Application Management and Patching
October 2024 Third-Party Patches
October was a busy month for vulnerabilities. According to Recast Application Workspace data, 96 products were vulnerable and patched during the last month. Vendors released new versions of their applications to remediate 181 vulnerabilities—over 100 more than in September. In total, 25 software vendors released 169 updates.
Notable Vulnerabilities in October 2024 Third-Party Patches
Mozilla Fixes Zero-Day Vulnerability in Firefox
Mozilla fixed a zero-day vulnerability, CVE-2024-9680, in Firefox that was actively exploited in attacks. The vulnerability exists in the Animation Timelines, which are part of Firefox’s Web Animations API that controls and synchronizes animations on web pages. Attackers have been able to achieve code execution in the content process by exploiting this vulnerability in the latest Firefox standard release as well as the Extended Support Releases (ESR). Mozilla released a security advisory regarding this vulnerability on October 9, 2024. The CVSS rating for this vulnerability is 9.8.
Mozilla also patched several other critical vulnerabilities—CVE-2024-9392, CVE-2024-9401, CVE-2024-10467, CVE-2024-10468, and CVE-2024-9402—in their October releases. For more information, please see the following security advisories released by Mozilla:
- https://www.mozilla.org/en-US/security/advisories/mfsa2024-46
- https://www.mozilla.org/en-US/security/advisories/mfsa2024-55
Electron Framework Addresses Zero-Day Vulnerability
The OpenJS Foundation and Electron contributors fixed another zero-day vulnerability, CVE-2024-7965, in their product Electron. The Electron framework allows developers to build cross-platform desktop applications using web technologies by combining Chromium for rendering and Node.js for backend functionality. This vulnerability was already remediated in Google Chrome and Microsoft Edge in August. More information about the remediation can be found in the release notes of Electron.
Browser Security Updates in October 2024
October saw significant updates to major web browsers:
- Google Chrome was updated five times, addressing 25 vulnerabilities.
- Microsoft Edge released patches for 62 vulnerabilities across six updates.
- Brave Browser had five releases, remediating 23 vulnerabilities in total.
- Firefox was updated four times, patching 15 vulnerabilities.
- Firefox ESR 115 released three updates, patching 8 vulnerabilities.
- Firefox ESR 128 released three updates, patching 22 vulnerabilities.
- Vivaldi released only one version, patching 2 vulnerabilities.
Microsoft Product Updates Included in October 2024 Third-Party Patches
In addition to Edge, Microsoft released updates for the following products:
- Microsoft .NET Runtime 6.0
- Microsoft .NET Runtime 8.0
- Microsoft .NET SDK 6.0
- Microsoft .NET SDK 8.0
- Microsoft 365 Apps
- Microsoft ASP.NET Core Runtime 6.0
- Microsoft ASP.NET Core Runtime 8.0
- Microsoft ASP.NET Core Runtime Hosting Bundle 6.0
- Microsoft ASP.NET Core Runtime Hosting Bundle 8.0
- Microsoft Edge Beta
- Microsoft Edge for Business
- Microsoft Edge Webview2 Runtime
- Microsoft Remote Desktop
- Microsoft Visual Studio 2017 Community
- Microsoft Visual Studio 2017 Enterprise
- Microsoft Visual Studio 2017 Professional
- Microsoft Visual Studio 2019 Community
- Microsoft Visual Studio 2019 Enterprise
- Microsoft Visual Studio 2019 Professional
- Microsoft Visual Studio 2022 Community
- Microsoft Visual Studio 2022 Enterprise
- Microsoft Visual Studio 2022 Professional
- Microsoft Visual Studio Code
- Microsoft Visual Studio Feedback Client 2017
- Microsoft Visual Studio Team Explorer 2017
- Microsoft Visual Studio Team Explorer 2019
- Microsoft Visual Studio Team Explorer 2022
- Microsoft Windows Desktop Runtime 6.0
- Microsoft Windows Desktop Runtime 8.0
- OpenJDK 11
- OpenJDK 17
- OpenJDK 21
Detailed List of October 2024 Third-Party Patches
For a complete list of applications, versions, and the number of remediated vulnerabilities, see the table below generated using Application Workspace data.
