Microsoft Patch Tuesday – October 2024

Microsoft Patch Tuesday – October 2024

No Comments

Microsoft patched 117 CVEs in October 2024 Patch Tuesday release, with three rated critical, 113 rated important and one rated moderate.

  • 27 Elevation of Privilege vulnerabilities
  • 7 Security Feature Bypass vulnerabilities
  • 43 Remote Code Execution vulnerabilities
  • 6 Information Disclosure vulnerabilities
  • 26 Denial of Service vulnerabilities
  • 7 Spoofing vulnerabilities

Based on the active exploitation evidence, CISA has added CVE-2024-43572 , CVE-2024-43573 to its Known exploited catalog

Microsoft Configuration Manager Remote Code Execution Vulnerability

The vulnerability tracked as CVE-2024-43468 is a RCE with a CVSSv3 score of 9.8in Microsoft Configuration. An attacker can leverage this vulnerability without prior authentication by sending a specially crafted request to a vulnerable machine resulting in RCE on the machine or its underlying database.

Microsoft has advised impacted users to install an in-console update as the only mitigation path, but has listed a workaround for users who cannot immediately implement the updates. The workaround suggested by Microsoft is to use an alternate service account for the Management point connection account in place of the default “Computer” account.

Windows Netlogon Elevation of Privilege Vulnerability

The vulnerability tracked as CVE-2024-38124 with a CVSSv3 score of 9.0. An attacker would need authenticated access to the same network as a vulnerable device and rename their machine to match the domain controller to establish a secure channel. If these prerequisites are met, the attacker would then need to rename their machine back to its original name and once the new domain controller is promoted, the attacker could use the secure channel to impersonate the domain controller and potentially compromise the entire domain.

No workarounds available, but if immediate patching is not an option, Microsoft has listed a handful of mitigating factors to consider:

  • Avoid using predictable naming conventions on Domain Controllers
  • Ensure Secure Channel validation requires more than just a matching computer name.
  • Monitoring for the renaming of computers within the network.
  • Consider enhanced authentication mechanisms.
Advertisements

Microsoft Management Console Remote Code Execution Vulnerability

The vulnerability tracked as CVE-2024-43572 with a CVSSv3 score of 7.8. An attacker could exploit this vulnerability by convincing a vulnerable target using social engineering tactics to open a specially crafted file. Successful exploitation would allow the attacker to execute arbitrary code.

This CVE-2024-43572 was exploited in the wild as a zero-day. This is the second month in a row that Microsoft patched a RCE vulnerability in the MMC, as Microsoft addressed CVE-2024-38259 in its September 2024 Patch Tuesday release. As part of its patch for CVE-2024-43572, Microsoft has altered the behavior for Microsoft Saved Console (MSC) files, preventing untrusted MSC files from being opened on a system.

Windows MSHTML Platform Spoofing Vulnerability

The vulnerability tracked as CVE-2024-43573 with a CVSSv3 score of 6.5, an unauthenticated, remote attacker could exploit this vulnerability by convincing a potential target to open a malicious file.

This vulnerability CVE-2024-43573 was exploited in the wild as a zero-day. This is the fourth zero-day vulnerability in the Windows MSHTML Platform that was exploited in the wild in 2024, which include CVE-2024-30040, a security feature bypass flaw that was patched in May 2024, CVE-2024-38112, a spoofing vulnerability that was patched in July 2024 and CVE-2024-43461, a spoofing vulnerability that was patched on September 10, 2024, though details about in-the-wild exploitation was not known until September 13, 2024. Both CVE-2024-38112 and CVE-2024-43461 were used as part of an exploit chain by an advanced persistent threat (APT) actor known as Void Banshee.

Windows Hyper-V Security Feature Bypass Vulnerability

The vulnerability tracked as CVE-2024-20659 with a CVSSv3 score of 7.1 is a security feature bypass vulnerability in Windows Hyper-V. This is likely because there are multiple conditions that need to be met for exploitation to be feasible, such as a user rebooting their machine and application specific behavior among other user-required actions. Successful exploitation would allow an attacker to bypass a Virtual Machine’s UEFI on the host machine, resulting in both the hypervisor and secure kernel being compromised. According to Microsoft, CVE-2024-20659 was publicly disclosed prior to a patch being made available.

