Microsoft’s October 2024 Patch Tuesday: A Comprehensive Overview of Security Vulnerabilities
On October 10, 2024, Microsoft released its monthly Patch Tuesday updates, addressing a staggering 117 security vulnerabilities across its suite of products and services. This month’s updates are particularly critical, as they include three vulnerabilities classified as critical and four zero-day vulnerabilities, two of which are currently under active exploitation. In this article, we will delve into the details of these vulnerabilities, their potential impacts, and the necessary steps to secure your systems.
Breakdown of Vulnerabilities
The vulnerabilities patched in the October 2024 Patch Tuesday update are categorized as follows:
- 42 Remote Code Execution (RCE) Vulnerabilities
- 28 Elevation of Privilege (EoP) Vulnerabilities
- 26 Denial of Service (DoS) Vulnerabilities
- 7 Security Feature Bypass Vulnerabilities
- 7 Spoofing Vulnerabilities
- 6 Information Disclosure Vulnerabilities
- 1 Tampering Vulnerability
This extensive list underscores the ongoing challenges organizations face in maintaining secure environments amidst a landscape of evolving cyber threats.
Addressing Zero-Day Vulnerabilities
Among the most pressing issues in this month’s update are four zero-day vulnerabilities, with two actively exploited in the wild. All four vulnerabilities were publicly disclosed prior to the release of patches, highlighting the urgency for organizations to act swiftly.
CVE-2024-43572: RCE in Microsoft Management Console (MMC)
Severity: CVSS 7.8
CVE-2024-43572 is a Remote Code Execution vulnerability in Microsoft Management Console (MMC). Attackers can exploit this flaw by persuading users to open a specially crafted Microsoft Saved Console (MSC) file, leading to arbitrary code execution. Microsoft has addressed this vulnerability by preventing untrusted MSC files from being opened, a crucial step in mitigating the risk of exploitation.
CVE-2024-43573: Spoofing Flaw in MSHTML Platform
Severity: CVSS 6.5
CVE-2024-43573 is a spoofing vulnerability within the Windows MSHTML platform. An unauthenticated attacker could exploit this flaw by tricking users into opening a malicious file. While specific exploitation details remain scarce, the MSHTML platform is critical for Internet Explorer mode in Edge and other applications relying on WebBrowser control. This vulnerability follows a troubling trend of MSHTML platform exploits, previously seen in attacks targeting sensitive information.
CVE-2024-20659: Security Feature Bypass in Hyper-V
Severity: CVSS 7.1
This vulnerability allows attackers to bypass a virtual machine’s UEFI protections, potentially compromising the hypervisor and host system kernel. Although exploitation is deemed less likely due to specific conditions, it remains a significant concern for organizations utilizing Hyper-V.
CVE-2024-43583: Privilege Escalation Flaw in Winlogon
Severity: CVSS 7.8
CVE-2024-43583 is an Elevation of Privilege vulnerability affecting Winlogon, enabling local, authenticated attackers to achieve SYSTEM privileges on Windows systems. Microsoft recommends that administrators ensure a first-party Input Method Editor (IME) is enabled to mitigate risks associated with third-party IMEs during sign-in.
Critical RCE Vulnerabilities
In addition to the zero-days, Microsoft identified three critical vulnerabilities this month, all posing significant risks of Remote Code Execution:
- CVE-2024-43468 (CVSS: 9.8): Affects Microsoft Configuration Manager, allowing unauthenticated attackers to execute commands on the server by sending specially crafted requests.
- CVE-2024-43488 (CVSS: 8.8): Involves a deprecated Visual Studio Code extension for Arduino. Microsoft will not issue a fix and recommends transitioning to the official Arduino IDE.
- CVE-2024-43582 (CVSS: 8.1): Affects Remote Desktop Protocol (RDP) servers, allowing attackers to gain remote code execution by sending malformed packets.
The Importance of Timely Patching
With the frequency of new vulnerabilities being discovered, organizations face an ever-increasing risk of cyberattacks, particularly those involving Remote Code Execution. Zero-day vulnerabilities pose an even greater risk, as exploitation can occur before patches are available. Unpatched vulnerabilities can lead to data breaches, financial losses, and operational disruptions.
To combat these threats, organizations must prioritize timely patching and vulnerability management. SOCRadar offers real-time alerts and insights into the latest threats, enabling organizations to monitor vulnerability disclosures and exploit activity effectively.
Vulnerabilities More Likely to Be Exploited
Several vulnerabilities in this month’s update have been tagged as ‘More Likely’ to be exploited, indicating a heightened risk for organizations. These include:
- CVE-2024-43583 (CVSS: 7.8) – Winlogon
- CVE-2024-43509 (CVSS: 7.8) – Microsoft Graphics Component
- CVE-2024-43556 (CVSS: 7.8) – Microsoft Graphics Component
- CVE-2024-43560 (CVSS: 7.8) – Windows Storage Port Driver
- CVE-2024-43581 (CVSS: 7.1) – OpenSSH for Windows
- CVE-2024-43502 (CVSS: 7.1) – Windows Kernel
- CVE-2024-43615 (CVSS: 7.1) – OpenSSH for Windows
- CVE-2024-43609 (CVSS: 6.5) – Microsoft Office
With no available workarounds for these vulnerabilities, immediate patching is essential to mitigate risks.
Conclusion
The October 2024 Patch Tuesday updates from Microsoft highlight the critical need for organizations to stay vigilant and proactive in their cybersecurity efforts. By understanding the vulnerabilities addressed, particularly the zero-days and critical RCE flaws, organizations can take the necessary steps to secure their systems and protect against potential exploits.
For more details about Microsoft’s October 2024 Patch Tuesday updates, you can view the official Release Note.
In an era where cyber threats are constantly evolving, leveraging tools like SOCRadar’s Vulnerability Intelligence and Attack Surface Management can significantly enhance your organization’s security posture, enabling you to identify, prioritize, and address vulnerabilities before they become a threat.