Table of Contents
November 18, 2024
|19m
Breaking Down the Latest October 2024 Patch Tuesday Report
Microsoft has released its October 2024 Patch Tuesday updates, addressing 118 vulnerabilities across Windows, Office, Dynamics, Azure, and other products. This release includes fixes for five zero-day vulnerabilities, with two actively exploited in the wild, along with three critical remote code execution flaws.
Out of the total vulnerabilities patched this month, 3 are rated Critical and 114 are rated Important, with 1 rated Moderate. The most common vulnerability types in this release are:
43 Remote Code Execution vulnerabilities
28 Elevation of Privilege vulnerabilities
26 Denial of Service vulnerabilities
7 Security Feature Bypass vulnerabilities
7 Spoofing vulnerabilities
6 Information Disclosure vulnerabilities
Among the highlights are two actively exploited zero-days: a Windows MSHTML Platform spoofing vulnerability (CVE-2024-43573) and a Microsoft Management Console remote code execution vulnerability (CVE-2024-43572). Additionally, three other zero-days were publicly disclosed but not exploited: a curl remote code execution vulnerability (CVE-2024-6197), a Windows Hyper-V security feature bypass (CVE-2024-20659), and a Winlogon elevation of privilege vulnerability (CVE-2024-43583).
Key products receiving security updates include Windows, Office, Exchange Server, Azure, Dynamics, .NET Framework, Windows Hyper-V, and Microsoft Edge. Administrators should prioritize testing and deploying patches for the actively exploited zero-days and remote code execution flaws.
This month's Patch Tuesday also addresses critical vulnerabilities in Microsoft Configuration Manager (CVE-2024-43468), Visual Studio Code extension for Arduino (CVE-2024-43488), and Remote Desktop Protocol Server (CVE-2024-43582). Each of these flaws could allow remote code execution under specific conditions.
Let's break down what is there in the October patches that Microsoft released on October 8th.
Key Highlights - Patch Tuesday October 2024
In October's Patch Tuesday, Microsoft addressed 118 vulnerabilities, including five zero-day vulnerabilities, with two being actively exploited in the wild. This update included patches across categories like remote code execution, elevation of privilege, denial of service, security feature bypass, information disclosure, and spoofing vulnerabilities.
The key affected products in this update span across Microsoft's ecosystem, including Windows, Office, Exchange Server, Azure, Dynamics 365, .NET Framework, Windows Hyper-V, and Microsoft Edge. Administrators and end users are advised to apply these security updates promptly to protect their systems from these vulnerabilities.
Key Highlights are:
Total Flaws and Zero-Day Vulnerabilities: This update resolves 118 total bugs, with five zero-day vulnerabilities. Two of these zero-days (CVE-2024-43573 and CVE-2024-43572) were actively exploited in the wild.
Critical Flaws: Among the patches, three critical flaws were fixed:
CVE-2024-43468: Microsoft Configuration Manager Remote Code Execution vulnerability (CVSS 9.8)
CVE-2024-43488: Visual Studio Code extension for Arduino Remote Code Execution vulnerability (CVSS 8.8)
CVE-2024-43582: Remote Desktop Protocol Server Remote Code Execution vulnerability (CVSS 8.1)
3. Vulnerability Types: The vulnerabilities addressed include:
43 Remote Code Execution vulnerabilities
28 Elevation of Privilege vulnerabilities
26 Denial of Service vulnerabilities
7 Security Feature Bypass vulnerabilities
7 Spoofing vulnerabilities
6 Information Disclosure vulnerabilities
4. Zero-Day Threats: The five zero-day vulnerabilities include:
Two actively exploited:
* CVE-2024-43573: Windows MSHTML Platform Spoofing vulnerability
* CVE-2024-43572: Microsoft Management Console Remote Code Execution vulnerability
Three publicly disclosed:
* CVE-2024-6197: Open Source Curl Remote Code Execution vulnerability
* CVE-2024-20659: Windows Hyper-V Security Feature Bypass vulnerability
* CVE-2024-43583: Winlogon Elevation of Privilege vulnerability
5. Notable Issues: Other major issues include multiple remote code execution vulnerabilities in Windows Routing and Remote Access Service (RRAS), Remote Desktop Client, and privilege escalation flaws across various Windows components.