In addition to CVE-2024-20659, Microsoft also addressed three denial of service (DoS) CVE-2024-43521, CVE-2024-43567, CVE-2024-43575 vulnerabilities and one RCE CVE-2024-3009 in Windows Hyper-V.

Advertisements

Winlogon Elevation of Privilege Vulnerability

The vulnerability tracked as CVE-2024-43583 with a CVSSv3 score of 7.8, a local authenticated attacker could exploit this vulnerability to gain SYSTEM privileges. According to Microsoft, CVE-2024-43583 was publicly disclosed prior to a patch being made available. In addition to applying the available patch for CVE-2024-43583, Microsoft recommends enabling Microsoft first-party Input Method Editor (IME) to thwart vulnerabilities within third-party IMEs.

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

The 12 vulnerabilities tracked as CVE-2024-38212, CVE-2024-38261, CVE-2024-38265, CVE-2024-43453, CVE-2024-43549, CVE-2024-43564, CVE-2024-43589, CVE-2024-43592, CVE-2024-43593, CVE-2024-43607, CVE-2024-43608 and CVE-2024-43611 are a series of RCE vulnerabilities in Windows Routing and Remote Access Service (RRAS) accounting for 10% of the vulnerabilities in the October Microsoft Patch Tuesday update. All 12 of these vulnerabilities share a common CVSSv3 score of 8.8 apart from CVE-2024-38261 which was assigned a score of 7.8.

They share similar attack paths based on Microsoft’s descriptions of the vulnerabilities. An attacker with no authentication could leverage this vulnerability by targeting a vulnerable server with a specially crafted protocol message or tricking a user to submit a request to a malicious server resulting in a malicious message being returned, which could lead to RCE on the vulnerable machine.

Remote Desktop Client Remote Code Execution Vulnerability

The 2 vulnerabilities tracked as CVE-2024-43533 and CVE-2024-43599 are a pair of RCE vulnerabilities with a CVSSv3 score of 8.8. The attack vector noted by Microsoft lists a prerequisite of an attacker first compromising a Remote Desktop Server. Once compromised, the attacker can leverage RCE against vulnerable connecting devices. As a mitigating factor and part of security best practices, it is suggested that the Remote Desktop service should be disabled if not needed. Microsoft’s advisory further explains that disabling unused services can help reduce exposure.

