October 2024 – Microsoft patch tuesday highlights
Background
Microsoft’s October 2024 Patch Tuesday updates are now available. They provide essential safety enhancements that IT professionals should apply. With multiple significant vulnerabilities fixed, this release underscores the continued necessity for frequent maintenance and attention to security.
Microsoft Patch’s Tuesday, October 2024 edition addressed 121 vulnerabilities, including three critical and 114 significant severity flaws.
Microsoft has fixed two zero-day vulnerabilities that are known to be exploited in the wild in this month’s patches. Three vulnerabilities that are known to the public but are not used in attacks were also fixed by Microsoft.
Microsoft has fixed three vulnerabilities in Microsoft Edge (Chromium-based), which were patched earlier this month.
The October edition of Microsoft Patch Tuesday includes updates for vulnerabilities in Microsoft Office and Components, Microsoft Management Console, Visual Studio, Windows Print Spooler Components, Windows Remote Desktop, Windows Remote Desktop Licensing Service, Windows Remote Desktop Services, .NET Framework, and other areas.
Spoofing, Denial of Service (DoS), Elevation of Privilege (EoP), Information Disclosure, Security Feature Bypass, and Remote Code Execution (RCE) are among the vulnerabilities that Microsoft has addressed in various software products.
The Microsoft vulnerabilities of October 2024 are categorized as follows:
Vulnerability Category | Quantity | Severities |
Spoofing Vulnerability | 7 | Important: 7 |
Denial of Service Vulnerability | 26 | Important: 26 |
Elevation of Privilege Vulnerability | 28 | Important: 28 |
Information Disclosure Vulnerability | 6 | Important: 6 |
Remote Code Execution Vulnerability | 43 | Critical: 3 Important: 40 |
Security Feature Bypass Vulnerability | 7 | Important: 7 |
Summary
The full list of vulnerabilities fixed in the October 2024 Patch Tuesday patches is provided below:
CVE | Title | Severity | CVSS | Public | Exploited | Type |
Microsoft Management Console Remote Code Execution Vulnerability | Moderate | 7.8 | Yes | Yes | RCE | |
Windows MSHTML Platform Spoofing Vulnerability | Moderate | 6.5 | Yes | Yes | Spoofing | |
Open Source Curl Remote Code Execution Vulnerability | Important | 8.8 | Yes | No | RCE | |
Windows Hyper-V Security Feature Bypass Vulnerability | Important | 7.1 | Yes | No | SFB | |
Winlogon Elevation of Privilege Vulnerability | Important | 7.8 | Yes | No | EoP | |
Microsoft Configuration Manager Remote Code Execution Vulnerability | Critical | 9.8 | No | No | RCE | |
Remote Desktop Protocol Server Remote Code Execution Vulnerability | Critical | 8.1 | No | No | RCE | |
Visual Studio Code extension for Arduino Remote Code Execution Vulnerability | Critical | 8.8 | No | No | RCE | |
.NET and Visual Studio Denial of Service Vulnerability | Important | 7.5 | No | No | DoS | |
.NET and Visual Studio Remote Code Execution Vulnerability | Important | 8.1 | No | No | RCE | |
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability | Important | 7.5 | No | No | DoS | |
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability | Important | 7.5 | No | No | DoS | |
Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability | Important | 8.7 | No | No | EoP | |
Azure Monitor Agent Elevation of Privilege Vulnerability | Important | 7.1 | No | No | EoP | |
Azure Service Fabric for Linux Remote Code Execution Vulnerability | Important | 6.6 | No | No | RCE | |
Azure Stack HCI Elevation of Privilege Vulnerability | Important | 8.8 | No | No | EoP | |
BitLocker Security Feature Bypass Vulnerability | Important | 6.4 | No | No | SFB | |
BranchCache Denial of Service Vulnerability | Important | 7.5 | No | No | DoS | |
BranchCache Denial of Service Vulnerability | Important | 7.5 | No | No | DoS | |
Code Integrity Guard Security Feature Bypass Vulnerability | Important | 5.5 | No | No | SFB | |
DeepSpeed Remote Code Execution Vulnerability | Important | 8.8 | No | No | RCE | |
Internet Small Computer Systems Interface (iSCSI) Denial of Service Vulnerability | Important | 7.5 | No | No | DoS | |
Microsoft ActiveX Data Objects Remote Code Execution Vulnerability | Important | 8.8 | No | No | RCE | |
Microsoft Defender for Endpoint for Linux Spoofing Vulnerability | Important | 5.5 | No | No | Spoofing | |
Microsoft Excel Remote Code Execution Vulnerability | Important | 7.8 | No | No | RCE | |
Microsoft Office Remote Code Execution Vulnerability | Important | 7.8 | No | No | RCE | |