Product | Version | Vulnerabilities remediated |
Akeo Consulting Rufus | 4.6 | 1 |
Amazon Corretto JDK 11 | 11.0.25.9.1 | 4 |
Amazon Corretto JDK 17 | 17.0.13.11.1 | 4 |
Amazon Corretto JDK 21 | 21.0.5.11.1 | 4 |
Amazon Corretto JDK 23 | 23.0.1.8.1 | 4 |
Amazon Corretto JDK 8 | 8.432.06.1 | 4 |
Amazon Corretto JRE 8 | 8.432.06.1 | 4 |
Autodesk AutoCAD 2024 | 2024.1.6 | 2 |
Autodesk AutoCAD LT 2024 | 2024.1.6 | 1 |
Autodesk AutoCAD LT 2025 | 2025.1.1 | 21 |
Brave Browser | 1.70.123 | 3 |
Brave Browser | 1.70.126 | 2 |
Brave Browser | 1.71.114 | 13 |
Brave Browser | 1.71.118 | 3 |
Brave Browser | 1.71.121 | 2 |
Burp Suite Community Edition | 2024.9 | 14 |
Burp Suite Community Edition | 2024.9.1 | 4 |
Burp Suite Community Edition | 2024.9.3 | 14 |
Burp Suite Community Edition | 2024.9.4 | 3 |
Burp Suite Professional Edition | 2024.9 | 14 |
Burp Suite Professional Edition | 2024.9.1 | 4 |
Burp Suite Professional Edition | 2024.9.3 | 14 |
Burp Suite Professional Edition | 2024.9.4 | 3 |
Cisco Webex Teams | 44.10.1.31028 | 1 |
Cisco Webex VDI Plugin | 44.10.1.31028 | 1 |
Datadog Agent | 7.58.0 | 3 |
Docker Desktop | 4.34.3 | 3 |
Docker Desktop | 4.34.3.170107 | 3 |
Eclipse Temurin JDK with Hotspot 21 | 21.0.5.11 | 4 |
Eclipse Temurin JRE with Hotspot 21 | 21.0.5.11 | 4 |
Electron | 31.7.1 | 2 |
Electron | 31.7.2 | 15 |
Electron | 32.2.1 | 2 |
Electron | 32.2.2 | 2 |
EnterpriseDB Corporation PostgreSQL 12 | 12.20.2 | 1 |
EnterpriseDB Corporation PostgreSQL 13 | 13.16.2 | 1 |
EnterpriseDB Corporation PostgreSQL 14 | 14.13.2 | 1 |
EnterpriseDB Corporation PostgreSQL 15 | 15.8.2 | 1 |
EnterpriseDB Corporation PostgreSQL 16 | 16.4.2 | 1 |
Foxit PDF Editor 11 | 11.1.10.1010 | 3 |
Foxit PDF Editor 11 | 11.2.11.54113 | 22 |
Foxit PDF Editor 12 | 12.1.6.55574 | 3 |
Foxit PDF Editor Pro 11 | 11.2.11.54113 | 22 |
Google Chrome for Business | 129.0.6668.101 | 2 |
Google Chrome for Business | 129.0.6668.90 | 3 |
Google Chrome for Business | 130.0.6723.59 | 13 |
Google Chrome for Business | 130.0.6723.70 | 3 |
Google Chrome for Business | 130.0.6723.92 | 2 |
Liberica JDK | 11.0.25.11 | 6 |
Liberica JDK | 17.0.13.12 | 6 |
Liberica JDK | 8.0.432.7 | 6 |
Liberica JDK Lite | 21.0.5.11 | 6 |
Liberica JRE | 21.0.5.11 | 6 |
Microsoft .NET Runtime 6.0 | 6.0.35 | 3 |
Microsoft .NET Runtime 6.0 | 6.0.35.34109 | 3 |
Microsoft .NET Runtime 8.0 | 8.0.10 | 4 |
Microsoft .NET Runtime 8.0 | 8.0.10.34116 | 4 |
Microsoft .NET SDK 6.0 | 6.0.35 | 3 |
