypass Vulnerability - This vulnerability could allow an attacker to bypass the Unified Extensible Firmware Interface (UEFI) protections on certain hardware, compromising the hypervisor and the secure kernel. Physical access to the target device and a system reboot are required for successful exploitation.

Critical Vulnerabilities in October 2024 Patch Tuesday

• CVE-2024-43468 (CVSS score 9.8) - Microsoft Configuration Manager Remote Code Execution Vulnerability. This critical flaw allows an unauthenticated attacker to execute arbitrary code on vulnerable servers via specially crafted requests. Microsoft has addressed this issue through a patch and requires users to install an in-console update for full protection.

• CVE-2024-43488 (CVSS score 8.8) - Visual Studio Code Extension for Arduino Remote Code Execution Vulnerability - This issue involves a flaw in the deprecated Arduino extension for Visual Studio Code, which could allow remote code execution. Microsoft has already mitigated the vulnerability, requiring no further action from users.

• CVE-2024-43582 (CVSS score 8.1) - Remote Desktop Protocol Server Remote Code Execution Vulnerability - Exploitable through the sending of malformed packets to a Remote Procedure Call (RPC) host, this vulnerability allows attackers to execute code with elevated privileges. While it requires an attacker to win a race condition, it poses a serious risk for internal network compromise.

Microsoft urges users to prioritize updates for actively exploited vulnerabilities and critical RCE flaws. Organizations should test patches in staging environments before deploying them widely to ensure compatibility and to maintain security posture.

Full list of patched flaws