Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws
by Lawrence Abrams · BleepingComputerToday is Microsoft's October 2024 Patch Tuesday, which includes security updates for 118 flaws, including five publicly disclosed zero-days, two of which are actively exploited.
This Patch Tuesday fixed three critical vulnerabilities, all remote code execution flaws.
The number of bugs in each vulnerability category is listed below:
- 28 Elevation of Privilege vulnerabilities
- 7 Security Feature Bypass vulnerabilities
- 43 Remote Code Execution vulnerabilities
- 6 Information Disclosure vulnerabilities
- 26 Denial of Service vulnerabilities
- 7 Spoofing vulnerabilities
This count does not include three Edge flaws that were previously fixed on October 3rd.
To learn more about the non-security updates released today, you can review our dedicated articles on the new Windows 11 KB5044284 and KB5044285 cumulative updates and the Windows 10 KB5044273 update.
Four zero-days disclosed
This month's Patch Tuesday fixes five zero-days, two of which were actively exploited in attacks, and all five were publicly disclosed.
Microsoft classifies a zero-day flaw as one that is publicly disclosed or actively exploited while no official fix is available.
The two actively exploited zero-day vulnerabilities in today's updates are:
CVE-2024-43573 - Windows MSHTML Platform Spoofing Vulnerability
While Microsoft has not shared any detailed information about this bug or how it's exploited, they did state it involved the MSHTML platform, previously used by Internet Explorer and Legacy Microsoft Edge, whose components are still installed in Windows.
"While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported," explained Microsoft.
"The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control. The EdgeHTML platform is used by WebView and some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but can also be used by other legacy applications."
While not confirmed, this could be a bypass of a previous vulnerability that abused MSHTML to spoof file extensions in alerts displayed when opening files. A similar MSHTML spoofing flaw was disclosed last month when attacks utilized Braille characters in filenames to spoof PDF files.
Microsoft has not shared who disclosed the vulnerability.
CVE-2024-43572 - Microsoft Management Console Remote Code Execution Vulnerability
This flaw allowed malicious Microsoft Saved Console (MSC) files to perform remote code execution on vulnerable devices.
Microsoft fixed the flaw by preventing untrusted MSC files from being opened.
"The security update will prevent untrusted Microsoft Saved Console (MSC) files from being opened to protect customers against the risks associated with this vulnerability," explained Microsoft.
It is unknown how this flaw was actively exploited in attacks.
Microsoft says the bug was disclosed by "Andres and Shady".
Microsoft says that both of these were also publicly disclosed.
The other three vulnerabilities that were publicly disclosed but not exploited in attacks are:
CVE-2024-6197 - Open Source Curl Remote Code Execution Vulnerability
Microsoft fixed a libcurl remote code execution flaw that could cause commands to be executed when Curl attempts to connect to a malicious server.
"The vulnerable code path can be triggered by a malicious server offering an especially crafted TLS certificate," explains a Curl security advisory.
Microsoft fixed the flaw by updating the libcurl library used by the Curl executable bundled with Windows.
The flaw was discovered by a security researcher named "z2_," who shared technical details in a HackerOne report.
CVE-2024-20659 - Windows Hyper-V Security Feature Bypass Vulnerability
Microsoft fixed a UEFI bypass that could allow attackers to compromised the hypervisor and kernel.
"This Hypervisor vulnerability relates to Virtual Machines within a Unified Extensible Firmware Interface (UEFI) host machine," explains Microsoft.
"On some specific hardware it might be possible to bypass the UEFI, which could lead to the compromise of the hypervisor and the secure kernel."
Microsoft says that an attacker needs physical access to the device and must reboot it to exploit the flaw.
The flaw was discovered by Francisco Falcón and Iván Arce of Quarkslab but it is not known where it was publicly disclosed.
CVE-2024-43583 - Winlogon Elevation of Privilege Vulnerability
Microsoft fixed an elevation of privileges flaw that could give attackers SYSTEM privileges in Windows.
To be protected from this flaw, Microsoft says that admins must take additional actions.
"To address this vulnerability, ensure that a Microsoft first-party IME is enabled on your device," explains Microsoft.
"By doing so, you can help protect your device from potential vulnerabilities associated with a third-party (3P) IME during the sign in process."
Microsoft says wh1tc & Zhiniang Peng of pwnull discovered the flaws.
Recent updates from other companies
Other vendors who released updates or advisories in October 2024 include:
- Cisco releases security updates for multiple products, including Cisco Meraki MX and Z Series Teleworker Gateway, Cisco Nexus Dashboard, and routers.
- DrayTek released security updates for 14 vulnerabilities in various router models.