Microsoft Office Remote Code Execution Vulnerability | Important | 7.8 | No | No | RCE | |
Microsoft Office Spoofing Vulnerability | Important | 6.5 | No | No | Spoofing | |
Microsoft Office Visio Remote Code Execution Vulnerability | Important | 7.8 | No | No | RCE | |
Microsoft OpenSSH for Windows Remote Code Execution Vulnerability | Important | 7.5 | No | No | RCE | |
Microsoft OpenSSH for Windows Remote Code Execution Vulnerability | Important | 7.1 | No | No | RCE | |
Microsoft OpenSSH for Windows Remote Code Execution Vulnerability | Important | 7.1 | No | No | RCE | |
Microsoft SharePoint Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP | |
Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability | Important | 7.5 | No | No | DoS | |
Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability | Important | 7.5 | No | No | DoS | |
Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability | Important | 8.3 | No | No | RCE | |
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important | 8.8 | No | No | RCE | |
Microsoft Windows Storage Port Driver Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP | |
NT OS Kernel Elevation of Privilege Vulnerability | Important | 7.4 | No | No | EoP | |
Outlook for Android Elevation of Privilege Vulnerability | Important | 5.7 | No | No | EoP | |
Power BI Report Server Spoofing Vulnerability | Important | 6.5 | No | No | Spoofing | |
Power BI Report Server Spoofing Vulnerability | Important | 7.6 | No | No | Spoofing | |
Remote Desktop Client Remote Code Execution Vulnerability | Important | 8.8 | No | No | RCE | |
Remote Desktop Client Remote Code Execution Vulnerability | Important | 8.8 | No | No | RCE | |
RPC Endpoint Mapper Service Elevation of Privilege Vulnerability | Important | 8.8 | No | No | EoP | |
Sudo for Windows Spoofing Vulnerability | Important | 5.6 | No | No | Spoofing | |
Visual C++ Redistributable Installer Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP | |
Visual Studio Code for Linux Remote Code Execution Vulnerability | Important | 7.1 | No | No | RCE | |
Visual Studio Collector Service Denial of Service Vulnerability | Important | 5.5 | No | No | DoS | |
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP | |
Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP | |
Windows Cryptographic Information Disclosure Vulnerability | Important | 5.6 | No | No | Info | |
Windows Graphics Component Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP | |
Windows Graphics Component Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP | |
Windows Graphics Component Information Disclosure Vulnerability | Important | 5.5 | No | No | Info | |
Windows Graphics Component Information Disclosure Vulnerability | Important | 6.5 | No | No | Info | |
Windows Hyper-V Denial of Service Vulnerability | Important | 7.5 | No | No | DoS | |
Windows Hyper-V Denial of Service Vulnerability | Important | 7.5 | No | No | DoS | |
Windows Hyper-V Denial of Service Vulnerability | Important | 7.5 | No | No | DoS | |
Windows Hyper-V Remote Code Execution Vulnerability | Important | 8 | No | No | RCE | |
Windows Kerberos Elevation of Privilege Vulnerability | Important | 7.5 | No | No | EoP | |
Windows Kerberos Information Disclosure Vulnerability | Important | 6.5 | No | No | Info | |
Windows Kernel Denial of Service Vulnerability | Important | 5 | No | No | DoS | |
Windows Kernel Elevation of Privilege Vulnerability | Important | 6.7 | No | No | EoP | |
Windows Kernel Elevation of Privilege Vulnerability | Important | 7.1 | No | No | EoP | |
Windows Kernel Elevation of Privilege Vulnerability | Important | 7 | No | No | EoP | |
Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP | |
Windows Kernel Elevation of Privilege Vulnerability | Important | 6.4 | No | No | EoP | |
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | Important | 7 | No | No | EoP | |
Windows Kernel-Mode Driver Information Disclosure Vulnerability | Important | 5.5 | No | No | Info | |
Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability | Important | 7 | No | No | EoP | |
Windows Mobile Broadband Driver Denial of Service Vulnerability | Important | 6.5 | No | No | DoS | |
Windows Mobile Broadband Driver Denial of Service Vulnerability | Important | 6.5 | No | No | DoS | |
Windows Mobile Broadband Driver Denial of Service Vulnerability | Important | 6.5 | No | No | DoS | |
Windows Mobile Broadband Driver Denial of Service Vulnerability | Important | 6.5 | No | No | DoS | |