Zero-day Vulnerabilities Patched in October 2024
Microsoft addressed five zero-day vulnerabilities in the October 2024 Patch Tuesday release. Two of these vulnerabilities were being actively exploited in the wild prior to the patches being made available. Let's examine each of these critical vulnerabilities:
|
CVE ID
|
Description
|
CVSSv3 Score
|
Severity
|
Exploited
|
Publicly Disclosed
|
|---|---|---|---|---|---|
|
CVE-2024-43573
|
Windows MSHTML Platform Spoofing Vulnerability
|
6.5
|
Moderate
|
Yes
|
Yes
|
|
CVE-2024-43572
|
Microsoft Management Console Remote Code Execution Vulnerability
|
7.8
|
Important
|
Yes
|
Yes
|
|
CVE-2024-6197
|
Open Source Curl Remote Code Execution Vulnerability
|
8.8
|
Important
|
No
|
Yes
|
|
CVE-2024-20659
|
Windows Hyper-V Security Feature Bypass Vulnerability
|
7.1
|
Important
|
No
|
Yes
|
|
CVE-2024-43583
|
Winlogon Elevation of Privilege Vulnerability
|
7.8
|
Important
|
No
|
Yes
|
CVE-2024-43573 - Windows MSHTML Platform Spoofing Vulnerability
This vulnerability in the Windows MSHTML platform was being actively exploited in the wild. While Microsoft has not shared detailed information about the exploitation, they noted that it involves the MSHTML platform, previously used by Internet Explorer and Legacy Microsoft Edge, whose components are still installed in Windows.
"While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported," explained Microsoft.
This is the fourth zero-day vulnerability in the Windows MSHTML Platform that was exploited in the wild in 2024. CISA has added this vulnerability to its Known Exploited Vulnerabilities Catalog and urges users to patch before October 29, 2024.
CVE-2024-43572 - Microsoft Management Console Remote Code Execution Vulnerability
This remote code execution vulnerability in Microsoft Management Console (MMC) was also actively exploited in the wild. The vulnerability allows malicious Microsoft Saved Console (MSC) files to perform remote code execution on vulnerable devices.
Microsoft fixed the flaw by preventing untrusted MSC files from being opened: "The security update will prevent untrusted Microsoft Saved Console (MSC) files from being opened to protect customers against the risks associated with this vulnerability."
CVE-2024-6197 - Open Source Curl Remote Code Execution Vulnerability
This vulnerability affects the curl command line tool bundled with Windows. While the upstream advisory applies to both curl and libcurl, Windows only ships the curl command line tool. Successful exploitation requires a client to connect to a malicious server, which could allow the attacker to gain code execution on the client.
CVE-2024-20659 - Windows Hyper-V Security Feature Bypass Vulnerability
This security feature bypass vulnerability in Windows Hyper-V could allow attackers to compromise the hypervisor and kernel. The vulnerability relates to Virtual Machines within a Unified Extensible Firmware Interface (UEFI) host machine. On specific hardware configurations, it might be possible to bypass the UEFI, leading to compromise of the hypervisor and secure kernel.
Microsoft notes that an attacker needs physical access to the device and must reboot it to exploit the flaw. The vulnerability was publicly disclosed but not observed being exploited in the wild.
CVE-2024-43583 - Winlogon Elevation of Privilege Vulnerability
This elevation of privilege vulnerability in Winlogon could allow attackers to gain SYSTEM privileges. To address this vulnerability, Microsoft recommends ensuring that a Microsoft first-party IME is enabled on the device. This helps protect devices from potential vulnerabilities associated with third-party IMEs during the sign-in process.
Critical Vulnerabilities Patched in October 2024
Microsoft addressed three critical vulnerabilities in the October 2024 Patch Tuesday release. Let's take a closer look at these critical vulnerabilities:
|
CVE ID
|
Description
|
CVSSv3 Score
|
|---|---|---|
|
CVE-2024-43468
|
Microsoft Configuration Manager Remote Code Execution Vulnerability
|
9.8
|
|
CVE-2024-43582
|
Remote Desktop Protocol Server Remote Code Execution Vulnerability
|
8.1
|
|
CVE-2024-43488
|
Visual Studio Code extension for Arduino Remote Code Execution Vulnerability
|
8.8
|
CVE-2024-43468 - Microsoft Configuration Manager Remote Code Execution Vulnerability
CVE-2024-43468 is a critical remote code execution vulnerability in Microsoft Configuration Manager, earning the highest CVSS score of 9.8 in this month's release. An unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to the target environment, which are processed unsafely. Successful exploitation could allow the attacker to:
Execute commands on the server
Access or manipulate the underlying database
Achieve code execution with elevated privileges
Microsoft has advised that administrators must install an in-console update as the primary mitigation path. For those unable to immediately implement updates, Microsoft suggests using an alternate service account for the Management point connection account instead of the default "Computer" account as a temporary workaround.
