This month’s Patch Tuesday from Microsoft, released in October 2024, addresses a staggering 117 vulnerabilities across its product range. These updates are crucial for businesses and individual users alike, as they contain patches for actively exploited zero-day vulnerabilities and other critical issues that could leave systems exposed to malicious attacks.

Key Highlights of October 2024 Patch Tuesday:

• 117 vulnerabilities fixed, including three critical vulnerabilities and 113 important ones.
• Two zero-day vulnerabilities actively exploited in the wild: CVE-2024-43572 and CVE-2024-43573.
• Critical issues addressed in Remote Desktop Protocol Server (CVE-2024-43582) and Microsoft Configuration Manager (CVE-2024-43468).

Actively Exploited Zero-Days

CVE-2024-43572: Microsoft Management Console (MMC)

This vulnerability allows an attacker to remotely execute code on targeted systems through the Microsoft Management Console (MMC). The flaw, rated with a CVSS score of 7.8, is particularly dangerous as it can compromise sensitive information and system functionality. Attackers leverage malicious MMC snap-ins to execute this exploit, and while full details of the attack remain undisclosed, Microsoft emphasizes the importance of patching this vulnerability immediately.

CVE-2024-43573: Windows MSHTML Platform

Rated with a CVSS score of 6.5, CVE-2024-43573 is a spoofing vulnerability that affects Windows MSHTML. Attackers use social engineering tactics to trick users into opening malicious MSHTML files disguised as PDFs. Once opened, these files execute code via Internet Explorer, even if the browser is disabled, posing significant risks to affected systems.

Other Notable Vulnerabilities

Though the two zero-days garner much attention, Microsoft has also addressed vulnerabilities that, while not actively exploited, are critical in nature:

• CVE-2024-43582 (Remote Desktop Protocol Server): A critical Remote Code Execution (RCE) vulnerability with a CVSS score of 8.1. Unauthenticated attackers can send specially crafted RPC requests to gain control of affected systems.
• CVE-2024-43468 (Microsoft Configuration Manager): Rated at 9.8 on the CVSS scale, this vulnerability allows unauthenticated attackers to take full control of systems remotely by sending malicious requests.

The Importance of Timely Patching

Zero-day vulnerabilities are particularly dangerous because they are exploited before patches are available. The two zero-days patched in this update (CVE-2024-43572 and CVE-2024-43573) highlight the pressing need for organizations to implement these patches as soon as possible to avoid potential damage. Additionally, the critical vulnerabilities in services like Remote Desktop Protocol and Microsoft Configuration Manager demonstrate the wide-reaching impact these flaws can have, especially in environments relying on remote access and system management tools.

Recommendations for Users and Organizations

To minimize risks, Microsoft recommends that users and administrators:

• Prioritize the installation of security updates, particularly for systems running Microsoft Management Console and Windows MSHTML Platform.
• Ensure that systems running Remote Desktop Protocol Server and Microsoft Configuration Manager are updated to prevent potential remote code execution attacks.
• Educate employees about the risks posed by social engineering, particularly when interacting with files that may appear legitimate but are, in fact, malicious.

Conclusion

With 117 vulnerabilities patched in October 2024, including two actively exploited zero-days, it is essential for users and administrators to take immediate action. Implementing these patches will protect systems from known threats, while continued vigilance will help mitigate future risks.