Windows Mobile Broadband Driver Denial of Service Vulnerability | Important | 6.5 | No | No | DoS | |
Windows Mobile Broadband Driver Denial of Service Vulnerability | Important | 6.5 | No | No | DoS | |
Windows Mobile Broadband Driver Denial of Service Vulnerability | Important | 6.5 | No | No | DoS | |
Windows Mobile Broadband Driver Denial of Service Vulnerability | Important | 6.5 | No | No | DoS | |
Windows Mobile Broadband Driver Denial of Service Vulnerability | Important | 6.5 | No | No | DoS | |
Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important | 6.8 | No | No | RCE | |
Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important | 6.8 | No | No | RCE | |
Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important | 6.8 | No | No | RCE | |
Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important | 6.8 | No | No | RCE | |
Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important | 6.8 | No | No | RCE | |
Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important | 6.8 | No | No | RCE | |
Windows Netlogon Elevation of Privilege Vulnerability | Important | 9 | No | No | EoP | |
Windows Network Address Translation (NAT) Denial of Service Vulnerability | Important | 7.5 | No | No | DoS | |
Windows Network Address Translation (NAT) Denial of Service Vulnerability | Important | 7.5 | No | No | DoS | |
Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability | Important | 7.5 | No | No | DoS | |
Windows Print Spooler Elevation of Privilege Vulnerability | Important | 7.3 | No | No | EoP | |
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | Important | 7.5 | No | No | RCE | |
Windows Remote Desktop Services Tampering Vulnerability | Important | 4.8 | No | No | Tampering | |
Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP | |
Windows Resilient File System (ReFS) Information Disclosure Vulnerability | Important | 5.5 | No | No | Info | |
Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability | Important | 6.7 | No | No | SFB | |
Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability | Important | 6.7 | No | No | SFB | |
Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability | Important | 6.7 | No | No | SFB | |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important | 8.8 | No | No | RCE | |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important | 7.8 | No | No | RCE | |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important | 8.8 | No | No | RCE | |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important | 8.8 | No | No | RCE | |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important | 8.8 | No | No | RCE | |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important | 8.8 | No | No | RCE | |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important | 8.8 | No | No | RCE | |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important | 8.8 | No | No | RCE | |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important | 8.8 | No | No | RCE | |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important | 8.8 | No | No | RCE | |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important | 8.8 | No | No | RCE | |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important | 8.8 | No | No | RCE | |
Windows Scripting Engine Security Feature Bypass Vulnerability | Important | 7.7 | No | No | SFB | |
Windows Secure Channel Spoofing Vulnerability | Important | 7.4 | No | No | Spoofing | |
Windows Secure Kernel Mode Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP | |
Windows Secure Kernel Mode Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP | |
Windows Shell Remote Code Execution Vulnerability | Important | 7.3 | No | No | RCE | |
Windows Standards-Based Storage Management Service Denial of Service Vulnerability | Important | 6.5 | No | No | DoS | |
Windows Storage Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP | |
Windows Telephony Server Remote Code Execution Vulnerability | Important | 8.8 | No | No | RCE | |
Chromium: CVE-2024-7025 Integer overflow in Layout | High | N/A | No | No | RCE | |
Chromium: CVE-2024-9369 Insufficient data validation in Mojo | High | N/A | No | No | RCE | |
Chromium: CVE-2024-9370 Inappropriate implementation in V8 | High | N/A | No | No | RCE |
Zero-day Vulnerabilities
Windows MSHTML Platform Spoofing Vulnerability (CVE-2024-43573):
One browser engine that is often used in conjunction with Internet Explorer is Windows MSHTML. Even though Microsoft is continually patching MSHTML vulnerabilities, the Internet Explorer (IE) 11 desktop program is no longer supported.
