Microsoft Patch Tuesday October 2024
Microsoft Patch Tuesday October 2024
Summary
This months Patch Tuesday has security updates to fix 5 zero-day vulnerabilities with 2 of them being actively-exploited, 3 critical vulnerabilities and a total of 130 vulnerabilities.
The most important patches are:
CVE-2024-43573 – Windows MSHTML Platform Spoofing Vulnerability. While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control. The EdgeHTML platform is used by WebView and some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but can also be used by other legacy applications. Updates to address vulnerabilities in the MSHTML platform and scripting engine are included in the IE Cumulative Updates; EdgeHTML and Chakra changes are not applicable to those platforms.To stay fully protected, we recommend that customers who install Security Only updates install the IE Cumulative updates for this vulnerability. CVSS 3.1: 6.5 (Moderate)
CVE-2024-43572 – Microsoft Management Console Remote Code Execution Vulnerability. This remote code execution (RCE) vulnerability allows malicious Microsoft Saved Console (MSC) files to perform RCE on underlying devices. CVSS 3.1: 7.8 (Important)
CVE-2024-20659 – Windows Hyper-V Security Feature Bypass Vulnerability. This Hypervisor vulnerability relates to Virtual Machines within a Unified Extensible Firmware Interface (UEFI) host machine. On some specific hardware it might be possible to bypass the UEFI, which could lead to the compromise of the hypervisor and the secure kernel. Successful exploitation of this vulnerability by an attacker requires a user to first reboot their machine. CVSS 3.1: 7.1 ( Important)
CVE-2024-6197 – Freeing stack buffer in utf8asn1str. While the upstream advisory applies to curl, the command line tool, and libcurl as embedded in all manner of software, Windows does not ship libcurl but only ships the curl command line. This vulnerability requires user interaction to select the server and to communicate with it. This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client. CVSS 3.1: 8.8 (Important)
CVE-2024-43583 – Winlogon Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. To address this vulnerability, ensure that a Microsoft first-party IME is enabled on your device. By doing so, you can help protect your device from potential vulnerabilities associated with a third-party (3P) IME during the sign in process. CVSS 3.1: 7.1 ( Important)
The patches this month break down as follows:
- 46 Remote code execution vulnerabilities
- 35 Elevation of privilege vulnerabilities
- 7 Security feature bypass vulnerabilities
- 28 Denial of Service vulnerabilities
- 6 Information disclosure vulnerabilities
- 7 Spoofing vulnerabilities
- 1 tampering vulnerability
More information can be found here.