In its latest Patch Tuesday release, Microsoft addressed 118 vulnerabilities, including five zero-day flaws, two of which attackers are actively exploiting. The updates cover various Microsoft products, including Windows, Office, Azure, .NET, and Visual Studio.
Zero-Day Vulnerabilities
Among the five zero-day vulnerabilities patched, two were actively exploited in the wild:
- CVE-2024-43573: A spoofing vulnerability affecting the Windows MSHTML platform. This flaw allows attackers to manipulate web content, potentially leading to unauthorized actions by users. It has been linked to previous exploits involving the MSHTML engine.
- CVE-2024-43572: A remote code execution (RCE) vulnerability in the Microsoft Management Console (MMC). This exploit can be triggered by malicious MSC files, allowing attackers to execute arbitrary code on targeted systems. Microsoft has mitigated this by preventing untrusted MSC files from being opened.
The other zero-day vulnerabilities include:
- CVE-2024-6197: An RCE vulnerability in Curl, which could be exploited when connecting to malicious servers.
- CVE-2024-20659: A security feature bypass in Windows Hyper-V that could compromise virtual machines within UEFI host machines.
- CVE-2024-43583: An elevation of privilege vulnerability in Winlogon, potentially granting attackers SYSTEM privileges.
Analyse Any Suspicious Links Using ANY.RUN’s New Safe Browsing Tool: Try for Free
Other Notable Vulnerabilities
The update also addressed several other significant vulnerabilities:
- CVE-2024-38179: An elevation of privilege vulnerability in Azure Stack Hyperconverged Infrastructure (HCI). It poses a risk of unauthorized access and control over affected systems.
- CVE-2024-38149: A denial of service (DoS) vulnerability in BranchCache, which could disrupt network services by exploiting this flaw.
Vulnerability Breakdown
The October update included fixes for:
- 28 Elevation of Privilege vulnerabilities
- 43 Remote Code Execution vulnerabilities
- 26 Denial of Service vulnerabilities
- 7 Security Feature Bypass vulnerabilities
- 6 Information Disclosure vulnerabilities
- 7 Spoofing vulnerabilities.
Microsoft emphasizes the critical importance of promptly applying these updates. With two zero-days actively exploited, users and organizations are urged to prioritize patching to mitigate potential risks. The company continues to work on enhancing its security measures to protect against evolving threats.
For IT administrators and cybersecurity professionals, these updates underscore the need for continuous monitoring and swift action when applying patches. Regular updates and adherence to best practices in cybersecurity are essential to safeguard systems against exploitation.
Users are urged to apply these updates promptly to protect against potential attacks. The table provides a detailed list of the vulnerabilities addressed in this Patch Tuesday release.
Strategies to Protect Websites & APIs from Malware Attack => Free Webinar