- Fortinet fixes four vulnerabilities in various firmware, with none reported as actively exploited.
- Ivanti released security updates for three zero-days chained in active attacks.
- Optigo Networks released security updates for two flaws in its ONS-S8 Aggregation Switch products.
- Qualcomm released security patches for a zero-day vulnerability in the Digital Signal Processor (DSP) service.
- SAP releases security updates for multiple products as part of October Patch Day.
The October 2024 Patch Tuesday Security Updates
Below is the complete list of resolved vulnerabilities in the October 2024 Patch Tuesday updates.
To access the full description of each vulnerability and the systems it affects, you can view the full report here.
Tag CVE ID CVE Title Severity .NET and Visual Studio CVE-2024-38229 .NET and Visual Studio Remote Code Execution Vulnerability Important .NET and Visual Studio CVE-2024-43485 .NET and Visual Studio Denial of Service Vulnerability Important .NET, .NET Framework, Visual Studio CVE-2024-43484 .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability Important .NET, .NET Framework, Visual Studio CVE-2024-43483 .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability Important Azure CLI CVE-2024-43591 Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability Important Azure Monitor CVE-2024-38097 Azure Monitor Agent Elevation of Privilege Vulnerability Important Azure Stack CVE-2024-38179 Azure Stack Hyperconverged Infrastructure (HCI) Elevation of Privilege Vulnerability Important BranchCache CVE-2024-43506 BranchCache Denial of Service Vulnerability Important BranchCache CVE-2024-38149 BranchCache Denial of Service Vulnerability Important Code Integrity Guard CVE-2024-43585 Code Integrity Guard Security Feature Bypass Vulnerability Important DeepSpeed CVE-2024-43497 DeepSpeed Remote Code Execution Vulnerability Important Internet Small Computer Systems Interface (iSCSI) CVE-2024-43515 Internet Small Computer Systems Interface (iSCSI) Denial of Service Vulnerability Important Microsoft ActiveX CVE-2024-43517 Microsoft ActiveX Data Objects Remote Code Execution Vulnerability Important Microsoft Configuration Manager CVE-2024-43468 Microsoft Configuration Manager Remote Code Execution Vulnerability Critical Microsoft Defender for Endpoint CVE-2024-43614 Microsoft Defender for Endpoint for Linux Spoofing Vulnerability Important Microsoft Edge (Chromium-based) CVE-2024-9369 Chromium: CVE-2024-9369 Insufficient data validation in Mojo Unknown Microsoft Edge (Chromium-based) CVE-2024-9370 Chromium: CVE-2024-9370 Inappropriate implementation in V8 Unknown Microsoft Edge (Chromium-based) CVE-2024-7025 Chromium: CVE-2024-7025 Integer overflow in Layout Unknown Microsoft Graphics Component CVE-2024-43534 Windows Graphics Component Information Disclosure Vulnerability Important Microsoft Graphics Component CVE-2024-43508 Windows Graphics Component Information Disclosure Vulnerability Important Microsoft Graphics Component CVE-2024-43556 Windows Graphics Component Elevation of Privilege Vulnerability Important Microsoft Graphics Component CVE-2024-43509 Windows Graphics Component Elevation of Privilege Vulnerability Important Microsoft Management Console CVE-2024-43572 Microsoft Management Console Remote Code Execution Vulnerability Important Microsoft Office CVE-2024-43616 Microsoft Office Remote Code Execution Vulnerability Important Microsoft Office CVE-2024-43576 Microsoft Office Remote Code Execution Vulnerability Important Microsoft Office CVE-2024-43609 Microsoft Office Spoofing Vulnerability Important Microsoft Office Excel CVE-2024-43504 Microsoft Excel Remote Code Execution Vulnerability Important Microsoft Office SharePoint CVE-2024-43503 Microsoft SharePoint Elevation of Privilege Vulnerability Important Microsoft Office Visio CVE-2024-43505 Microsoft Office Visio Remote Code Execution Vulnerability Important Microsoft Simple Certificate Enrollment Protocol CVE-2024-43544 Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability Important Microsoft Simple Certificate Enrollment Protocol CVE-2024-43541 Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability Important Microsoft WDAC OLE DB provider for SQL CVE-2024-43519 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Important Microsoft Windows Speech CVE-2024-43574 Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability Important OpenSSH for Windows CVE-2024-43615 Microsoft OpenSSH for Windows Remote Code Execution Vulnerability Important OpenSSH for Windows CVE-2024-43581 Microsoft OpenSSH for Windows Remote Code Execution Vulnerability Important OpenSSH for Windows CVE-2024-38029 Microsoft OpenSSH for Windows Remote Code Execution Vulnerability Important Outlook for Android