Security Advisory: October 2024 Microsoft Patch Tuesday Updates

On October 8th, 2024, Microsoft released its monthly security updates addressing a total of 118 vulnerabilities across its software portfolio. This includes three critical vulnerabilities, five zero-day vulnerabilities (two of which are actively exploited), and several other high-severity issues. These updates span multiple Microsoft products and components, such as Windows OS, Microsoft Management Console, and Hyper-V, among others.

This month’s Patch Tuesday addresses the following types of vulnerabilities:

• 28 Elevation of Privilege vulnerabilities
• 7 Security Feature Bypass vulnerabilities
• 43 Remote Code Execution vulnerabilities
• 6 Information Disclosure vulnerabilities
• 26 Denial of Service vulnerabilities
• 7 Spoofing vulnerabilities

In addition to these, 25 Chromium-based Edge browser vulnerabilities were also patched earlier this month.

October 2024 Microsoft Patch Tuesday Updates Technical Overview

The most critical vulnerabilities include:

1. CVE-2024-43572 – Microsoft Management Console Remote Code Execution Vulnerability
   • Severity: CVSS Score 7.8 (High)
   • Description: This vulnerability allows for remote code execution using malicious Microsoft Saved Console (MSC) files. Exploitation occurs when an attacker tricks the victim into opening a specially crafted MSC file.
   • Mitigation: Microsoft has updated the security measures to prevent untrusted MSC files from being opened by default.
2. CVE-2024-43573 – Windows MSHTML Platform Spoofing Vulnerability
   • Severity: CVSS Score 6.5 (Moderate)
   • Description: An actively exploited zero-day affecting the legacy MSHTML platform, potentially allowing attackers to spoof file extensions or UI elements. This vulnerability could be leveraged in phishing or social engineering campaigns to mislead users.
   • Mitigation: Microsoft has updated the underlying MSHTML components, which are still in use by some applications, despite Internet Explorer and Edge Legacy being deprecated.
3. CVE-2024-43583 – Winlogon Elevation of Privilege Vulnerability
   • Severity: CVSS Score 7.8 (High)
   • Description: This vulnerability can be leveraged by attackers to gain SYSTEM-level privileges on a Windows device. Exploitation is complex and requires specific conditions, such as using a third-party Input Method Editor (IME) during sign-in.
   • Mitigation: Ensure a Microsoft first-party IME is enabled on devices.
4. CVE-2024-20659 – Windows Hyper-V Security Feature Bypass Vulnerability
   • Severity: CVSS Score 7.1 (High)
   • Description: A UEFI bypass vulnerability that allows attackers to compromise the hypervisor and kernel on certain hardware platforms. Physical access to the device and a reboot are required for exploitation.
   • Mitigation: Physical security controls and secure UEFI configurations are recommended to prevent exploitation.
5. CVE-2024-6197 – Open Source Curl Remote Code Execution Vulnerability
   • Severity: CVSS Score 8.8 (Critical)
   • Description: A critical vulnerability in the bundled libcurl library used by the Curl executable in Windows. It can be exploited via a malicious server offering specially crafted TLS certificates to execute commands remotely.
   • Mitigation: Microsoft has updated the libcurl library to prevent exploitation.

Additional high-risk vulnerabilities include:

• CVE-2024-43468 – Microsoft Configuration Manager Remote Code Execution Vulnerability
  • Severity: CVSS Score 9.8 (Critical)
  • Description: An unauthenticated attacker can send specially crafted requests to the Configuration Manager environment to execute commands on the server or underlying database.
• CVE-2024-43488 – Visual Studio Code Extension Remote Code Execution Vulnerability
  • Severity: CVSS Score 8.8 (Critical)
  • Description: This vulnerability impacts the Arduino extension for Visual Studio Code, allowing for remote code execution by processing malformed packets.
• CVE-2024-43582 – Remote Desktop Protocol (RDP) Server Remote Code Execution Vulnerability
  • Severity: CVSS Score 8.1 (Critical)
  • Description: Exploitation of this flaw requires an attacker to send specifically crafted packets to a Windows RPC host, which could lead to arbitrary code execution depending on the configuration of RPC Interface restrictions.

What We Suggest for October 2024 Microsoft Patch Tuesday Updates

• Apply Security Updates Immediately:
  • Ensure all systems are updated with the latest Microsoft security patches released for October 2024.
  • Prioritize patching for actively exploited zero-days and critical vulnerabilities, including CVE-2024-43572, CVE-2024-43573, CVE-2024-43583, CVE-2024-20659, and CVE-2024-6197.
• Verify Microsoft First-Party IME Configuration:
  • For devices using third-party IMEs, switch to a Microsoft first-party IME to mitigate CVE-2024-43583.
• Restrict Access to Hyper-V Systems:
  • Implement physical access controls and enable secure boot settings to prevent potential exploitation of CVE-2024-20659.
• Secure MSC File Handling:
  • Configure file handling policies to prevent untrusted MSC files from being opened, protecting against CVE-2024-43572.
• Review Network Security Configurations:
  • Ensure proper network segmentation and restrictions to prevent remote exploitation of RDP and Configuration Manager services.
• Monitor for Exploitation Indicators:
  • Implement monitoring for unusual activity related to MSHTML platform use and MSC file execution to detect potential exploitation attempts early.