Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws

In the present day is Microsoft’s October 2024 Patch Tuesday, which incorporates safety updates for 118 flaws, together with 5 publicly disclosed zero-days, two of that are actively exploited.

This Patch Tuesday mounted three important vulnerabilities, all distant code execution flaws.

The variety of bugs in every vulnerability class is listed beneath:

28 Elevation of Privilege vulnerabilities
7 Safety Characteristic Bypass vulnerabilities
43 Distant Code Execution vulnerabilities
6 Info Disclosure vulnerabilities
26 Denial of Service vulnerabilities
7 Spoofing vulnerabilities

This depend doesn’t embody three Edge flaws that had been beforehand mounted on October third.

To be taught extra concerning the non-security updates launched at this time, you may assessment our devoted articles on the brand new Home windows 11 KB5044284 and KB5044285 cumulative updates and the Home windows 10 KB5044273 replace.

4 zero-days disclosed

This month’s Patch Tuesday fixes 5 zero-days, two of which had been actively exploited in assaults, and all 5 had been publicly disclosed.

Microsoft classifies a zero-day flaw as one that’s publicly disclosed or actively exploited whereas no official repair is out there.

The 2 actively exploited zero-day vulnerabilities in at this time’s updates are:

CVE-2024-43573 – Home windows MSHTML Platform Spoofing Vulnerability

Whereas Microsoft has not shared any detailed details about this bug or the way it’s exploited, they did state it concerned the MSHTML platform, beforehand utilized by Web Explorer and Legacy Microsoft Edge, whose parts are nonetheless put in in Home windows.

“While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported,” defined Microsoft.

“The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control. The EdgeHTML platform is used by WebView and some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but can also be used by other legacy applications.”

Whereas not confirmed, this could possibly be a bypass of a earlier vulnerability that abused MSHTML to spoof file extensions in alerts displayed when opening recordsdata. An analogous MSHTML spoofing flaw was disclosed final month when assaults utilized Braille characters in filenames to spoof PDF recordsdata.

Microsoft has not shared who disclosed the vulnerability.

CVE-2024-43572 – Microsoft Administration Console Distant Code Execution Vulnerability

This flaw allowed malicious Microsoft Saved Console (MSC) recordsdata to carry out distant code execution on weak units.

Microsoft mounted the flaw by stopping untrusted MSC recordsdata from being opened.

“The security update will prevent untrusted Microsoft Saved Console (MSC) files from being opened to protect customers against the risks associated with this vulnerability,” defined Microsoft.

It’s unknown how this flaw was actively exploited in assaults.

Microsoft says the bug was disclosed by “Andres and Shady”.

Microsoft says that each of those had been additionally publicly disclosed.

The opposite three vulnerabilities that had been publicly disclosed however not exploited in assaults are:

CVE-2024-6197 – Open Supply Curl Distant Code Execution Vulnerability

Microsoft mounted a libcurl distant code execution flaw that might trigger instructions to be executed when Curl makes an attempt to hook up with a malicious server.

“The vulnerable code path can be triggered by a malicious server offering an especially crafted TLS certificate,” explains a Curl safety advisory.

Microsoft mounted the flaw by updating the libcurl library utilized by the Curl executable bundled with Home windows.

The flaw was found by a safety researcher named “z2_,” who shared technical particulars in a HackerOne report.

CVE-2024-20659 – Home windows Hyper-V Safety Characteristic Bypass Vulnerability

Microsoft mounted a UEFI bypass that might permit attackers to compromised the hypervisor and kernel.

“This Hypervisor vulnerability relates to Virtual Machines within a Unified Extensible Firmware Interface (UEFI) host machine,” explains Microsoft.

“On some specific hardware it might be possible to bypass the UEFI, which could lead to the compromise of the hypervisor and the secure kernel.”

Microsoft says that an attacker wants bodily entry to the machine and should reboot it to use the flaw.

The flaw was found by Francisco Falcón and Iván Arce of Quarkslab however it isn’t identified the place it was publicly disclosed.

CVE-2024-43583 – Winlogon Elevation of Privilege Vulnerability

Microsoft mounted an elevation of privileges flaw that might give attackers SYSTEM privileges in Home windows.

To be protected against this flaw, Microsoft says that admins should take further actions.

“To address this vulnerability, ensure that a Microsoft first-party IME is enabled on your device,” explains Microsoft.