CVE-2024-43604 Outlook for Android Elevation of Privilege Vulnerability Important Power BI CVE-2024-43612 Power BI Report Server Spoofing Vulnerability Important Power BI CVE-2024-43481 Power BI Report Server Spoofing Vulnerability Important Remote Desktop Client CVE-2024-43533 Remote Desktop Client Remote Code Execution Vulnerability Important Remote Desktop Client CVE-2024-43599 Remote Desktop Client Remote Code Execution Vulnerability Important Role: Windows Hyper-V CVE-2024-43521 Windows Hyper-V Denial of Service Vulnerability Important Role: Windows Hyper-V CVE-2024-20659 Windows Hyper-V Security Feature Bypass Vulnerability Important Role: Windows Hyper-V CVE-2024-43567 Windows Hyper-V Denial of Service Vulnerability Important Role: Windows Hyper-V CVE-2024-43575 Windows Hyper-V Denial of Service Vulnerability Important RPC Endpoint Mapper Service CVE-2024-43532 Remote Registry Service Elevation of Privilege Vulnerability Important Service Fabric CVE-2024-43480 Azure Service Fabric for Linux Remote Code Execution Vulnerability Important Sudo for Windows CVE-2024-43571 Sudo for Windows Spoofing Vulnerability Important Visual C++ Redistributable Installer CVE-2024-43590 Visual C++ Redistributable Installer Elevation of Privilege Vulnerability Important Visual Studio CVE-2024-43603 Visual Studio Collector Service Denial of Service Vulnerability Important Visual Studio Code CVE-2024-43488 Visual Studio Code extension for Arduino Remote Code Execution Vulnerability Critical Visual Studio Code CVE-2024-43601 Visual Studio Code for Linux Remote Code Execution Vulnerability Important Windows Ancillary Function Driver for WinSock CVE-2024-43563 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important Windows BitLocker CVE-2024-43513 BitLocker Security Feature Bypass Vulnerability Important Windows Common Log File System Driver CVE-2024-43501 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important Windows Cryptographic Services CVE-2024-43546 Windows Cryptographic Information Disclosure Vulnerability Important Windows cURL Implementation CVE-2024-6197 Open Source Curl Remote Code Execution Vulnerability Important Windows EFI Partition CVE-2024-37982 Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability Important Windows EFI Partition CVE-2024-37976 Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability Important Windows EFI Partition CVE-2024-37983 Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability Important Windows Hyper-V CVE-2024-30092 Windows Hyper-V Remote Code Execution Vulnerability Important Windows Kerberos CVE-2024-43547 Windows Kerberos Information Disclosure Vulnerability Important Windows Kerberos CVE-2024-38129 Windows Kerberos Elevation of Privilege Vulnerability Important Windows Kernel CVE-2024-43502 Windows Kernel Elevation of Privilege Vulnerability Important Windows Kernel CVE-2024-43511 Windows Kernel Elevation of Privilege Vulnerability Important Windows Kernel CVE-2024-43520 Windows Kernel Denial of Service Vulnerability Important Windows Kernel CVE-2024-43527 Windows Kernel Elevation of Privilege Vulnerability Important Windows Kernel CVE-2024-43570 Windows Kernel Elevation of Privilege Vulnerability Important Windows Kernel CVE-2024-37979 Windows Kernel Elevation of Privilege Vulnerability Important Windows Kernel-Mode Drivers CVE-2024-43554 Windows Kernel-Mode Driver Information Disclosure Vulnerability Important Windows Kernel-Mode Drivers CVE-2024-43535 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Important Windows Local Security Authority (LSA) CVE-2024-43522 Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability Important Windows Mobile Broadband CVE-2024-43555 Windows Mobile Broadband Driver Denial of Service Vulnerability Important Windows Mobile Broadband CVE-2024-43540 Windows Mobile Broadband Driver Denial of Service Vulnerability Important Windows Mobile Broadband CVE-2024-43536 Windows Mobile Broadband Driver Remote Code Execution Vulnerability Important Windows Mobile Broadband CVE-2024-43538 Windows Mobile Broadband Driver Denial of Service Vulnerability Important Windows Mobile Broadband CVE-2024-43525 Windows Mobile Broadband Driver Remote Code Execution Vulnerability Important Windows Mobile Broadband CVE-2024-43559 Windows Mobile Broadband Driver Denial of Service Vulnerability Important Windows Mobile Broadband CVE-2024-43561 Windows Mobile Broadband Driver Denial of Service Vulnerability Important Windows Mobile Broadband CVE-2024-43558 Windows Mobile Broadband Driver Denial of Service Vulnerability Important Windows Mobile Broadband CVE-2024-43542 Windows Mobile Broadband Driver Denial of Service Vulnerability Important Windows Mobile Broadband CVE-2024-43557 Windows Mobile Broadband Driver Denial of