Microsoft’s October 2024 Patch Tuesday Addresses Five Zero-days and 118 Vulnerabilities

October 8, 2024

Microsoft's October 2024 Patch Tuesday has released security updates addressing 118 vulnerabilities, among which are five zero-days. Two of these zero-days are currently being exploited. The term 'zero-day' refers to a flaw that is publicly disclosed or actively exploited while no official fix is available.

The two actively exploited zero-day vulnerabilities in the update are CVE-2024-43573, a Windows MSHTML Platform Spoofing Vulnerability, and CVE-2024-43572, a Microsoft Management Console Remote Code Execution Vulnerability. Microsoft has not provided detailed information about CVE-2024-43573, but they have confirmed it involves the MSHTML platform, previously used by Internet Explorer and Legacy Microsoft Edge. 'While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported,' explained Microsoft.

CVE-2024-43572 allowed malicious Microsoft Saved Console (MSC) files to perform remote code execution on vulnerable devices. Microsoft has resolved the flaw by preventing untrusted MSC files from opening. 'The security update will prevent untrusted Microsoft Saved Console (MSC) files from being opened to protect customers against the risks associated with this vulnerability,' explained Microsoft. The bug was disclosed by 'Andres and Shady'.

The other three vulnerabilities that were publicly disclosed but not exploited are CVE-2024-6197, an Open Source Curl Remote Code Execution Vulnerability; CVE-2024-20659, a Windows Hyper-V Security Feature Bypass Vulnerability; and CVE-2024-43583, a Winlogon Elevation of Privilege Vulnerability. The CVE-2024-6197 flaw could cause commands to be executed when Curl attempts to connect to a malicious server. This was fixed by updating the libcurl library used by the Curl executable bundled with Windows.

CVE-2024-20659 is a UEFI bypass that could allow attackers to compromise the hypervisor and kernel. 'This Hypervisor vulnerability relates to Virtual Machines within a Unified Extensible Firmware Interface (UEFI) host machine,' explains Microsoft. 'On some specific hardware it might be possible to bypass the UEFI, which could lead to the compromise of the hypervisor and the secure kernel.' This flaw was discovered by Francisco Falcón and Iván Arce of Quarkslab.

CVE-2024-43583 is an elevation of privileges flaw that could grant attackers SYSTEM privileges in Windows. 'To address this vulnerability, ensure that a Microsoft first-party IME is enabled on your device,' advises Microsoft. 'By doing so, you can help protect your device from potential vulnerabilities associated with a third-party (3P) IME during the sign in process.' This flaw was discovered by wh1tc & Zhiniang Peng of pwnull.

Related News

• Microsoft's September 2024 Patch Tuesday Addresses 79 Security Flaws Including 4 Zero-days

Latest News

• Ivanti Alerts on Three New Actively Exploited CSA Zero-Days
• Qualcomm Addresses High-Risk Zero-Day Vulnerability in DSP Service
• Chinese Hacking Group Breaches Major U.S. Broadband Providers
• 6 Million WordPress Sites at Risk from XSS Vulnerability in LiteSpeed Cache Plug-In
• High-Risk Flaw in WordPress LiteSpeed Cache Plugin Could Lead to Site Takeover