The October 2024 Patch Tuesday update from Microsoft addresses five zero-day vulnerabilities, including two that were actively exploited in attacks.
CVE-2024-43573 allows attackers to spoof file extensions, potentially leading to malicious code execution.
CVE-2024-43572 allowed malicious MSC files to perform remote code execution on vulnerable devices.
CVE-2024-6197 is an Open Source Curl Remote Code Execution Vulnerability that could be triggered by a malicious server offering an especially crafted TLS certificate.
CVE-2024-20659 is a Windows Hyper-V Security Feature Bypass Vulnerability that could allow attackers to compromise the hypervisor and kernel.
Two of the vulnerabilities were actively exploited in attacks, highlighting the importance of keeping systems up-to-date with the latest security patches.
This month's Patch Tuesday update from Microsoft addresses five zero-day vulnerabilities, two of which were actively exploited in attacks. The security updates cover a range of systems and applications, including Windows, Edge, and various services.
The first vulnerability to be addressed is CVE-2024-43573 - Windows MSHTML Platform Spoofing Vulnerability. This flaw allows attackers to spoof file extensions in alerts displayed when opening files, potentially leading to malicious code execution. Microsoft has not shared any detailed information about this bug or how it's exploited, but stated that the underlying MSHTML platform is still supported, despite the retirement of Internet Explorer 11 and the deprecation of the Microsoft Edge Legacy application.
The second vulnerability addressed in the update is CVE-2024-43572 - Microsoft Management Console Remote Code Execution Vulnerability. This flaw allowed malicious Microsoft Saved Console (MSC) files to perform remote code execution on vulnerable devices, potentially leading to malicious activity. Microsoft fixed the flaw by preventing untrusted MSC files from being opened.
The third vulnerability disclosed but not actively exploited is CVE-2024-6197 - Open Source Curl Remote Code Execution Vulnerability. This flaw was discovered by a security researcher named "z2_," who shared technical details in a HackerOne report. The vulnerable code path can be triggered by a malicious server offering an especially crafted TLS certificate.
The fourth vulnerability addressed in the update is CVE-2024-20659 - Windows Hyper-V Security Feature Bypass Vulnerability. This UEFI bypass could allow attackers to compromise the hypervisor and kernel, potentially leading to significant security issues. Microsoft fixed this flaw by preventing untrusted UEFI firmware from executing malicious code.
The fifth vulnerability disclosed but not actively exploited is CVE-2024-43589 - Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability.
In total, the October 2024 Patch Tuesday update includes security fixes for 118 flaws, including five publicly disclosed zero-days. Two of these vulnerabilities were actively exploited in attacks, highlighting the importance of keeping systems up-to-date with the latest security patches. Microsoft has classified a zero-day flaw as one that is publicly disclosed or actively exploited while no official fix is available.
The update includes a range of fixes for various Windows services and applications, including Edge, Internet Explorer mode, Microsoft Management Console, libcurl, UEFI firmware, and various routing and remote access services. By addressing these vulnerabilities, Microsoft aims to protect users from potential security risks associated with these systems and applications.
The Patch Tuesday updates are available now for download on the Microsoft website, and it is recommended that all users apply the latest security patches as soon as possible to ensure their systems are protected against known threats.
Summary:
In this month's October 2024 Patch Tuesday update, Microsoft addresses five zero-day vulnerabilities, two of which were actively exploited in attacks. The updates cover a range of systems and applications, including Windows, Edge, and various services. These security fixes aim to protect users from potential security risks associated with these systems and applications. It is essential for all users to apply the latest security patches as soon as possible to ensure their systems are protected against known threats.