“By doing so, you can help protect your device from potential vulnerabilities associated with a third-party (3P) IME during the sign in process.”

Microsoft says wh1tc & Zhiniang Peng of pwnull found the failings.

Current updates from different firms

Different distributors who launched updates or advisories in October 2024 embody:

The October 2024 Patch Tuesday Safety Updates

Under is the entire listing of resolved vulnerabilities within the October 2024 Patch Tuesday updates.

To entry the total description of every vulnerability and the methods it impacts, you may view the full report right here.

Tag	CVE ID	CVE Title	Severity
.NET and Visible Studio	CVE-2024-38229	.NET and Visible Studio Distant Code Execution Vulnerability	Vital
.NET and Visible Studio	CVE-2024-43485	.NET and Visible Studio Denial of Service Vulnerability	Vital
.NET, .NET Framework, Visible Studio	CVE-2024-43484	.NET, .NET Framework, and Visible Studio Denial of Service Vulnerability	Vital
.NET, .NET Framework, Visible Studio	CVE-2024-43483	.NET, .NET Framework, and Visible Studio Denial of Service Vulnerability	Vital
Azure CLI	CVE-2024-43591	Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability	Vital
Azure Monitor	CVE-2024-38097	Azure Monitor Agent Elevation of Privilege Vulnerability	Vital
Azure Stack	CVE-2024-38179	Azure Stack Hyperconverged Infrastructure (HCI) Elevation of Privilege Vulnerability	Vital
BranchCache	CVE-2024-43506	BranchCache Denial of Service Vulnerability	Vital
BranchCache	CVE-2024-38149	BranchCache Denial of Service Vulnerability	Vital
Code Integrity Guard	CVE-2024-43585	Code Integrity Guard Safety Characteristic Bypass Vulnerability	Vital
DeepSpeed	CVE-2024-43497	DeepSpeed Distant Code Execution Vulnerability	Vital
Web Small Laptop Methods Interface (iSCSI)	CVE-2024-43515	Web Small Laptop Methods Interface (iSCSI) Denial of Service Vulnerability	Vital
Microsoft ActiveX	CVE-2024-43517	Microsoft ActiveX Knowledge Objects Distant Code Execution Vulnerability	Vital
Microsoft Configuration Supervisor	CVE-2024-43468	Microsoft Configuration Supervisor Distant Code Execution Vulnerability	Vital
Microsoft Defender for Endpoint	CVE-2024-43614	Microsoft Defender for Endpoint for Linux Spoofing Vulnerability	Vital
Microsoft Edge (Chromium-based)	CVE-2024-9369	Chromium: CVE-2024-9369 Inadequate information validation in Mojo	Unknown
Microsoft Edge (Chromium-based)	CVE-2024-9370	Chromium: CVE-2024-9370 Inappropriate implementation in V8	Unknown
Microsoft Edge (Chromium-based)	CVE-2024-7025	Chromium: CVE-2024-7025 Integer overflow in Format	Unknown
Microsoft Graphics Element	CVE-2024-43534	Home windows Graphics Element Info Disclosure Vulnerability	Vital
Microsoft Graphics Element	CVE-2024-43508	Home windows Graphics Element Info Disclosure Vulnerability	Vital
Microsoft Graphics Element	CVE-2024-43556	Home windows Graphics Element Elevation of Privilege Vulnerability	Vital
Microsoft Graphics Element	CVE-2024-43509	Home windows Graphics Element Elevation of Privilege Vulnerability	Vital
Microsoft Administration Console	CVE-2024-43572	Microsoft Administration Console Distant Code Execution Vulnerability	Vital
Microsoft Workplace	CVE-2024-43616	Microsoft Workplace Distant Code Execution Vulnerability	Vital
Microsoft Workplace	CVE-2024-43576	Microsoft Workplace Distant Code Execution Vulnerability	Vital
Microsoft Workplace	CVE-2024-43609	Microsoft Workplace Spoofing Vulnerability	Vital
Microsoft Workplace Excel	CVE-2024-43504	Microsoft Excel Distant Code Execution Vulnerability	Vital
Microsoft Workplace SharePoint	CVE-2024-43503	Microsoft SharePoint Elevation of Privilege Vulnerability	Vital
Microsoft Workplace Visio	CVE-2024-43505	Microsoft Workplace Visio Distant Code Execution Vulnerability	Vital
Microsoft Easy Certificates Enrollment Protocol	CVE-2024-43544	Microsoft Easy Certificates Enrollment Protocol Denial of Service Vulnerability	Vital
