Microsoft’s October security update, which was recently released, has addressed a total of 117 vulnerabilities. Among these vulnerabilities are two that are actively being exploited by attackers, along with three others that have been publicly disclosed but have not yet been exploited. This update marks the third largest release of vulnerabilities so far this year, following April’s 147 vulnerabilities and July’s set of 139 flaws.
A significant portion of the vulnerabilities (46) allow for remote code execution (RCE), while 28 others provide threat actors with a way to elevate privileges. The remaining vulnerabilities encompass issues such as spoofing, denial of service, and other malicious activities. The affected Microsoft technologies span across a wide range, including the Windows operating system, Hyper-V virtualization technology, Windows Kerberos, Azure, Power BI, and .NET components.
The two vulnerabilities that are currently being actively exploited by attackers in the October update are of particular concern. One of these vulnerabilities, known as CVE-2024-43573, is a spoofing flaw in MSHTML, the Trident legacy browsing engine used in Internet Explorer. This bug is similar to two previously disclosed vulnerabilities, CVE-2024-38112 and CVE-2024-43461, which were actively exploited by the Void Banshee group earlier this year. Microsoft has not attributed the discovery of this bug to any specific entity, which raises questions about the adequacy of the original patch provided by the company.
Another zero-day vulnerability being actively exploited is CVE-2024-43572, an RCE flaw in Microsoft Management Console (MMC). Microsoft has released a patch to prevent the opening of untrusted Microsoft Saved Console (MSC) files, which could pose risks to customers if exploited by attackers. Earlier this year, researchers observed threat actors using specially crafted MMC files, known as GrimResource, for initial access and evasion purposes.
In addition to the actively exploited bugs, there are three other zero-day vulnerabilities disclosed in the October update that have not yet been exploited by attackers. These include CVE-2024-6197, a remote code execution vulnerability in the cURL command line tool; CVE-2024-20659, a security bypass vulnerability in Windows Hyper-V; and CVE-2024-43583, a WinLogon elevation of privilege vulnerability. Organizations are advised to prioritize patching these vulnerabilities to prevent potential exploitation.
Furthermore, Microsoft has identified three critical vulnerabilities among the 117 disclosed in the recent security update. All three are classified as RCE flaws and include CVE-2024-43468 in Microsoft Configuration Manager, CVE-2024-43582 in the Remote Desktop Protocol (RDP) server, and CVE-2024-43488 in Visual Studio Code extension for Arduino Remote. These vulnerabilities pose significant risks and should be addressed promptly to mitigate the potential impact on organizations.
In conclusion, the October security update from Microsoft addresses a wide range of vulnerabilities, including actively exploited bugs, publicly disclosed but unexploited vulnerabilities, and other critical flaws that require immediate attention. Organizations are urged to prioritize patching and implementing necessary security measures to protect their systems from potential threats.