Microsoft disclosed on October Patch Tuesday that two zero-day vulnerabilities in Windows were actively being exploited in the wild, putting the spotlight on the urgency for system administrators to prioritize patching vulnerable systems this month.
In total, Microsoft addressed 117 new vulnerabilities, with three rated as critical. Additionally, the company included a fix for a non-Microsoft product, the curl command line tool which is used in both Windows and the CBL Mariner Linux OS. Alongside the two zero-days, there were three other vulnerabilities that were publicly disclosed. Of particular concern is a flaw in the Configuration Manager, a tool used for on-premises device management, which will require more than just applying a patch to remediate the issue.
The first zero-day, identified as CVE-2024-43572, is a Microsoft Management Console remote-code execution vulnerability with a CVSS score of 7.8. This flaw affects both desktop and server systems and could allow an attacker to run arbitrary code on a victim’s system by tricking a user into opening a malicious Microsoft Saved Console (MSC) file. According to Chris Goettl of Ivanti, the public disclosure of such vulnerabilities increases the urgency for IT teams to address them promptly to prevent threat actors from exploiting them.
The second zero-day, cataloged as CVE-2024-43573, is a Windows MSHTML platform spoofing vulnerability rated as moderate with a CVSS score of 6.5. While Microsoft no longer supports Internet Explorer, the code remains in Windows for compatibility, making systems susceptible to exploits in MSHTML. Exploiting this vulnerability could allow threat actors to gain access to sensitive information through user interaction.
In addition to the zero-days, Microsoft also addressed three other publicly disclosed vulnerabilities, including a Winlogon elevation-of-privilege vulnerability, a Windows Hyper-V security feature bypass vulnerability, and a curl remote-code execution vulnerability. These vulnerabilities range in severity and impact, highlighting the importance of timely patching to mitigate potential risks.
One critical vulnerability, CVE-2024-43468, identified in the Configuration Manager, requires manual intervention for remediation. Organizations are advised to execute an in-console update starting from the primary parent site server to the secondary site servers to address this remote-code execution flaw. Performing these updates after business hours is recommended to minimize disruptions.
Overall, the disclosure of multiple vulnerabilities, including zero-days, underscores the constant threat landscape that organizations face and the essential role of proactive patch management in maintaining a secure IT environment. It is crucial for IT teams to stay vigilant, prioritize patching efforts, and follow best practices to safeguard against potential cyber threats.