CVE-2024-43582 - Remote Desktop Protocol Server Remote Code Execution Vulnerability
This critical vulnerability in the Remote Desktop Protocol Server received a CVSS score of 8.1. The vulnerability could allow remote code execution under the following conditions:
An unauthenticated attacker must send malicious packets to a RPC host
Successful exploitation results in remote code execution on the server side with the same permissions as the RPC service
Attack complexity is rated as high since the attacker must win a race condition to access memory improperly
CVE-2024-43488 - Visual Studio Code extension for Arduino Remote Code Execution Vulnerability
The third critical vulnerability affects the Visual Studio Code extension for Arduino, with a CVSS score of 8.8. The vulnerability stems from missing authentication for critical functions in the extension. Key characteristics include:
Allows unauthenticated attackers to perform remote code execution
Could affect development environments using the Arduino extension
No user interaction required for exploitation
Vulnerabilities by Category
In total, 118 vulnerabilities were addressed in October's Patch Tuesday, with remote code execution being the most common vulnerability type patched by Microsoft this month, occurring 43 times. Elevation of privilege bugs also accounted for a significant portion of the flaws fixed with 28 occurrences. The least common vulnerability category was information disclosure, with 6 such flaws patched in October.
Here is the breakdown of the categories patched this month:
Remote Code Execution – 43
Elevation of Privilege - 28
Denial of Service – 26
Security Feature Bypass – 7
Spoofing – 7
Information Disclosure – 6
Here is a table with the vulnerability categories and associated CVE IDs from Microsoft's October 2024 Patch Tuesday:
|
Vulnerability Category
|
CVE IDs
|
|---|---|
|
Remote Code Execution
|
CVE-2024-43468, CVE-2024-43582, CVE-2024-43488, CVE-2024-38212, CVE-2024-38261, CVE-2024-38265, CVE-2024-43453, CVE-2024-43549, CVE-2024-43564, CVE-2024-43589, CVE-2024-43592, CVE-2024-43593, CVE-2024-43607, CVE-2024-43608, CVE-2024-43611, CVE-2024-43533, CVE-2024-43599, CVE-2024-30092, CVE-2024-43574, CVE-2024-43552, CVE-2024-43525, CVE-2024-43526, CVE-2024-43543, CVE-2024-43523, CVE-2024-43524, CVE-2024-43536, CVE-2024-38029, CVE-2024-43581, CVE-2024-43615, CVE-2024-43517, CVE-2024-43519, CVE-2024-38262, CVE-2024-43505, CVE-2024-43576, CVE-2024-43616, CVE-2024-43504, CVE-2024-6197, CVE-2024-43572, CVE-2024-43480, CVE-2024-43497, CVE-2024-38229, CVE-2024-43601
|
|
Elevation of Privilege
|
CVE-2024-43583, CVE-2024-38124, CVE-2024-43502, CVE-2024-43511, CVE-2024-43527, CVE-2024-43570, CVE-2024-37979, CVE-2024-43535, CVE-2024-43522, CVE-2024-43551, CVE-2024-43516, CVE-2024-43528, CVE-2024-43529, CVE-2024-43514, CVE-2024-43563, CVE-2024-43560, CVE-2024-43503, CVE-2024-38179, CVE-2024-38097, CVE-2024-43591, CVE-2024-43590, CVE-2024-43401, CVE-2024-43364, CVE-2024-43604, CVE-2024-43501, CVE-2024-43509, CVE-2024-43556, CVE-2024-43315
|
|
Denial of Service
|
