The usual monthly appointment with the patch could have been missed Microsoft (normally called “Patch Tuesday”, i.e. “Tuesday patch”), where the Redmond company fixes the flaws in its products?
Microsoft has released security patch to fix a total of 118 vulnerabilities in its diverse software portfolio, two of which are actively exploited in real-world environments.
Microsoft Patch October 2024, what has been fixed
Of the 118 flaws, three are classified as critical, 113 as major and two as moderate in terms of severity and the Patch Tuesday update does not include the 25 further flaws which the tech giant fixed in its Chromium-based Edge browser over the last month.
Five of the vulnerabilities were publicly known at the time of release, and two of these were actively exploited as zero-days:
- CVE-2024-43572 (CVSS Score: 7.8) – Remote Code Execution Vulnerability in Microsoft Management Console (Exploitation Detected)
- CVE-2024-43573 (CVSS score: 6.5) – Spoofing vulnerability in Windows MSHTML platform (exploit detected)
- CVE-2024-43583 (CVSS score: 7.8) – Elevation vulnerability in Winlogon
- CVE-2024-20659 (CVSS score: 7.1) – Windows Hyper-V Security Feature Bypass Vulnerability
- CVE-2024-6197 (CVSS score: 8.8) – Remote code execution vulnerability in open source Curl (Non-Microsoft CVEs)
It must be said that the CVE-2024-43573 is similar to CVE-2024-38112 And CVE-2024-43461two more MSHTML spoofing vulnerabilities exploited before July 2024 by the Void Banshee threat group to spread the Atlantida Stealer malware.
The patch also fixes vulnerabilities on other devices
Microsoft did not provide details on how the two vulnerabilities are exploited in the real world, nor on who the attackers are or how widespread they are; the Redmond company therefore gave credit for the discovery of CVE-2024-43572 to researchers Andres and Shady, but did not acknowledge any contribution to the CVE-2024-43573, and this could indicate a possible case of patch bypass.
“Since CVE-2024-43572 was discovered, Microsoft now prevents opening untrusted MSC files on a system“Satnam Narang, senior research engineer at Tenable, said in his statement.
Active exploitation of the CVE-2024-43572 and CVE-2024-43573 vulnerabilities was also reported by the US Cybersecurity and Infrastructure Security Agency (CISA), which reported them additions to its catalog of known and exploited vulnerabilities (KEV), requiring federal agencies to implement the fixes by October 29, 2024.
Of all the flaws Microsoft disclosed on Tuesday, the most serious concerns a remote code execution vulnerability in Microsoft Configuration Manager (CVE-2024-43468CVSS score: 9.8), which could allow unauthenticated attackers to execute arbitrary commands.
“An unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to the target environment, which are processed insecurely, allowing the attacker to execute commands on the underlying server and/or database“, Microsoft explained.
Two other vulnerabilities rated critical involve remote code execution in the Visual Studio Code extension for Arduino (CVE-2024-43488CVSS score: 8.8) and in Server Remote Desktop Protocol (RDP) (CVE-2024-43582CVSS score: 8.1).
“Exploiting this vulnerability requires the attacker to send deliberately malformed packets to a Windows RPC host, leading to code execution in the context of the RPC service, although what this means in practice depends on factors such as the server’s restrictions configuration.RPC interface on the target system“said Adam Barnett, lead engineer at Rapid7, regarding CVE-2024-43582.
Barnett added: “The only positive note is that the complexity of the attack is high, as the attacker must overcome a race condition to improperly access memory.“
Security patches from other vendors
In addition to Microsoft, other vendors have released security updates in recent weeks to fix several vulnerabilities, including:
And what do you think of the work that Microsoft does on a monthly basis to distribute its patches? Write it in the comments.
#Microsofts #usual #October #patch #arrives