Microsoft’s October Security Patches Mitigate Remote Code Execution & Spoofing Risk
Summary
OEM | Microsoft |
Severity | Critical |
Date of Announcement | 2024-10-10 |
NO. of Vulnerabilities Patched | 117 |
Exploitable Vulnerabilities | 02 |
Exploited in Wild | Yes |
Advisory Version | 1.0 |
Overview
Microsoft’s October 2024 Patch on Tuesday addresses a total of 117 vulnerabilities, including five critical zero-days. This update resolves two actively exploited vulnerabilities and a significant remote code execution issue, while also reintroducing previously mitigated vulnerabilities. The patch targets a range of critical issues across Microsoft products, categorized as follows:
- 42 Remote Code Execution (RCE) Vulnerabilities
- 28 Elevation of Privilege (EoP) Vulnerabilities
- 26 Denial of Service (DoS) Vulnerabilities
- 7 Security Feature Bypass Vulnerabilities
- 7 Spoofing Vulnerabilities
- 7 Information Disclosure & Tampering Vulnerabilities
Highlighted below vulnerabilities were publicly known at release, with two actively exploited as zero-days.
Vulnerability Name | CVE ID | Product Affected | Impact | CVSS Score |
Microsoft Management Console Remote Code Execution Vulnerability (Exploitation detected) | CVE-2024-43572 | Windows Servers and Windows 10&11 | High | 7.8 |
Winlogon Elevation of Privilege Vulnerability | CVE-2024-43583 | Windows systems using Winlogon | High | 7.8 |
Windows Hyper-V Security Feature Bypass Vulnerability | CVE-2024-20659 | Windows Hyper-V | High | 7.1 |
Windows MSHTML Platform Spoofing Vulnerability | CVE-2024-43573 | Windows Servers and Windows 10&11 | Medium | 6.5 |
Technical Summary
CVE ID | System Affected | Vulnerability Details | Impact |
CVE-2024-43572 | Windows Servers and Windows 10&11 | This vulnerability enables attackers to remotely execute code on affected systems, allowing them to take control of the system. | Allows attackers to execute arbitrary code remotely. |
CVE-2024-43583 | Windows systems using Winlogon | Specifically, by abusing a third-party Input Method Editor (IME) during user sign-on. Attackers can exploit this vulnerability to escalate privileges and gain SYSTEM-level access on the affected machine | Allows attackers to gain SYSTEM-level privileges via third-party Input Method Editors (IME) during the Windows sign-in process. |
CVE-2024-20659 | Windows Hyper-V | A vulnerability in Windows Hyper-V that could allow a malicious guest to execute code on the host operating system. It leads to guest-to-host escapes or privilege escalation, making it possible for an attacker to gain elevated access or control of the host machine | Allows guest-to-host escape or privilege escalation |
CVE-2024-43573 | Windows Servers and Windows 10&11 | Improper input handling in web page generation [CWE-79], cross-site scripting)- Exploited by using fake web content that disguises legitimate web pages | Could lead to phishing attacks or data theft. |
Remediation
- Implement a routine patch management process to regularly check for and apply the latest Microsoft security updates and patches for all affected products
- Create and regularly test an incident response plan with defined communication channels and responsibilities to ensure readiness for security breaches
- Regularly enable and review logging for critical systems, utilizing SIEM tools to centralize and analyze security events for unauthorized access and anomalies
- Awareness of download files from the internet & regularly review and monitor your security setup, staying updated on new advisories to secure against emerging threats and vulnerabilities.