Microsoft Easy Certificates Enrollment Protocol	CVE-2024-43541	Microsoft Easy Certificates Enrollment Protocol Denial of Service Vulnerability	Vital
Microsoft WDAC OLE DB supplier for SQL	CVE-2024-43519	Microsoft WDAC OLE DB supplier for SQL Server Distant Code Execution Vulnerability	Vital
Microsoft Home windows Speech	CVE-2024-43574	Microsoft Speech Software Programming Interface (SAPI) Distant Code Execution Vulnerability	Vital
OpenSSH for Home windows	CVE-2024-43615	Microsoft OpenSSH for Home windows Distant Code Execution Vulnerability	Vital
OpenSSH for Home windows	CVE-2024-43581	Microsoft OpenSSH for Home windows Distant Code Execution Vulnerability	Vital
OpenSSH for Home windows	CVE-2024-38029	Microsoft OpenSSH for Home windows Distant Code Execution Vulnerability	Vital
Outlook for Android	CVE-2024-43604	Outlook for Android Elevation of Privilege Vulnerability	Vital
Energy BI	CVE-2024-43612	Energy BI Report Server Spoofing Vulnerability	Vital
Energy BI	CVE-2024-43481	Energy BI Report Server Spoofing Vulnerability	Vital
Distant Desktop Consumer	CVE-2024-43533	Distant Desktop Consumer Distant Code Execution Vulnerability	Vital
Distant Desktop Consumer	CVE-2024-43599	Distant Desktop Consumer Distant Code Execution Vulnerability	Vital
Position: Home windows Hyper-V	CVE-2024-43521	Home windows Hyper-V Denial of Service Vulnerability	Vital
Position: Home windows Hyper-V	CVE-2024-20659	Home windows Hyper-V Safety Characteristic Bypass Vulnerability	Vital
Position: Home windows Hyper-V	CVE-2024-43567	Home windows Hyper-V Denial of Service Vulnerability	Vital
Position: Home windows Hyper-V	CVE-2024-43575	Home windows Hyper-V Denial of Service Vulnerability	Vital
RPC Endpoint Mapper Service	CVE-2024-43532	Distant Registry Service Elevation of Privilege Vulnerability	Vital
Service Cloth	CVE-2024-43480	Azure Service Cloth for Linux Distant Code Execution Vulnerability	Vital
Sudo for Home windows	CVE-2024-43571	Sudo for Home windows Spoofing Vulnerability	Vital
Visible C++ Redistributable Installer	CVE-2024-43590	Visible C++ Redistributable Installer Elevation of Privilege Vulnerability	Vital
Visible Studio	CVE-2024-43603	Visible Studio Collector Service Denial of Service Vulnerability	Vital
Visible Studio Code	CVE-2024-43488	Visible Studio Code extension for Arduino Distant Code Execution Vulnerability	Vital
Visible Studio Code	CVE-2024-43601	Visible Studio Code for Linux Distant Code Execution Vulnerability	Vital
Home windows Ancillary Perform Driver for WinSock	CVE-2024-43563	Home windows Ancillary Perform Driver for WinSock Elevation of Privilege Vulnerability	Vital
Home windows BitLocker	CVE-2024-43513	BitLocker Safety Characteristic Bypass Vulnerability	Vital
Home windows Frequent Log File System Driver	CVE-2024-43501	Home windows Frequent Log File System Driver Elevation of Privilege Vulnerability	Vital
Home windows Cryptographic Providers	CVE-2024-43546	Home windows Cryptographic Info Disclosure Vulnerability	Vital
Home windows cURL Implementation	CVE-2024-6197	Open Supply Curl Distant Code Execution Vulnerability	Vital
Home windows EFI Partition	CVE-2024-37982	Home windows Resume Extensible Firmware Interface Safety Characteristic Bypass Vulnerability	Vital
Home windows EFI Partition	CVE-2024-37976	Home windows Resume Extensible Firmware Interface Safety Characteristic Bypass Vulnerability	Vital
Home windows EFI Partition	CVE-2024-37983	Home windows Resume Extensible Firmware Interface Safety Characteristic Bypass Vulnerability	Vital
Home windows Hyper-V	CVE-2024-30092	Home windows Hyper-V Distant Code Execution Vulnerability	Vital
Home windows Kerberos	CVE-2024-43547	Home windows Kerberos Info Disclosure Vulnerability	Vital
Home windows Kerberos	CVE-2024-38129	Home windows Kerberos Elevation of Privilege Vulnerability	Vital
Home windows Kernel	CVE-2024-43502	Home windows Kernel Elevation of Privilege Vulnerability	Vital
Home windows Kernel	CVE-2024-43511	Home windows Kernel Elevation of Privilege Vulnerability	Vital