Advertisements

Patch Tuesday Summary

CVE IDCVE TitleSeverity
CVE-2024-43468Microsoft Configuration Manager Remote Code Execution VulnerabilityCritical
CVE-2024-43488Visual Studio Code extension for Arduino Remote Code Execution VulnerabilityCritical
CVE-2024-43582Remote Desktop Protocol Server Remote Code Execution VulnerabilityCritical
CVE-2024-38229.NET and Visual Studio Remote Code Execution VulnerabilityImportant
CVE-2024-43485.NET and Visual Studio Denial of Service VulnerabilityImportant
CVE-2024-43484.NET, .NET Framework, and Visual Studio Denial of Service VulnerabilityImportant
CVE-2024-43483.NET, .NET Framework, and Visual Studio Denial of Service VulnerabilityImportant
CVE-2024-43591Azure Command Line Integration (CLI) Elevation of Privilege VulnerabilityImportant
CVE-2024-38097Azure Monitor Agent Elevation of Privilege VulnerabilityImportant
CVE-2024-38179Azure Stack Hyperconverged Infrastructure (HCI) Elevation of Privilege VulnerabilityImportant
CVE-2024-43506BranchCache Denial of Service VulnerabilityImportant
CVE-2024-38149BranchCache Denial of Service VulnerabilityImportant
CVE-2024-43585Code Integrity Guard Security Feature Bypass VulnerabilityImportant
CVE-2024-43497DeepSpeed Remote Code Execution VulnerabilityImportant
CVE-2024-43515Internet Small Computer Systems Interface (iSCSI) Denial of Service VulnerabilityImportant
CVE-2024-43517Microsoft ActiveX Data Objects Remote Code Execution VulnerabilityImportant
CVE-2024-43614Microsoft Defender for Endpoint for Linux Spoofing VulnerabilityImportant
CVE-2024-43534Windows Graphics Component Information Disclosure VulnerabilityImportant
CVE-2024-43508Windows Graphics Component Information Disclosure VulnerabilityImportant
CVE-2024-43556Windows Graphics Component Elevation of Privilege VulnerabilityImportant
CVE-2024-43509Windows Graphics Component Elevation of Privilege VulnerabilityImportant
CVE-2024-43572Microsoft Management Console Remote Code Execution VulnerabilityImportant
CVE-2024-43616Microsoft Office Remote Code Execution VulnerabilityImportant
CVE-2024-43576Microsoft Office Remote Code Execution VulnerabilityImportant
CVE-2024-43609Microsoft Office Spoofing VulnerabilityImportant
CVE-2024-43504Microsoft Excel Remote Code Execution VulnerabilityImportant
CVE-2024-43503Microsoft SharePoint Elevation of Privilege VulnerabilityImportant
CVE-2024-43505Microsoft Office Visio Remote Code Execution VulnerabilityImportant
CVE-2024-43544Microsoft Simple Certificate Enrollment Protocol Denial of Service VulnerabilityImportant
CVE-2024-43541Microsoft Simple Certificate Enrollment Protocol Denial of Service VulnerabilityImportant
CVE-2024-43519Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution VulnerabilityImportant
CVE-2024-43574Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution VulnerabilityImportant
CVE-2024-43615Microsoft OpenSSH for Windows Remote Code Execution VulnerabilityImportant
CVE-2024-43581Microsoft OpenSSH for Windows Remote Code Execution VulnerabilityImportant
CVE-2024-38029Microsoft OpenSSH for Windows Remote Code Execution VulnerabilityImportant
CVE-2024-43604Outlook for Android Elevation of Privilege VulnerabilityImportant
CVE-2024-43612Power BI Report Server Spoofing VulnerabilityImportant
CVE-2024-43481Power BI Report Server Spoofing VulnerabilityImportant
CVE-2024-43533Remote Desktop Client Remote Code Execution VulnerabilityImportant
CVE-2024-43599Remote Desktop Client Remote Code Execution VulnerabilityImportant
CVE-2024-43521Windows Hyper-V Denial of Service VulnerabilityImportant
CVE-2024-20659Windows Hyper-V Security Feature Bypass VulnerabilityImportant
CVE-2024-43567Windows Hyper-V Denial of Service VulnerabilityImportant
CVE-2024-43575Windows Hyper-V Denial of Service VulnerabilityImportant
CVE-2024-43532Remote Registry Service Elevation of Privilege VulnerabilityImportant
CVE-2024-43480Azure Service Fabric for Linux Remote Code Execution VulnerabilityImportant
CVE-2024-43571Sudo for Windows Spoofing VulnerabilityImportant
CVE-2024-43590Visual C++ Redistributable Installer Elevation of Privilege VulnerabilityImportant
CVE-2024-43603Visual Studio Collector Service Denial of Service VulnerabilityImportant
CVE-2024-43601Visual Studio Code for Linux Remote Code Execution VulnerabilityImportant
CVE-2024-43563Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityImportant
CVE-2024-43513BitLocker Security Feature Bypass VulnerabilityImportant
CVE-2024-43501Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
CVE-2024-43546Windows Cryptographic Information Disclosure VulnerabilityImportant
CVE-2024-6197Open Source Curl Remote Code Execution VulnerabilityImportant
CVE-2024-37982Windows Resume Extensible Firmware Interface Security Feature Bypass VulnerabilityImportant
CVE-2024-37976Windows Resume Extensible Firmware Interface Security Feature Bypass VulnerabilityImportant
CVE-2024-37983Windows Resume Extensible Firmware Interface Security Feature Bypass VulnerabilityImportant
CVE-2024-30092Windows Hyper-V Remote Code Execution VulnerabilityImportant
