Microsoft Patch Tuesday – October 2024

Microsoft Patch Tuesday – October 2024

  1. Home
  2. Microsoft Patch Tuesday – October 2024

Target Industry 

Indiscriminate, opportunistic targeting.  

Overview 

Microsoft October 2024 Patch Tuesday addressed a total of 118 security vulnerabilities, two of which have been classified as actively exploited and five as publicly disclosed zero-days. Of the 118 vulnerabilities, three are rated Critical, 113 are rated Important, and two are rated Medium in severity. A summary of the highlighted vulnerabilities has been outlined below:   

  • 28 Elevation of Privilege vulnerabilities  
  • Seven Security Feature Bypass vulnerabilities  
  • 44 Remote Code Execution vulnerabilities  
  • Six Information Disclosure vulnerabilities  
  • 26 Denial of Service vulnerabilities  
  • Seven Spoofing vulnerabilities.  

Today’s first vulnerability that has been activity exploited is CVE-2024-43572. It is a remote code execution vulnerability in the Microsoft Management Console, rated as important with a CVSS score of 7.8 (High). This vulnerability, which has been publicly disclosed, impacts both desktop and server systems running Windows. The vulnerability resides in the native management tool of the operating system. If an attacker can persuade a user to open a malicious Microsoft Saved Console (MSC) file, they could execute arbitrary code on the victim’s system, potentially leading to full system compromise. 

The second vulnerability that has been activity exploited is CVE-2024-43573. It is a spoofing issue in the Windows MSHTML platform, rated as medium with a CVSS score of 6.5. This vulnerability has been publicly disclosed. Successful exploitation depends on user interaction and could allow an attacker to access sensitive information. Although Microsoft no longer supports Internet Explorer in Windows, its code remains integrated into the operating system for backward compatibility. This leaves systems susceptible to exploits targeting MSHTML. 

A Winlogon Elevation of Privilege Vulnerability (CVE-2024-43583) is rated as medium with a CVSS score of 7.8. It could enable an attacker to obtain SYSTEM privileges by exploiting a third-party (3P) Input Method Editor (IME) during system login. Microsoft has published a KB Article guiding users on how to enable a Microsoft first-party IME to mitigate potential risks associated with 3P IMEs.  

A Windows Hyper-V Security Feature Bypass Vulnerability (CVE-2024-20659) is rated as medium with a CVSS score of 7.1. The vulnerability could potentially allow for a security feature bypass, but it requires several conditions to be met. To exploit this vulnerability, an attacker would need to persuade the victim to reboot their system, ensure the system is running specific hardware that allows for a Unified Extensible Firmware Interface (UEFI) bypass, and be on the same physical or logical network as the victim. 

Finally, there is an Open Source Curl Remote Code Execution Vulnerability (CVE-2024-6197), rated as high with a CVSS score of 8.8. The vulnerability in cURL allows for remote code execution when processing a specially crafted TLS certificate. This issue was introduced in curl version 8.6.0 and has been fixed in version 8.9.0. To exploit this vulnerability, a user must connect to a server presenting a malicious Transport Layer Security (TLS) certificate. 

Impact 

We have assessed that successful exploitation of the vulnerabilities outlined within the October 2024 Microsoft Patch Tuesday disclosure will likely result in the total loss of confidentiality, integrity, and availability of data within target systems.  

Vulnerability Detection  

Security patches for these vulnerabilities have been released by Microsoft. Previous product versions therefore remain vulnerable to potential exploitation. 

Affected Products  

A full list of the affected products pertaining to the September 2024 Patch Tuesday can be found on the Microsoft October 2024 Security Update page.  

Containment, Mitigations & Remediations  

It is strongly recommended that the relevant security patches are applied to the respective Microsoft products as soon as possible. The patches can be found directly at the Microsoft October 2024 Security Update page. 

Indicators of Compromise  

No specific Indicators of Compromise (IoCs) are available currently. 

Threat Landscape  

Last month, Microsoft published remediations for seventy-nine security vulnerabilities within the September 2024 Patch Tuesday release, comprised of four actively exploited and one publicly disclosed zero-day vulnerabilities. Moving into the October disclosure, 118 vulnerabilities were disclosed, two of which have been classified as actively exploited and five as a publicly disclosed zero-days. RCE and privilege escalation vulnerabilities continue to be leading attack vectors. Overall, the October 2024 Patch Tuesday disclosure resulted in the release of a significantly higher number of vulnerabilities, a stark contrast to the low number of vulnerability disclosures in recent months.  

Threat Group  

No attribution to specific threat actors or groups has been identified at the time of writing. 

Mitre Methodologies  

Tactics:  

  • TA0001: Initial Access 
  • TA0004: Privilege Escalation 
  • TA0005: Defence Evasion 

Further Information 

https://msrc.microsoft.com/update-guide/releaseNote/2024-oct 

https://thehackernews.com/2024/10/microsoft-issues-security-update-fixing.html 

Want to know more?

Get in touch to speak to our experts

Ready to talk?

Privacy Preference Center

Privacy Preferences

Skip to content