Home windows Kernel	CVE-2024-43520	Home windows Kernel Denial of Service Vulnerability	Vital
Home windows Kernel	CVE-2024-43527	Home windows Kernel Elevation of Privilege Vulnerability	Vital
Home windows Kernel	CVE-2024-43570	Home windows Kernel Elevation of Privilege Vulnerability	Vital
Home windows Kernel	CVE-2024-37979	Home windows Kernel Elevation of Privilege Vulnerability	Vital
Home windows Kernel-Mode Drivers	CVE-2024-43554	Home windows Kernel-Mode Driver Info Disclosure Vulnerability	Vital
Home windows Kernel-Mode Drivers	CVE-2024-43535	Home windows Kernel-Mode Driver Elevation of Privilege Vulnerability	Vital
Home windows Native Safety Authority (LSA)	CVE-2024-43522	Home windows Native Safety Authority (LSA) Elevation of Privilege Vulnerability	Vital
Home windows Cell Broadband	CVE-2024-43555	Home windows Cell Broadband Driver Denial of Service Vulnerability	Vital
Home windows Cell Broadband	CVE-2024-43540	Home windows Cell Broadband Driver Denial of Service Vulnerability	Vital
Home windows Cell Broadband	CVE-2024-43536	Home windows Cell Broadband Driver Distant Code Execution Vulnerability	Vital
Home windows Cell Broadband	CVE-2024-43538	Home windows Cell Broadband Driver Denial of Service Vulnerability	Vital
Home windows Cell Broadband	CVE-2024-43525	Home windows Cell Broadband Driver Distant Code Execution Vulnerability	Vital
Home windows Cell Broadband	CVE-2024-43559	Home windows Cell Broadband Driver Denial of Service Vulnerability	Vital
Home windows Cell Broadband	CVE-2024-43561	Home windows Cell Broadband Driver Denial of Service Vulnerability	Vital
Home windows Cell Broadband	CVE-2024-43558	Home windows Cell Broadband Driver Denial of Service Vulnerability	Vital
Home windows Cell Broadband	CVE-2024-43542	Home windows Cell Broadband Driver Denial of Service Vulnerability	Vital
Home windows Cell Broadband	CVE-2024-43557	Home windows Cell Broadband Driver Denial of Service Vulnerability	Vital
Home windows Cell Broadband	CVE-2024-43526	Home windows Cell Broadband Driver Distant Code Execution Vulnerability	Vital
Home windows Cell Broadband	CVE-2024-43543	Home windows Cell Broadband Driver Distant Code Execution Vulnerability	Vital
Home windows Cell Broadband	CVE-2024-43523	Home windows Cell Broadband Driver Distant Code Execution Vulnerability	Vital
Home windows Cell Broadband	CVE-2024-43524	Home windows Cell Broadband Driver Distant Code Execution Vulnerability	Vital
Home windows Cell Broadband	CVE-2024-43537	Home windows Cell Broadband Driver Denial of Service Vulnerability	Vital
Home windows MSHTML Platform	CVE-2024-43573	Home windows MSHTML Platform Spoofing Vulnerability	Average
Home windows Netlogon	CVE-2024-38124	Home windows Netlogon Elevation of Privilege Vulnerability	Vital
Home windows Community Deal with Translation (NAT)	CVE-2024-43562	Home windows Community Deal with Translation (NAT) Denial of Service Vulnerability	Vital
Home windows Community Deal with Translation (NAT)	CVE-2024-43565	Home windows Community Deal with Translation (NAT) Denial of Service Vulnerability	Vital
Home windows NT OS Kernel	CVE-2024-43553	NT OS Kernel Elevation of Privilege Vulnerability	Vital
Home windows NTFS	CVE-2024-43514	Home windows Resilient File System (ReFS) Elevation of Privilege Vulnerability	Vital
Home windows On-line Certificates Standing Protocol (OCSP)	CVE-2024-43545	Home windows On-line Certificates Standing Protocol (OCSP) Server Denial of Service Vulnerability	Vital
Home windows Print Spooler Elements	CVE-2024-43529	Home windows Print Spooler Elevation of Privilege Vulnerability	Vital
Home windows Distant Desktop	CVE-2024-43582	Distant Desktop Protocol Server Distant Code Execution Vulnerability	Vital
Home windows Distant Desktop Licensing Service	CVE-2024-38262	Home windows Distant Desktop Licensing Service Distant Code Execution Vulnerability	Vital
