October 2024 Patch Tuesday: Critical Security Updates

Welcome to Recast Software’s October 2024 Patch Tuesday post. This month, Microsoft has released security updates addressing 118 vulnerabilities across its product portfolio. Among these are five publicly disclosed zero-day vulnerabilities, with two actively exploited in the wild. Staying informed and applying these patches promptly is crucial to safeguarding your organization. 

Actively Exploited Zero-Day Vulnerabilities 

CVE-2024-43573 – Windows MSHTML Platform Spoofing Vulnerability 

• Severity: Moderate 
• Impact: Spoofing 
• Description: This vulnerability affects the MSHTML platform, a core component used by Internet Explorer and other applications through the WebBrowser control. Attackers can craft malicious web content that appears legitimate, tricking users into interacting with it. 
• Implications: Successful exploitation could allow attackers to gain unauthorized access to sensitive information or manipulate web-based services. 
• Recommendation: Prioritize patching systems, especially those running legacy applications that rely on MSHTML. Educate users about the risks of interacting with unexpected web content. 

CVE-2024-43572 – Microsoft Management Console Remote Code Execution Vulnerability 

• Severity: Important 
• Impact: Remote Code Execution 
• Description: This flaw exists in the Microsoft Management Console (MMC), utilized by system administrators for configuration and monitoring tasks. Attackers can exploit this vulnerability using specially crafted Microsoft Saved Console (MSC) files to execute arbitrary code. 
• Implications: An attacker could gain the same user rights as the current user, potentially leading to a complete system compromise. 
• Recommendation: Apply the update immediately. Microsoft has addressed the issue by preventing untrusted MSC files from being opened. Advise users to avoid opening MSC files from unverified sources. 

Other Publicly Disclosed Zero-Day Vulnerabilities 

While not currently exploited, these vulnerabilities have been publicly disclosed and pose significant risks: 

CVE-2024-6197 – Open-Source Curl Remote Code Execution Vulnerability 

• Severity: Important 
• Impact: Remote Code Execution 
• Description: A flaw in the libcurl library could allow remote code execution when the Curl tool connects to a malicious server with a specially crafted TLS certificate. 
• Recommendation: Update to the latest version of the libcurl library provided by Microsoft. Review the use of Curl in your environment and restrict connections to trusted servers. 

CVE-2024-20659 – Windows Hyper-V Security Feature Bypass Vulnerability 

• Severity: Important 
• Impact: Security Feature Bypass 
• Description: This vulnerability affects Windows Hyper-V on specific hardware configurations, allowing attackers with physical access to bypass UEFI security measures. 
• Implications: Exploitation could lead to the compromise of the hypervisor and secure kernel. 
• Recommendation: Physical security measures should be enforced. Apply the patch and ensure that access to servers running Hyper-V is tightly controlled. 

CVE-2024-43583 – Winlogon Elevation of Privilege Vulnerability 

• Severity: Important 
• Impact: Elevation of Privilege 
• Description: An attacker could gain elevated privileges by exploiting this vulnerability in the Winlogon component. 
• Recommendation: Ensure that a Microsoft first-party Input Method Editor (IME) is enabled on all systems. Disable or remove any untrusted third-party IMEs to mitigate potential exploitation. 

Additional October 2024 Patch Tuesday Updates 

Microsoft also released patches for a variety of other products, including: 

• Microsoft Office: Addressing remote code execution and spoofing vulnerabilities. 
• Azure: Patching elevation of privilege vulnerabilities in Azure Monitor and Azure Stack. 
• .NET and Visual Studio: Fixing remote code execution and denial of service issues. 
• Windows Mobile Broadband: Multiple remote code execution and denial of service vulnerabilities patched. 
• OpenSSH for Windows: Addressing remote code execution vulnerabilities. 

Updates from Other Vendors 

Other technology providers have also issued important security updates this month: 

• Adobe: Released fixes for 52 vulnerabilities across products like Substance 3D Painter, Animate, and InDesign.
• Cisco: Addressed vulnerabilities in multiple products, including Meraki devices and Nexus Dashboard. 
• Fortinet, DrayTek, Ivanti, Optigo Networks, Qualcomm, and SAP: Released patches for various security flaws in their products. 

Key Takeaways and Recommendations 

• Prioritize Patching Zero-Days: Focus on applying updates for the two actively exploited zero-day vulnerabilities (CVE-2024-43573 and CVE-2024-43572) immediately to mitigate ongoing attacks.
• Implement Robust Patch Management: Develop and maintain a regular patch management process to ensure all systems are updated promptly. 
• Educate Users: Regularly inform users about phishing risks and the importance of not interacting with suspicious files or links. 
• Backup Critical Data: Always back up important data before applying updates to prevent potential data loss from unforeseen issues. 
• Monitor for Issues: Keep an eye on resources like the SANS Internet Storm Center and community forums for reports of any problems with the new patches. 

Stay Protected with Recast Software 

Maintaining security requires vigilance and prompt action. By staying informed about the latest vulnerabilities and updates, you can protect your organization from potential exploits. 

We’re committed to helping you navigate these challenges. Our solutions, like Application Manager, can streamline your patch management process, ensuring that your systems are up-to-date and secure. 

For a detailed list of all the updates released this month, you can visit Microsoft’s official October 2024 Security Updates page. 

Stay vigilant and keep your systems protected.