Microsoft .NET SDK 6.0 | 6.4.2724.46902 | 3 |
Microsoft .NET SDK 8.0 | 8.0.403 | 4 |
Microsoft .NET SDK 8.0 | 8.4.324.47413 | 4 |
Microsoft 365 Apps | 2402 (Build 16.0.17328.20612) | 5 |
Microsoft 365 Apps | 2408 (Build 16.0.17928.20216) | 5 |
Microsoft 365 Apps | 2409 (Build 16.0.18025.20140) | 5 |
Microsoft ASP.NET Core Runtime 6.0 | 6.0.35 | 3 |
Microsoft ASP.NET Core Runtime 6.0 | 6.0.35.24462 | 3 |
Microsoft ASP.NET Core Runtime 8.0 | 8.0.10 | 4 |
Microsoft ASP.NET Core Runtime 8.0 | 8.0.10.24468 | 4 |
Microsoft ASP.NET Core Runtime Hosting Bundle 6.0 | 6.0.35.24462 | 3 |
Microsoft ASP.NET Core Runtime Hosting Bundle 8.0 | 8.0.10.24468 | 4 |
Microsoft Edge Beta | 130.0.2849.46 | 27 |
Microsoft Edge Beta | 130.0.2849.46 | 25 |
Microsoft Edge for Business | 129.0.2792.79 | 3 |
Microsoft Edge for Business | 129.0.2792.89 | 2 |
Microsoft Edge for Business | 130.0.2849.46 | 27 |
Microsoft Edge for Business | 130.0.2849.46 | 25 |
Microsoft Edge for Business | 130.0.2849.56 | 3 |
Microsoft Edge for Business | 130.0.2849.68 | 2 |
Microsoft Edge Webview2 Runtime | 130.0.2849.56 | 3 |
Microsoft Remote Desktop | 1.2.5709.0 | 1 |
Microsoft Visual Studio 2017 Community | 15.9.35324.217 | 2 |
Microsoft Visual Studio 2017 Enterprise | 15.9.35324.217 | 2 |
Microsoft Visual Studio 2017 Professional | 15.9.35324.217 | 2 |
Microsoft Visual Studio 2019 Community | 16.11.35325.158 | 2 |
Microsoft Visual Studio 2019 Enterprise | 16.11.35325.158 | 2 |
Microsoft Visual Studio 2019 Professional | 16.11.35325.158 | 2 |
Microsoft Visual Studio 2022 Community | 17.11.35327.3 | 5 |
Microsoft Visual Studio 2022 Enterprise | 17.10.35326.205 | 5 |
Microsoft Visual Studio 2022 Enterprise | 17.11.35327.3 | 5 |
Microsoft Visual Studio 2022 Enterprise | 17.6.35326.246 | 5 |
Microsoft Visual Studio 2022 Enterprise | 17.8.35326.199 | 5 |
Microsoft Visual Studio 2022 Professional | 17.10.35326.205 | 5 |
Microsoft Visual Studio 2022 Professional | 17.11.35327.3 | 5 |
Microsoft Visual Studio 2022 Professional | 17.6.35326.246 | 5 |
Microsoft Visual Studio 2022 Professional | 17.8.35326.199 | 5 |
Microsoft Visual Studio Code | 1.94.1 | 1 |
Microsoft Visual Studio Feedback Client 2017 | 15.9.35324.217 | 2 |
Microsoft Visual Studio Team Explorer 2017 | 15.9.35324.217 | 2 |
Microsoft Visual Studio Team Explorer 2019 | 16.11.35325.158 | 2 |
Microsoft Visual Studio Team Explorer 2022 | 17.11.35327.3 | 5 |
Microsoft Windows Desktop Runtime 6.0 | 6.0.35.34113 | 3 |