CVE-2024-43521, CVE-2024-43567, CVE-2024-43575, CVE-2024-43537, CVE-2024-43538, CVE-2024-43540, CVE-2024-43542, CVE-2024-43555, CVE-2024-43557, CVE-2024-43558, CVE-2024-43559, CVE-2024-43561, CVE-2024-43562, CVE-2024-43565, CVE-2024-43520, CVE-2024-43545, CVE-2024-43512, CVE-2024-43506, CVE-2024-38149, CVE-2024-43483, CVE-2024-43484, CVE-2024-43485, CVE-2024-43603, CVE-2024-43544, CVE-2024-43541, CVE-2024-43515
|
|
Security Feature Bypass
|
CVE-2024-20659, CVE-2024-43584, CVE-2024-43513, CVE-2024-37976, CVE-2024-37982, CVE-2024-37983, CVE-2024-43585
|
|
Spoofing
|
CVE-2024-43573, CVE-2024-43550, CVE-2024-43571, CVE-2024-43609, CVE-2024-43612, CVE-2024-43481, CVE-2024-43614
|
|
Information Disclosure
|
CVE-2024-43534, CVE-2024-43508, CVE-2024-43546, CVE-2024-43554, CVE-2024-43500, CVE-2024-43547
|
List of Products Patched in October 2024 Patch Tuesday Report
Microsoft's October 2024 Patch Tuesday includes updates for a broad range of its products, applications, and services. Here are the applications and product components that have received patches:
|
Product Name
|
No. of Vulnerabilities Patched
|
|---|---|
|
Windows Routing and Remote Access Service (RRAS)
|
12
|
|
Windows Mobile Broadband
|
15
|
|
Windows Kernel
|
6
|
|
Windows Hyper-V
|
4
|
|
Microsoft Office
|
4
|
|
Azure
|
5
|
|
Remote Desktop Client
|
2
|
|
Microsoft WDAC OLE DB provider for SQL
|
2
|
|
Windows Graphics Component
|
4
|
|
OpenSSH for Windows
|
3
|
|
Power BI
|
2
|
|
Visual Studio Code
|
2
|
|
Microsoft Configuration Manager
|
1
|
|
Windows MSHTML Platform
|
1
|
|
Microsoft Management Console
|
1
|
|
Winlogon
|
1
|
|
Windows Secure Kernel Mode
|
2
|
|
Microsoft Simple Certificate Enrollment Protocol
|
2
|
|
Windows Print Spooler Components
|
1
|
|
Windows Remote Desktop
|
1
|
|
Windows Remote Desktop Services
|
1
|
|
Windows Telephony Server
|
1
|
|
Windows Storage
|
1
|
|
Windows Shell
|
1
|
|
Windows BitLocker
|
1
|
|
Windows Common Log File System Driver
|
1
|
|
Windows Cryptographic Services
|
1
|
|
Windows Network Address Translation (NAT)
|
2
|
|
Windows Storage Port Driver
|
1
|
|
Windows Scripting
|
1
|
|
Sudo for Windows
|
1
|
|
BranchCache
|
2
|
|
Internet Small Computer Systems Interface (iSCSI)
|
1
|
|
Windows Standards-Based Storage Management Service
|
1
|
|
Visual C++ Redistributable Installer
|
1
|
|
Azure CLI
|
1
|
|
Outlook for Android
|
1
|
|
Microsoft Defender for Endpoint
|
1
|
|
Windows cURL Implementation
|
1
|
Complete List of Vulnerabilities Patched in October 2024 Patch Tuesday.
Download the complete list of vulnerabilities by products patched in October 2024 Patch Tuesday here.
Apps vulnerabilities
|
CVE
|
Title
|
Exploited?
|
Publicly disclosed?
|
CVSSv3 base score
|
|---|---|---|---|---|
|
Outlook for Android Elevation of Privilege Vulnerability
|
No
|
No
|
5.7
|
Azure vulnerabilities
|
CVE
|
Title
|
Exploited?
|
Publicly disclosed?
|
CVSSv3 base score
|
|---|---|---|---|---|
|
Azure Stack Hyperconverged Infrastructure (HCI) Elevation of Privilege Vulnerability
|
No
|
No
|
8.8
|
|
|
Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability
|
No
|
No
|
8.7
|
|
|
Azure Monitor Agent Elevation of Privilege Vulnerability
|
No
|
No
|
7.1
|
|
|
Azure Service Fabric for Linux Remote Code Execution Vulnerability
|
No
|
No
|
6.6
|
Browser vulnerabilities
|
CVE
|
Title
|
Exploited?
|
Publicly disclosed?
