Skip to main content

Microsoft Releases October 2024 Security Updates

Scheduled updates for Microsoft products fix 117 vulnerabilities, including five zero-day vulnerabilities

Threat ID:
CC-4558
Threat Severity:
Medium
Published:
9 October 2024 3:48 PM
Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Scheduled updates for Microsoft products fix 117 vulnerabilities, including five zero-day vulnerabilities

Affected platforms

The following platforms are known to be affected:

Microsoft Windows

Windows Server

Microsoft Office

The following platforms are also known to be affected:

  • .NET, .NET Framework, Visual Studio
  • Azure CLI
  • Azure Monitor
  • Azure Stack
  • BranchCache
  • Code Integrity Guard
  • DeepSpeed
  • Internet Small Computer Systems Interface (iSCSI)
  • Microsoft ActiveX
  • Microsoft Configuration Manager
  • Microsoft Defender for Endpoint
  • Microsoft Graphics Component
  • Microsoft Management Console
  • Microsoft Office
  • Microsoft Office Excel
  • Microsoft Office SharePoint
  • Microsoft Office Visio
  • Microsoft Simple Certificate Enrollment Protocol
  • Microsoft WDAC OLE DB provider for SQL
  • Microsoft Windows Speech
  • OpenSSH for Windows
  • Outlook for Android
  • Power BI
  • Remote Desktop Client
  • Role: Windows Hyper-V
  • RPC Endpoint Mapper Service
  • Service Fabric
  • Sudo for Windows
  • Visual C++ Redistributable Installer
  • Visual Studio
  • Visual Studio Code
  • Windows Ancillary Function Driver for WinSock
  • Windows BitLocker
  • Windows Common Log File System Driver
  • Windows Cryptographic Services
  • Windows EFI Partition
  • Windows Hyper-V
  • Windows Kerberos
  • Windows Kernel
  • Windows Kernel-Mode Drivers
  • Windows Local Security Authority (LSA)
  • Windows Mobile Broadband
  • Windows MSHTML Platform
  • Windows Netlogon
  • Windows Network Address Translation (NAT)
  • Windows NT OS Kernel
  • Windows NTFS
  • Windows Online Certificate Status Protocol (OCSP)
  • Windows Print Spooler Components
  • Windows Remote Desktop
  • Windows Remote Desktop Licensing Service
  • Windows Remote Desktop Services
  • Windows Resilient File System (ReFS)
  • Windows Routing and Remote Access Service (RRAS)
  • Windows Scripting
  • Windows Secure Channel
  • Windows Secure Kernel Mode
  • Windows Shell
  • Windows Standards-Based Storage Management Service
  • Windows Storage
  • Windows Storage Port Driver
  • Windows Telephony Server
  • Winlogon

Threat details

Active exploitation of CVE-2024-43572 and CVE-2024-43573

Microsoft has reported two of the zero-day vulnerabilities are under active exploitation. NHS England CSOC urges organisations to apply relevant security updates to affected versions of Windows and Windows Server as soon as practicable.

Introduction

Microsoft has released security updates to address 117 vulnerabilities in Microsoft products. The security updates include five zero-day vulnerabilities, of which two are under active exploitation.

Vulnerability details

  • CVE-2024-43572 - Microsoft Management Console Remote Code Execution Vulnerability
    CVE-2024-43572 is an 'improper neutralization' vulnerability in the Management Console feature of Windows and Windows Server and has a CVSSv3 score of 7.8. Successful exploitation could allow a local attacker to perform remote code execution (RCE) on vulnerable devices. This zero-day vulnerability is under active exploitation. 
  • CVE-2024-43573 - Windows MSHTML Platform Spoofing Vulnerability
    CVE-2024-43573 is a 'cross-site scripting' vulnerability in Windows and Windows Server MSHTML Platform with a CVSSv3 score of 6.5. MSHTML is a software component used to render web pages on Windows. This zero-day vulnerability is under active exploitation.
  • CVE-2024-20659 - Windows Hyper-V Security Feature Bypass Vulnerability
    CVE-2024-20659 is an ‘improper input validation’ vulnerability in Windows Hyper-V with a CVSSv3 score of 7.1. Successful exploitation of this vulnerability requires multiple conditions to be met, such as specific application behaviour, user actions, manipulation of parameters passed to a function, and impersonation of an integrity level token. With these conditions being met, it could lead to an attacker compromising the hypervisor and the secure kernel. This vulnerability has been publicly disclosed but no exploitation has been observed.
  • CVE-2024-43583 - Winlogon Elevation of Privilege Vulnerability
    CVE-2024-43583 is an ‘execution with unnecessary privileges’ vulnerability in Windows and Windows Server and has a CVSSv3 score of 7.8. Successful exploitation could allow a local attacker to gain SYSTEM privileges. This privilege escalation vulnerability has been publicly disclosed and exploitation is considered more likely.
  • CVE-2024-6197 - Open Source Curl Remote Code Execution Vulnerability
    CVE-2024-6197 is a ‘free of memory not on the heap’ vulnerability in Open Source Curl with a CVSSv3 score of 8.8. Successful exploitation could allow a remote attacker to achieve RCE if user interaction occurs by selecting and communicating with the malicious server.

Remediation advice

Affected organisations are encouraged to review Microsoft's October 2024 Security Updates Summary and apply the relevant updates as soon as practicable.

Last edited: 9 October 2024 4:46 pm