Microsoft has not released any comprehensive details regarding the exploitation of this security flaw. Microsoft did note in the alert that the MSHTML platform—which was once utilized by Internet Explorer and Legacy Microsoft Edge—whose components are still present on Windows—is involved in the vulnerability’s exploitation.
By adding the vulnerability to its list of known exploited vulnerabilities, CISA confirmed that it was being exploited actively. Users are urged by CISA to apply a patch for the vulnerability by October 29, 2024.
Open Source Curl Remote Code Execution Vulnerability (CVE-2024-6197):
According to Microsoft, “Windows does not ship libcurl; instead, it only ships the curl command line. However, the upstream advisory applies to curl, the command line tool, and libcurl as embedded in all software.” To choose the server and establish communication with it, this vulnerability necessitates human intervention. To successfully exploit the vulnerability, a client must establish a connection with a rogue server, which could grant the attacker access to the client’s code.
Microsoft Management Console Remote Code Execution Vulnerability (CVE-2024-43572):
Users and system administrators can configure, monitor, and manage Microsoft Windows systems via the Microsoft Management Console (MMC). MMC offers a centralized interface for system administration, configuration, and management.
Regarding the issue, Microsoft has not published any details.
By adding the vulnerability to its list of known exploited vulnerabilities, CISA confirmed that it was being exploited actively. Users are urged by CISA to apply a patch for the vulnerability by October 29, 2024.
Winlogon Elevation of Privilege Vulnerability (CVE-2024-43583):
An attacker could be able to obtain SYSTEM privileges if they are successful in exploiting the vulnerabilities. Microsoft advises turning on first-party IME to guard against this vulnerability.
Critical Severity Vulnerabilities:
Microsoft Configuration Manager Remote Code Execution Vulnerability (CVE-2024-43468):
IT specialists can better manage big groups of PCs and servers with the aid of Microsoft Configuration Manager (ConfigMgr), a systems management tool. The software controls hardware and software inventories and distributes operating systems to devices.
This vulnerability can be exploited by an unauthenticated attacker by sending specially designed requests to the target environment, which are handled dangerously. If the vulnerability is successfully exploited, the attacker might be able to run commands on the server and/or the underlying database.
Remote Desktop Protocol Server Remote Code Execution Vulnerability (CVE-2024-43582):
A secure network communication protocol called Remote Desktop Protocol (RDP) enables users to access and manage a computer remotely via a network connection. The majority of Windows and Mac operating systems support remote desktop software, which adheres to the RDP technical standard.
An unauthenticated attacker must send malicious packets to an RPC host in order to take advantage of the vulnerability. If the vulnerability is successfully exploited, the server side could experience remote code execution with the same permissions as the RPC service.
Visual Studio Code extension for Arduino Remote Code Execution Vulnerability (CVE-2024-43488):
Users can develop, produce, and deploy Arduino sketches in Visual Studio Code (VS Code) with the Arduino extension. The plugin offers a number of capabilities, including automated project scaffolding, IntelliSense, and syntax highlighting.
The Visual Studio Code extension for Arduino lacks authentication for essential functions, which makes it possible for an unauthorized attacker to execute code remotely.
Other Vulnerabilities
- A Windows Kernel elevation of privilege vulnerability is identified as CVE-2024-43502. If the vulnerability is successfully exploited, an attacker might be able to obtain SYSTEM rights.
- Microsoft OpenSSH for Windows has two remote code execution vulnerabilities: CVE-2024-43581 and CVE-2024-43615. If the vulnerability is successfully exploited, the attacker might be able to execute code remotely on the target server.
- Microsoft Office has a spoofing vulnerability (CVE-2024-43609). An attacker may host a website or server with a specially designed file in order to take advantage of the vulnerability in a web-based attack scenario. The user would need to be persuaded by an attacker to click on a link, usually in the form of an email or Instant Messenger message, and then persuaded to open the malicious file.
- The Windows Graphics Component has an elevation of privilege vulnerabilities, CVE-2024-43509 and CVE-2024-43556. An attacker could be able to obtain SYSTEM privileges if they are successful in exploiting the vulnerabilities.
- An elevation of privilege vulnerability in the Microsoft Windows Storage Port Driver is identified as CVE-2024-43560. An attacker could be able to obtain SYSTEM privileges if they are successful in exploiting the vulnerabilities.