|
CVSSv3 base score
|
|---|---|---|---|---|
|
Chromium: CVE-2024-9370 Inappropriate implementation in V8
|
No
|
No
|
N/A
|
|
|
Chromium: CVE-2024-9369 Insufficient data validation in Mojo
|
No
|
No
|
N/A
|
|
|
Chromium: CVE-2024-7025 Integer overflow in Layout
|
No
|
No
|
N/A
|
Developer Tools vulnerabilities
|
CVE
|
Title
|
Exploited?
|
Publicly disclosed?
|
CVSSv3 base score
|
|---|---|---|---|---|
|
Visual Studio Code extension for Arduino Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
|
DeepSpeed Remote Code Execution Vulnerability
|
No
|
No
|
8.4
|
|
|
.NET and Visual Studio Remote Code Execution Vulnerability
|
No
|
No
|
8.1
|
|
|
Visual C++ Redistributable Installer Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
|
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
|
No
|
No
|
7.5
|
|
|
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
|
No
|
No
|
7.5
|
|
|
.NET and Visual Studio Denial of Service Vulnerability
|
No
|
No
|
7.5
|
|
|
Visual Studio Code for Linux Remote Code Execution Vulnerability
|
No
|
No
|
7.1
|
|
|
Visual Studio Collector Service Denial of Service Vulnerability
|
No
|
No
|
5.5
|
ESU Windows vulnerabilities
|
CVE
|
Title
|
Exploited?
|
Publicly disclosed?
|
CVSSv3 base score
|
|---|---|---|---|---|
|
Windows Netlogon Elevation of Privilege Vulnerability
|
No
|
No
|
9
|
|
|
Windows Telephony Server Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
|
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
|
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
|
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
|
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
|
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
|
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
|
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
|
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
|
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
|
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
|
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
|
Remote Registry Service Elevation of Privilege Vulnerability
|
No
|
No
|
8.8
|
|
|
Remote Desktop Client Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
|
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
|
Microsoft ActiveX Data Objects Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
|
Winlogon Elevation of Privilege Vulnerability
|
No
|
Yes
|
7.8
|
|
|
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
|
No
|
No
|
7.8
|
|
|
Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
|
Windows Graphics Component Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
|
Windows Graphics Component Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
|
Windows Common Log File System Driver Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
|
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
|
Microsoft Windows Storage Port Driver Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
|
Microsoft Management Console Remote Code Execution Vulnerability
|
Yes
|
Yes
|
7.8
|
|
|
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
|
No
|
No
|
7.5
|
|
|
Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability
|
No
|
No
|
7.5
|
|
|
Windows Hyper-V Denial of Service Vulnerability
|
No
|
No
|
7.5
|
|
|
Windows Hyper-V Denial of Service Vulnerability
|
No
|
No
|
7.5
|
|
|
Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability
|
No
|
No
|
7.5
|
|
|
Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability
|
No
|
No
|
7.5
|
|
|
Internet Small Computer Systems Interface (iSCSI) Denial of Service Vulnerability
|
No
|
No
|
7.5
|
|
|
BranchCache Denial of Service Vulnerability
|
No
|
No
|
7.5
|
|
|
BranchCache Denial of Service Vulnerability
|
No
|
No
|
7.5
|
|
|
Windows Secure Channel Spoofing Vulnerability
|
No
|
No
|
7.4
|
|
|
NT OS Kernel Elevation of Privilege Vulnerability
|
No
|
No
|
7.4
|
|
|
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
|
No
|
No
|
7
|
|
|
Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability
|
No
|
No
|
6.7
|
|
|
Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability
|
No
|
No
|
6.7
|
|
|
Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability
|
No
|
No
|
6.7
|
|
|
Windows Kernel Elevation of Privilege Vulnerability
|
No
|
No
|
6.7
|
|
|
Windows Standards-Based Storage Management Service Denial of Service Vulnerability
|
No
|
No
|
6.5
|
|
|
Windows MSHTML Platform Spoofing Vulnerability
|
Yes
|
Yes
|
6.5
|
|
|
Windows Kerberos Information Disclosure Vulnerability
|
No
|
No
|
6.5
|
|
|
Windows Graphics Component Information Disclosure Vulnerability
|
No
|
No
|
6.5
|
|
|
Windows Kernel Elevation of Privilege Vulnerability
|
No
|
No
|
6.4
|
|
|
BitLocker Security Feature Bypass Vulnerability
|
No
|
No
|
6.4
|
|
|
Windows Kernel Denial of Service Vulnerability
|
No
|
No
|
5
|
|
|
Windows Remote Desktop Services Tampering Vulnerability
|
No
|
No
|
4.8
|
Mariner Windows vulnerabilities
|
CVE
|
Title
|
Exploited?
