Microsoft’s October 2024 Patch Tuesday: Zero-Day Exploits and Critical Vulnerabilities Patched
Microsoft’s October 2024 Patch Tuesday delivered a crucial set of security updates, addressing a total of 121 vulnerabilities across its ecosystem. This includes three critical vulnerabilities and 114 labeled as important, spanning a wide range of Microsoft’s services and software.
Zero-Day Vulnerabilities Under Attack
This month’s patch includes fixes for two actively exploited zero-day vulnerabilities that have already been seen in the wild. One of the most concerning of these is CVE-2024-43573, a spoofing vulnerability in the Windows MSHTML platform. MSHTML, though often associated with the now-retired Internet Explorer, still affects legacy systems. Although Microsoft hasn’t shared detailed exploitation specifics, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has already flagged this vulnerability, urging users to patch it before October 29, 2024.
Another zero-day, CVE-2024-43572, is a remote code execution (RCE) vulnerability within Microsoft Management Console (MMC). MMC is a widely used tool for system administrators, making this vulnerability highly dangerous in enterprise environments. Exploitation could allow an attacker to gain unauthorized control over Windows systems, further underscoring the importance of swift patching.
The other three zero-day vulnerabilities that were publicly disclosed but not exploited in attacks are:
- CVE-2024-43583: Winlogon Elevation of Privilege Vulnerability. An attacker could potentially gain SYSTEM-level access to the operating system by exploiting this flaw.
- CVE-2024-6197: Open Source Curl Remote Code Execution Vulnerability. Successful exploitation of the vulnerability requires a client to connect to a malicious server, which could allow the attacker to gain code execution on the client.
- CVE-2024-20659 – Windows Hyper-V Security Feature Bypass Vulnerability. An attacker must first gain access to the restricted network before running an attack. Successful exploitation of the vulnerability may allow an attacker to compromise the hypervisor and kernel.
Key Critical Vulnerabilities
In addition to the zero-days, Microsoft has tackled three critical vulnerabilities that could allow for remote code execution or privilege escalation if left unpatched.
- CVE-2024-43468 (CVSS 9.8): Microsoft Configuration Manager (ConfigMgr) Remote Code Execution Vulnerability. Unauthenticated attackers could exploit this flaw to execute commands on the server or database.
- CVE-2024-43582: A serious flaw in the Remote Desktop Protocol (RDP) server could allow an attacker to send malicious packets, leading to remote code execution on a server with the same permissions as the RPC service.
- CVE-2024-43488: Visual Studio Code’s extension for Arduino had a remote code execution vulnerability that allowed attackers to bypass critical authentication checks. This vulnerability could be leveraged to execute code remotely within the Arduino extension, putting users’ development environments at risk.
Vulnerabilities in Core Windows Components
Several vulnerabilities fixed this month target critical Windows components that are integral to system security:
- CVE-2024-43502: A Windows Kernel elevation of privilege vulnerability, which could allow attackers to gain the highest-level access on a compromised system.
- CVE-2024-43560: Another privilege escalation issue affecting the Windows Storage Port Driver, providing potential SYSTEM-level access.
Highlight on Microsoft Office and OpenSSH Flaws
The October update also addressed notable vulnerabilities in Microsoft Office and OpenSSH for Windows:
- CVE-2024-43609: A spoofing vulnerability in Microsoft Office could be exploited in web-based attacks. Attackers could host a malicious file on a website or trick users into opening the file via email, leading to potentially severe consequences.
- CVE-2024-43581 and CVE-2024-43615: These vulnerabilities within Microsoft’s implementation of OpenSSH for Windows are both critical, allowing remote code execution when exploited. Administrators of Windows servers utilizing OpenSSH should prioritize these patches.
Broader Impact Across the Microsoft Ecosystem
From Windows Print Spooler Components to Visual Studio and Remote Desktop Services, this month’s patch targets vulnerabilities that span nearly every major Microsoft product. This includes spoofing, denial of service, elevation of privilege, and remote code execution flaws. Notably, Microsoft addressed three vulnerabilities in Microsoft Edge (Chromium-based) earlier this month.
CISA’s Urgent Recommendations
CISA has already included both zero-days patched this month, CVE-2024-43573 and CVE-2024-43572, in its Known Exploited Vulnerabilities Catalog, underscoring the importance of immediate patching. CISA has recommended users patch all zero-day and critical vulnerabilities by October 29, 2024, to avoid falling victim to active exploitation.