Home windows Distant Desktop Providers	CVE-2024-43456	Home windows Distant Desktop Providers Tampering Vulnerability	Vital
Home windows Resilient File System (ReFS)	CVE-2024-43500	Home windows Resilient File System (ReFS) Info Disclosure Vulnerability	Vital
Home windows Routing and Distant Entry Service (RRAS)	CVE-2024-43592	Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability	Vital
Home windows Routing and Distant Entry Service (RRAS)	CVE-2024-43589	Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability	Vital
Home windows Routing and Distant Entry Service (RRAS)	CVE-2024-38212	Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability	Vital
Home windows Routing and Distant Entry Service (RRAS)	CVE-2024-43593	Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability	Vital
Home windows Routing and Distant Entry Service (RRAS)	CVE-2024-38261	Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability	Vital
Home windows Routing and Distant Entry Service (RRAS)	CVE-2024-43611	Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability	Vital
Home windows Routing and Distant Entry Service (RRAS)	CVE-2024-43453	Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability	Vital
Home windows Routing and Distant Entry Service (RRAS)	CVE-2024-38265	Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability	Vital
Home windows Routing and Distant Entry Service (RRAS)	CVE-2024-43607	Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability	Vital
Home windows Routing and Distant Entry Service (RRAS)	CVE-2024-43549	Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability	Vital
Home windows Routing and Distant Entry Service (RRAS)	CVE-2024-43608	Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability	Vital
Home windows Routing and Distant Entry Service (RRAS)	CVE-2024-43564	Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability	Vital
Home windows Scripting	CVE-2024-43584	Home windows Scripting Engine Safety Characteristic Bypass Vulnerability	Vital
Home windows Safe Channel	CVE-2024-43550	Home windows Safe Channel Spoofing Vulnerability	Vital
Home windows Safe Kernel Mode	CVE-2024-43516	Home windows Safe Kernel Mode Elevation of Privilege Vulnerability	Vital
Home windows Safe Kernel Mode	CVE-2024-43528	Home windows Safe Kernel Mode Elevation of Privilege Vulnerability	Vital
Home windows Shell	CVE-2024-43552	Home windows Shell Distant Code Execution Vulnerability	Vital
Home windows Requirements-Primarily based Storage Administration Service	CVE-2024-43512	Home windows Requirements-Primarily based Storage Administration Service Denial of Service Vulnerability	Vital
Home windows Storage	CVE-2024-43551	Home windows Storage Elevation of Privilege Vulnerability	Vital
Home windows Storage Port Driver	CVE-2024-43560	Microsoft Home windows Storage Port Driver Elevation of Privilege Vulnerability	Vital
Home windows Telephony Server	CVE-2024-43518	Home windows Telephony Server Distant Code Execution Vulnerability	Vital
Winlogon	CVE-2024-43583	Winlogon Elevation of Privilege Vulnerability	Vital

Replace 9/11/24: Up to date to elucidate that solely three flaws had been actively exploited and why CVE-2024-43491 was marked as exploited.

Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws

4 zero-days disclosed

Current updates from different firms

The October 2024 Patch Tuesday Safety Updates

Recent articles

How Runtime Insights Assist with Container Safety

Microsoft pulls Trade safety updates over mail supply points

Microsoft Energy Pages Misconfigurations Leak Tens of millions of Information Globally

The Development of Mobility as a Service (MaaS) & the Position of IoT in Shared Mobility

Palo Alto Networks warns of vital RCE zero-day exploited in assaults

About us

Company

Must Read

Broadcom fixes crucial RCE bug in VMware vCenter Server

Cyber Panorama is Evolving – So Ought to Your SCA

Darktrace AI Halts Thread Hijacking Assault Concentrating on Main Firm

Subscribe