|
Publicly disclosed?
|
CVSSv3 base score
|
|---|---|---|---|---|
|
Open Source Curl Remote Code Execution Vulnerability
|
No
|
Yes
|
8.8
|
Microsoft Office vulnerabilities
|
CVE
|
Title
|
Exploited?
|
Publicly disclosed?
|
CVSSv3 base score
|
|---|---|---|---|---|
|
Microsoft SharePoint Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
|
Microsoft Office Visio Remote Code Execution Vulnerability
|
No
|
No
|
7.8
|
|
|
Microsoft Office Remote Code Execution Vulnerability
|
No
|
No
|
7.8
|
|
|
Microsoft Office Remote Code Execution Vulnerability
|
No
|
No
|
7.8
|
|
|
Microsoft Excel Remote Code Execution Vulnerability
|
No
|
No
|
7.8
|
|
|
Microsoft Office Spoofing Vulnerability
|
No
|
No
|
6.5
|
SQL Server vulnerabilities
|
CVE
|
Title
|
Exploited?
|
Publicly disclosed?
|
CVSSv3 base score
|
|---|---|---|---|---|
|
Power BI Report Server Spoofing Vulnerability
|
No
|
No
|
6.9
|
|
|
Power BI Report Server Spoofing Vulnerability
|
No
|
No
|
6.5
|
System Center vulnerabilities
|
CVE
|
Title
|
Exploited?
|
Publicly disclosed?
|
CVSSv3 base score
|
|---|---|---|---|---|
|
Microsoft Configuration Manager Remote Code Execution Vulnerability
|
No
|
No
|
9.8
|
|
|
Microsoft Defender for Endpoint for Linux Spoofing Vulnerability
|
No
|
No
|
5.5
|
Windows vulnerabilities
|
CVE
|
Title
|
Exploited?
|
Publicly disclosed?
|
CVSSv3 base score
|
|---|---|---|---|---|
|
Remote Desktop Client Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
|
Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability
|
No
|
No
|
8.3
|
|
|
Remote Desktop Protocol Server Remote Code Execution Vulnerability
|
No
|
No
|
8.1
|
|
|
Windows Hyper-V Remote Code Execution Vulnerability
|
No
|
No
|
8
|
|
|
Windows Storage Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
|
Windows Secure Kernel Mode Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
|
Windows Secure Kernel Mode Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
|
Windows Kernel Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
|
Windows Scripting Engine Security Feature Bypass Vulnerability
|
No
|
No
|
7.7
|
|
|
Windows Network Address Translation (NAT) Denial of Service Vulnerability
|
No
|
No
|
7.5
|
|
|
Windows Network Address Translation (NAT) Denial of Service Vulnerability
|
No
|
No
|
7.5
|
|
|
Windows Kerberos Elevation of Privilege Vulnerability
|
No
|
No
|
7.5
|
|
|
Windows Hyper-V Denial of Service Vulnerability
|
No
|
No
|
7.5
|
|
|
Microsoft OpenSSH for Windows Remote Code Execution Vulnerability
|
No
|
No
|
7.5
|
|
|
Windows Shell Remote Code Execution Vulnerability
|
No
|
No
|
7.3
|
|
|
Windows Print Spooler Elevation of Privilege Vulnerability
|
No
|
No
|
7.3
|
|
|
Windows Kernel Elevation of Privilege Vulnerability
|
No
|
No
|
7.1
|
|
|
Windows Hyper-V Security Feature Bypass Vulnerability
|
No
|
Yes
|
7.1
|
|
|
Microsoft OpenSSH for Windows Remote Code Execution Vulnerability
|
No
|
No
|
7.1
|
|
|
Microsoft OpenSSH for Windows Remote Code Execution Vulnerability
|
No
|
No
|
7.1
|
|
|
Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability
|
No
|
No
|
7
|
|
|
Windows Kernel Elevation of Privilege Vulnerability
|
No
|
No
|
7
|
|
|
Windows Mobile Broadband Driver Remote Code Execution Vulnerability
|
No
|
No
|
6.8
|
|
|
Windows Mobile Broadband Driver Remote Code Execution Vulnerability
|
No
|
No
|
6.8
|
|
|
Windows Mobile Broadband Driver Remote Code Execution Vulnerability
|
No
|
No
|
6.8
|
|
|
Windows Mobile Broadband Driver Remote Code Execution Vulnerability
|
No
|
No
|
6.8
|
|
|
Windows Mobile Broadband Driver Remote Code Execution Vulnerability