CVE-2024-43547Windows Kerberos Information Disclosure VulnerabilityImportant
CVE-2024-38129Windows Kerberos Elevation of Privilege VulnerabilityImportant
CVE-2024-43502Windows Kernel Elevation of Privilege VulnerabilityImportant
CVE-2024-43511Windows Kernel Elevation of Privilege VulnerabilityImportant
CVE-2024-43520Windows Kernel Denial of Service VulnerabilityImportant
CVE-2024-43527Windows Kernel Elevation of Privilege VulnerabilityImportant
CVE-2024-43570Windows Kernel Elevation of Privilege VulnerabilityImportant
CVE-2024-37979Windows Kernel Elevation of Privilege VulnerabilityImportant
CVE-2024-43554Windows Kernel-Mode Driver Information Disclosure VulnerabilityImportant
CVE-2024-43535Windows Kernel-Mode Driver Elevation of Privilege VulnerabilityImportant
CVE-2024-43522Windows Local Security Authority (LSA) Elevation of Privilege VulnerabilityImportant
CVE-2024-43555Windows Mobile Broadband Driver Denial of Service VulnerabilityImportant
CVE-2024-43540Windows Mobile Broadband Driver Denial of Service VulnerabilityImportant
CVE-2024-43536Windows Mobile Broadband Driver Remote Code Execution VulnerabilityImportant
CVE-2024-43538Windows Mobile Broadband Driver Denial of Service VulnerabilityImportant
CVE-2024-43525Windows Mobile Broadband Driver Remote Code Execution VulnerabilityImportant
CVE-2024-43559Windows Mobile Broadband Driver Denial of Service VulnerabilityImportant
CVE-2024-43561Windows Mobile Broadband Driver Denial of Service VulnerabilityImportant
CVE-2024-43558Windows Mobile Broadband Driver Denial of Service VulnerabilityImportant
CVE-2024-43542Windows Mobile Broadband Driver Denial of Service VulnerabilityImportant
CVE-2024-43557Windows Mobile Broadband Driver Denial of Service VulnerabilityImportant
CVE-2024-43526Windows Mobile Broadband Driver Remote Code Execution VulnerabilityImportant
CVE-2024-43543Windows Mobile Broadband Driver Remote Code Execution VulnerabilityImportant
CVE-2024-43523Windows Mobile Broadband Driver Remote Code Execution VulnerabilityImportant
CVE-2024-43524Windows Mobile Broadband Driver Remote Code Execution VulnerabilityImportant
CVE-2024-43537Windows Mobile Broadband Driver Denial of Service VulnerabilityImportant
CVE-2024-38124Windows Netlogon Elevation of Privilege VulnerabilityImportant
CVE-2024-43562Windows Network Address Translation (NAT) Denial of Service VulnerabilityImportant
CVE-2024-43565Windows Network Address Translation (NAT) Denial of Service VulnerabilityImportant
CVE-2024-43553NT OS Kernel Elevation of Privilege VulnerabilityImportant
CVE-2024-43514Windows Resilient File System (ReFS) Elevation of Privilege VulnerabilityImportant
CVE-2024-43545Windows Online Certificate Status Protocol (OCSP) Server Denial of Service VulnerabilityImportant
CVE-2024-43529Windows Print Spooler Elevation of Privilege VulnerabilityImportant
CVE-2024-38262Windows Remote Desktop Licensing Service Remote Code Execution VulnerabilityImportant
CVE-2024-43456Windows Remote Desktop Services Tampering VulnerabilityImportant
CVE-2024-43500Windows Resilient File System (ReFS) Information Disclosure VulnerabilityImportant
CVE-2024-43592Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
CVE-2024-43589Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
CVE-2024-38212Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
CVE-2024-43593Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
CVE-2024-38261Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
CVE-2024-43611Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
CVE-2024-43453Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
CVE-2024-38265Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
CVE-2024-43607Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
CVE-2024-43549Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
CVE-2024-43608Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
CVE-2024-43564Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
CVE-2024-43584Windows Scripting Engine Security Feature Bypass VulnerabilityImportant
CVE-2024-43550Windows Secure Channel Spoofing VulnerabilityImportant
CVE-2024-43516Windows Secure Kernel Mode Elevation of Privilege VulnerabilityImportant
CVE-2024-43528Windows Secure Kernel Mode Elevation of Privilege VulnerabilityImportant
CVE-2024-43552Windows Shell Remote Code Execution VulnerabilityImportant
CVE-2024-43512Windows Standards-Based Storage Management Service Denial of Service VulnerabilityImportant
CVE-2024-43551Windows Storage Elevation of Privilege VulnerabilityImportant
CVE-2024-43560Microsoft Windows Storage Port Driver Elevation of Privilege VulnerabilityImportant
CVE-2024-43518Windows Telephony Server Remote Code Execution VulnerabilityImportant
CVE-2024-43583Winlogon Elevation of Privilege VulnerabilityImportant
CVE-2024-43573Windows MSHTML Platform Spoofing VulnerabilityModerate
Tags:

Comments

No comments yet. Why don’t you start the discussion?

    Leave a Reply

    This site uses Akismet to reduce spam. Learn how your comment data is processed.