Microsoft Windows Desktop Runtime 8.0 | 8.0.10.34118 | 4 |
Mozilla Firefox | 131.0 | 11 |
Mozilla Firefox | 131.0.2 | 1 |
Mozilla Firefox | 131.0.3 | 1 |
Mozilla Firefox | 132.0 | 11 |
Mozilla Firefox ESR 115 | 115.16.0 | 4 |
Mozilla Firefox ESR 115 | 115.16.1 | 1 |
Mozilla Firefox ESR 115 | 115.17.0 | 3 |
Mozilla Firefox ESR 128 | 128.3.0 | 11 |
Mozilla Firefox ESR 128 | 128.3.1 | 1 |
Mozilla Firefox ESR 128 | 128.4.0 | 10 |
Mozilla Thunderbird ESR 128 | 128.3.0 | 11 |
Mozilla Thunderbird ESR 128 | 128.3.1 | 1 |
Mozilla Thunderbird ESR 128 | 128.4.0 | 10 |
NoMachine | 8.14.2 | 4 |
NoMachine Enterprise Client | 8.14.2 | 4 |
NoMachine Enterprise Desktop | 8.14.2 | 4 |
OpenJDK 11 | 11.0.25.9 | 4 |
OpenJDK 17 | 17.0.13.11 | 6 |
OpenJDK 21 | 21.0.5.11 | 6 |
Oracle Java Runtime Environment Version 8 | 8.0.4310.10 | 6 |
Oracle Java SE Development Kit 21 | 21.0.5.0 | 4 |
Oracle Java SE Development Kit 23 | 23.0.1.0 | 5 |
Oracle Java SE Development Kit 8 | 8.0.4310.10 | 6 |
Oracle VirtualBox 7 | 7.0.22 | 5 |
Oracle VirtualBox 7 | 7.1.4 | 4 |
Pale Moon | 33.4.0 | 2 |
Python 3.13 | 3.13.0 | 4 |
Red Hat OpenJDK | 1.8.4321.6 | 5 |
Red Hat OpenJDK | 11.0.2509.1 | 5 |
Red Hat OpenJDK | 17.00130.11.1 | 5 |
Red Hat OpenJDK | 21.0050.11.1 | 5 |
Red Hat OpenJDK JRE | 11.0.250.1 | 5 |
Red Hat OpenJDK JRE | 17.00130.11.1 | 5 |
Red Hat OpenJDK JRE | 21.0050.11.1 | 5 |
TeamCity | 2024.07.3 | 5 |
Vivaldi | 7.0.3495.10 | 2 |
Zulu JDK 11 (LTS) | 11.76.21 | 6 |
Zulu JDK 17 (LTS) | 17.54.21 | 4 |
Zulu JDK 17 (LTS) | 17.54.21 | 6 |
Zulu JDK 21 (LTS) | 21.38.21 | 6 |
Zulu JDK 23 (STS) | 23.30.13 | 4 |
Zulu JDK 23 (STS) | 23.30.13 | 6 |
Zulu JDK 8 (LTS) | 8.82.0.21 | 4 |
Zulu JDK 8 (LTS) | 8.82.0.21 | 6 |
Zulu JRE 11 (LTS) | 11.76.21 | 6 |
Zulu JRE 17 (LTS) | 17.54.21 | 4 |
Zulu JRE 17 (LTS) | 17.54.21 | 6 |
Zulu JRE 21 (LTS) | 21.38.21 | 6 |
Zulu JRE 23 (STS) | 23.30.13 | 6 |
Zulu JRE 8 (LTS) | 8.82.0.21 | 6 |
Conclusion
Maintaining the security and performance of your IT environment hinges on timely third-party patching. The October 2024 updates addressed significant vulnerabilities across various applications, underscoring the importance of staying vigilant. By prioritizing these patches, you help safeguard your systems against potential exploits and ensure continued operational stability.
To deepen your understanding of third-party patching and its impact on your security posture, explore our eBook Reduce Your Attack Footprint.