|
No
|
No
|
6.8
|
|
|
Windows Mobile Broadband Driver Remote Code Execution Vulnerability
|
No
|
No
|
6.8
|
|
|
Windows Mobile Broadband Driver Denial of Service Vulnerability
|
No
|
No
|
6.5
|
|
|
Windows Mobile Broadband Driver Denial of Service Vulnerability
|
No
|
No
|
6.5
|
|
|
Windows Mobile Broadband Driver Denial of Service Vulnerability
|
No
|
No
|
6.5
|
|
|
Windows Mobile Broadband Driver Denial of Service Vulnerability
|
No
|
No
|
6.5
|
|
|
Windows Mobile Broadband Driver Denial of Service Vulnerability
|
No
|
No
|
6.5
|
|
|
Windows Mobile Broadband Driver Denial of Service Vulnerability
|
No
|
No
|
6.5
|
|
|
Windows Mobile Broadband Driver Denial of Service Vulnerability
|
No
|
No
|
6.5
|
|
|
Windows Mobile Broadband Driver Denial of Service Vulnerability
|
No
|
No
|
6.5
|
|
|
Windows Mobile Broadband Driver Denial of Service Vulnerability
|
No
|
No
|
6.5
|
|
|
Windows Cryptographic Information Disclosure Vulnerability
|
No
|
No
|
5.6
|
|
|
Sudo for Windows Spoofing Vulnerability
|
No
|
No
|
5.6
|
|
|
Windows Resilient File System (ReFS) Information Disclosure Vulnerability
|
No
|
No
|
5.5
|
|
|
Windows Kernel-Mode Driver Information Disclosure Vulnerability
|
No
|
No
|
5.5
|
|
|
Windows Graphics Component Information Disclosure Vulnerability
|
No
|
No
|
5.5
|
|
|
Code Integrity Guard Security Feature Bypass Vulnerability
|
No
|
No
|
5.5
|
Bottom Line
Microsoft's October 2024 Patch Tuesday addressed 118 vulnerabilities, including five zero-day vulnerabilities, with two actively exploited in the wild. This release fixed a variety of vulnerability types, with remote code execution issues being most prevalent at 43 instances, followed by the elevation of privilege vulnerabilities at 28 instances.
Among the critical updates were:
Two actively exploited zero-days:
* Windows MSHTML Platform spoofing vulnerability (CVE-2024-43573)
* Microsoft Management Console remote code execution vulnerability (CVE-2024-43572)
Three other publicly disclosed zero-days affecting Windows Hyper-V, Winlogon, and curl implementation
This month's release highlights Microsoft's continued commitment to addressing security vulnerabilities across its product portfolio. The significant number of remote code execution and elevation of privilege vulnerabilities, along with the presence of actively exploited zero-days, emphasizes the importance of prompt patching and regular system maintenance.
Highlighting the breadth of this update:
3 Critical vulnerabilities
114 Important vulnerabilities
1 Moderate vulnerability
43 Remote Code Execution vulnerabilities
28 Elevation of Privilege vulnerabilities
26 Denial of Service vulnerabilities
Multiple critical components were affected including Configuration Manager, Remote Desktop Protocol Server, and Visual Studio Code Arduino extension
Organizations should prioritize the deployment of these security updates, particularly for systems affected by zero-day vulnerabilities and critical remote code execution flaws.
We aim to keep readers informed each month in our Patch Tuesday reports. Please follow our website thesecmaster.com or subscribe to our social media pages on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium & Instagram to receive similar updates.
You may also like these articles:
Arun KL
Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.
- November 18, 2024
- November 18, 2024
Learn Something New with Free Email subscription
Learn Something New with Free Email subscription
Subscribe
Subscribe
Subscribe
Subscribe
- November 18, 2024
- November 18, 2024
