Microsoft released a total of 117 patches across 15 product families, with significant attention given to issues affecting Configuration Manager, Visual Studio, and Windows. Among these patches, Microsoft classified three of the addressed problems as Critical severity, with two known to be actively exploited in the wild at the time of release. Additionally, eight more CVEs were deemed likely to be exploited within the next 30 days.
The release also included advisory information on four Edge-related CVEs and one related to curl that impacts CBL Mariner and Windows. In addition to these, there were servicing stack updates provided as part of the release.
The breakdown of the patches based on severity and impact includes:
– Total CVEs: 117
– Publicly disclosed: 4
– Exploited detected: 2
– Severity levels: Critical: 3, Important: 110, Moderate: 3, Low: 1
– Impact categories: Remote Code Execution, Elevation of Privilege, Denial of Service, Security Feature Bypass, Spoofing, Information Disclosure, Tampering
– Number of patches with a CVSS base score of 9.0 or greater: 2
– Number of patches with a CVSS base score of 8.0 or greater: 25
The most affected product family was Windows, with a total of 93 CVEs addressed. Other impacted product families included Visual Studio, 365 Apps, Office, .NET, Azure, .NET Framework, Excel, Power BI, Configuration Manager, DeepSpeed, Defender for Endpoint for Linux, Outlook for Android, SharePoint, and Visual C++.
Microsoft provided specific mitigation advice for some of the critical issues addressed in the release, including Windows Netlogon Elevation of Privilege Vulnerability and Microsoft Configuration Manager Remote Code Execution Vulnerability. The company recommended steps to prevent exploitation and improve security for these vulnerabilities.
Furthermore, the release included information on vulnerabilities that are under active exploit in the wild and those more likely to be targeted in the next 30 days. Microsoft also provided details on Sophos protections for specific CVEs to help users secure their systems effectively.
Overall, the October release from Microsoft aimed to address a wide range of security vulnerabilities across various product families, highlighting the importance of timely patching and diligent security practices to mitigate potential risks.