Menu
“Patch Tuesday” is an unofficial term referring to the second Tuesday of each month, when vendors including Microsoft, Adobe, SAP and Google coordinate the release of vulnerabilities in (and patches for) their software products on a fixed cycle. Critical security updates are occasionally released outside of the normal Patch Tuesday cycle, but these are known as “out-of-band” releases.
In this blog post we’ll summarise the key Microsoft Security Updates for the month, but you can access the raw list in full directly at https://msrc.microsoft.com/update-guide/releaseNote/2024-Oct.
Updates this month feature patches for critical vulnerabilities including Remote Code Execution (RCE), Elevation of Privilege (EoP), and Security Feature Bypass flaws. The largest Microsoft Patch Tuesday bundle since July of this year includes two vulnerabilities that have been confirmed as being currently exploited ‘in the wild’, and two additional critical issues across the company’s portfolio, including a near-maximal 9.8 CVSS flaw in MS Configuration Manager.
The Microsoft Patch Tuesday update for October 2024 also includes important fixes for vulnerabilities in products including Microsoft Office, Hyper-V virtualisation, Kerberos, Windows Mobile Broadband and OpenSSH for Windows.
The list of “Known Exploited” vulnerabilities below represent the greatest risk and absolute highest priority for patching for many organisations. They have been reported by the CISA, America’s Cyber Defense Agency, to be known to be currently being exploited in the wild and at scale, meaning that not only is exploit code known to attackers, but that the weakness is being actively targeted. These vulnerabilities are the most time-critical to patch before being exploited by threat actors.
The AppCheck Scanner is able to detect these vulnerabilities and report on their presence in your technical estate, enabling you to effectively and swiftly target them for remediation – please click each CVE below to read more about each entry on our public-facing Detections database.
A critical remote code execution (RCE) vulnerability in the Microsoft Management Console has been confirmed by Microsoft as undergoing actively exploit in the wild by attackers, in order to execute arbitrary code on targeted devices in customer environments. Microsoft’s released security patch prevents untrusted Microsoft Saved Console (MSC) files from being opened to protect users against adversaries trying to exploit this vulnerability.
See more details in the AppCheck Detections Service at https://detections.appcheck-ng.com/vulnerabilities/view/324118
A platform spoofing vulnerability in Windows MSHTML Platform has also been confirmed as exploited in the wild. Classed as a cross-site-scripting (XSS) flaw, Microsoft’s classification of this as a ‘spoofing’ vulnerability suggests that adversaries have been gaining unauthorized access to customer environments by tricking users into accepting links or data from them as a trusted source.
See more details in the AppCheck Detections Service at https://detections.appcheck-ng.com/vulnerabilities/view/324049
The list of “Critical” vulnerabilities below are all those with a “CVSS” (Common Vulnerability Scoring System) score of 9.0 or greater. This generally reflects a vulnerability that is a critical risk – being both trivial to exploit as well as having the potential to have significant impact (harm) if successfully exploited – but for which no hard evidence has been gathered yet as to ongoing exploitation. Critical vulnerabilities are crucial to patch, but may be slightly less time-sensitive than ‘known exploited’ vulnerabilities. Critical vulnerabilities highlighted by Microsoft this month include:
| Product | CVE | CVSS Score |
|---|---|---|
| Microsoft Configuration Manager – Remote Code Execution (RCE) Vulnerability | CVE-2024-43468 | 9.8 |
| Windows Netlogon – Elevation of Privilege (EoP) Vulnerability | CVE-2024-38124 | 9.0 |
The list of “Highly Exploitable” vulnerabilities below are all those which Microsoft has determined are relatively trivial to exploit. Unlike the ‘known exploited vulnerabilities’ list above, there is no evidence yet released of these vulnerabilities having been exploited ‘in the wild’, but that could well change if exploit code is published, or a threat actor chooses to specifically target one of these vulnerabilities. The vulnerabilities flagged as ‘highly exploitable’ by Microsoft this month include:
| Product | CVE | CVSS Score |
|---|---|---|
| Windows Kernel – Elevation of Privilege (EoP) Vulnerability | CVE-2024-43502 | 7.1 |
| Microsoft Graphics Component – Elevation of Privilege (EoP) Vulnerability | CVE-2024-43509 | 7.8 |
| Microsoft Graphics Component – Elevation of Privilege (EoP) Vulnerability | CVE-2024-43556 | 7.8 |
| Windows Storage Port Driver – Elevation of Privilege (EoP) Vulnerability | CVE-2024-43560 | 7.8 |
| OpenSSH for Windows – Remote Code Execution (RCE) Vulnerability | CVE-2024-43581 | 7.1 |
| Winlogon – Elevation of Privilege (EoP) Vulnerability | CVE-2024-43583 | 7.8 |
| Microsoft Office – Spoofing Vulnerability | CVE-2024-43609 | 6.5 |
| OpenSSH for Windows – Remote Code Execution (RCE) Vulnerability | CVE-2024-43615 | 7.1 |
In addition to the above, Microsoft released 117 important security patches in total.
Products affected by this Patch Tuesday’s updates include:
Total Microsoft CVEs: 117
Known Actively Exploited: 2
Critical: 2
Highly Exploitable: 8
Other vendors releasing critical security updates this Patch Tuesday include:
Other vendors who released updates or advisories earlier in October 2024 include:
As with every month, if you don’t want to wait for your system to download Microsoft critical updates on pre-determined schedule, you can download them immediately from the Windows Update Catalog website at https://www.catalog.update.microsoft.com/Home.aspx and searching by Microsoft KB ID.
We also recommend scanning your entire estate using the AppCheck vulnerability scanner regularly – including end-user machines running desktop operating systems. Contact your account manager now if you are not already licensed for internal scan hubs to cover your whole estate.
The next Patch Tuesday will be on the 12th November 2024 – add it to your calendar now!
Also keep an eye on our blog for our weekly roundup of ‘Known exploited vulnerabilities’ from across all vendors, published weekly each Friday.
Plus: COMING SOON – coverage of patch cycles from other vendors including Oracle. Want to see regular coverage from AppCheck of patch releases from other key vendors deployed across your estate? Contact your sales manager and let us know!
AppCheck is a software security vendor based in the UK, offering a leading security scanning platform that automates the discovery of security flaws within organisations websites, applications, network, and cloud infrastructure. AppCheck are authorized by the Common Vulnerabilities and Exposures (CVE) Program as a CVE Numbering Authority (CNA).
No software to download or install.
Contact us or call us 0113 887 8380
AppCheck is a software security vendor based in the UK, offering a leading security scanning platform that automates the discovery of security flaws within organisations websites, applications, network and cloud infrastructure. AppCheck are authorized by te Common Vulnerabilities and Exposures (CVE) Program aas a CVE Numbering Authority (CNA)