Service Vulnerability Important Windows Mobile Broadband CVE-2024-43526 Windows Mobile Broadband Driver Remote Code Execution Vulnerability Important Windows Mobile Broadband CVE-2024-43543 Windows Mobile Broadband Driver Remote Code Execution Vulnerability Important Windows Mobile Broadband CVE-2024-43523 Windows Mobile Broadband Driver Remote Code Execution Vulnerability Important Windows Mobile Broadband CVE-2024-43524 Windows Mobile Broadband Driver Remote Code Execution Vulnerability Important Windows Mobile Broadband CVE-2024-43537 Windows Mobile Broadband Driver Denial of Service Vulnerability Important Windows MSHTML Platform CVE-2024-43573 Windows MSHTML Platform Spoofing Vulnerability Moderate Windows Netlogon CVE-2024-38124 Windows Netlogon Elevation of Privilege Vulnerability Important Windows Network Address Translation (NAT) CVE-2024-43562 Windows Network Address Translation (NAT) Denial of Service Vulnerability Important Windows Network Address Translation (NAT) CVE-2024-43565 Windows Network Address Translation (NAT) Denial of Service Vulnerability Important Windows NT OS Kernel CVE-2024-43553 NT OS Kernel Elevation of Privilege Vulnerability Important Windows NTFS CVE-2024-43514 Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability Important Windows Online Certificate Status Protocol (OCSP) CVE-2024-43545 Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability Important Windows Print Spooler Components CVE-2024-43529 Windows Print Spooler Elevation of Privilege Vulnerability Important Windows Remote Desktop CVE-2024-43582 Remote Desktop Protocol Server Remote Code Execution Vulnerability Critical Windows Remote Desktop Licensing Service CVE-2024-38262 Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability Important Windows Remote Desktop Services CVE-2024-43456 Windows Remote Desktop Services Tampering Vulnerability Important Windows Resilient File System (ReFS) CVE-2024-43500 Windows Resilient File System (ReFS) Information Disclosure Vulnerability Important Windows Routing and Remote Access Service (RRAS) CVE-2024-43592 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important Windows Routing and Remote Access Service (RRAS) CVE-2024-43589 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important Windows Routing and Remote Access Service (RRAS) CVE-2024-38212 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important Windows Routing and Remote Access Service (RRAS) CVE-2024-43593 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important Windows Routing and Remote Access Service (RRAS) CVE-2024-38261 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important Windows Routing and Remote Access Service (RRAS) CVE-2024-43611 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important Windows Routing and Remote Access Service (RRAS) CVE-2024-43453 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important Windows Routing and Remote Access Service (RRAS) CVE-2024-38265 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important Windows Routing and Remote Access Service (RRAS) CVE-2024-43607 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important Windows Routing and Remote Access Service (RRAS) CVE-2024-43549 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important Windows Routing and Remote Access Service (RRAS) CVE-2024-43608 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important Windows Routing and Remote Access Service (RRAS) CVE-2024-43564 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important Windows Scripting CVE-2024-43584 Windows Scripting Engine Security Feature Bypass Vulnerability Important Windows Secure Channel CVE-2024-43550 Windows Secure Channel Spoofing Vulnerability Important Windows Secure Kernel Mode CVE-2024-43516 Windows Secure Kernel Mode Elevation of Privilege Vulnerability Important Windows Secure Kernel Mode CVE-2024-43528 Windows Secure Kernel Mode Elevation of Privilege Vulnerability Important Windows Shell CVE-2024-43552 Windows Shell Remote Code Execution Vulnerability Important Windows Standards-Based Storage Management Service CVE-2024-43512 Windows Standards-Based Storage Management Service Denial of Service Vulnerability Important Windows Storage CVE-2024-43551 Windows Storage Elevation of Privilege Vulnerability Important Windows Storage Port Driver CVE-2024-43560 Microsoft Windows Storage Port Driver Elevation of Privilege Vulnerability Important Windows Telephony Server CVE-2024-43518 Windows Telephony Server Remote Code Execution Vulnerability Important Winlogon CVE-2024-43583 Winlogon Elevation of Privilege Vulnerability Important
Update 9/11/24: Updated to explain that only three flaws were actively exploited and why CVE-2024-43491 was marked as exploited.