Today is Microsoft’s October 2024 Patch Tuesday, which includes security updates for 118 flaws, including five publicly disclosed zero-days, two of which are actively exploited.
This Patch Tuesday fixed three critical vulnerabilities, all remote code execution flaws.
The number of bugs in each vulnerability category is listed below:
- 28 Elevation of Privilege vulnerabilities
- 7 Security Feature Bypass vulnerabilities
- 43 Remote Code Execution vulnerabilities
- 6 Information Disclosure vulnerabilities
- 26 Denial of Service vulnerabilities
- 7 Spoofing vulnerabilities
This count does not include three Edge flaws that were previously fixed on October 3rd.
To learn more about the non-security updates released today, you can review our dedicated articles on the new Windows 11 KB5044284 and KB5044285 cumulative updates and the Windows 10 KB5044273 update.
Four zero-days disclosed
This month’s Patch Tuesday fixes five zero-days, two of which were actively exploited in attacks, and all five were publicly disclosed.
Microsoft classifies a zero-day flaw as one that is publicly disclosed or actively exploited while no official fix is available.
The two actively exploited zero-day vulnerabilities in today’s updates are:
CVE-2024-43573 – Windows MSHTML Platform Spoofing Vulnerability
While Microsoft has not shared any detailed information about this bug or how it’s exploited, they did state it involved the MSHTML platform, previously used by Internet Explorer and Legacy Microsoft Edge, whose components are still installed in Windows.
“While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported,” explained Microsoft.
“The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control. The EdgeHTML platform is used by WebView and some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but can also be used by other legacy applications.”
While not confirmed, this could be a bypass of a previous vulnerability that abused MSHTML to spoof file extensions in alerts displayed when opening files. A similar MSHTML spoofing flaw was disclosed last month when attacks utilized Braille characters in filenames to spoof PDF files.
Microsoft has not shared who disclosed the vulnerability.
CVE-2024-43572 – Microsoft Management Console Remote Code Execution Vulnerability
This flaw allowed malicious Microsoft Saved Console (MSC) files to perform remote code execution on vulnerable devices.
Microsoft fixed the flaw by preventing untrusted MSC files from being opened.
“The security update will prevent untrusted Microsoft Saved Console (MSC) files from being opened to protect customers against the risks associated with this vulnerability,” explained Microsoft.
It is unknown how this flaw was actively exploited in attacks.
Microsoft says the bug was disclosed by “Andres and Shady”.
Microsoft says that both of these were also publicly disclosed.
The other three vulnerabilities that were publicly disclosed but not exploited in attacks are:
CVE-2024-6197 – Open Source Curl Remote Code Execution Vulnerability
Microsoft fixed a libcurl remote code execution flaw that could cause commands to be executed when Curl attempts to connect to a malicious server.
“The vulnerable code path can be triggered by a malicious server offering an especially crafted TLS certificate,” explains a Curl security advisory.
Microsoft fixed the flaw by updating the libcurl library used by the Curl executable bundled with Windows.
The flaw was discovered by a security researcher named “z2_,” who shared technical details in a HackerOne report.
CVE-2024-20659 – Windows Hyper-V Security Feature Bypass Vulnerability
Microsoft fixed a UEFI bypass that could allow attackers to compromised the hypervisor and kernel.
“This Hypervisor vulnerability relates to Virtual Machines within a Unified Extensible Firmware Interface (UEFI) host machine,” explains Microsoft.
“On some specific hardware it might be possible to bypass the UEFI, which could lead to the compromise of the hypervisor and the secure kernel.”
Microsoft says that an attacker needs physical access to the device and must reboot it to exploit the flaw.
The flaw was discovered by Francisco Falcón and Iván Arce of Quarkslab but it is not known where it was publicly disclosed.
CVE-2024-43583 – Winlogon Elevation of Privilege Vulnerability
Microsoft fixed an elevation of privileges flaw that could give attackers SYSTEM privileges in Windows.
To be protected from this flaw, Microsoft says that admins must take additional actions.
“To address this vulnerability, ensure that a Microsoft first-party IME is enabled on your device,” explains Microsoft.
“By doing so, you can help protect your device from potential vulnerabilities associated with a third-party (3P) IME during the sign in process.”
Microsoft says wh1tc & Zhiniang Peng of pwnull discovered the flaws.
Recent updates from other companies
Other vendors who released updates or advisories in October 2024 include:
The October 2024 Patch Tuesday Security Updates
Below is the complete list of resolved vulnerabilities in the October 2024 Patch Tuesday updates.
To access the full description of each vulnerability and the systems it affects, you can view the full report here.
Tag | CVE ID | CVE Title | Severity |
---|---|---|---|
.NET and Visual Studio | CVE-2024-38229 | .NET and Visual Studio Remote Code Execution Vulnerability | Important |
.NET and Visual Studio | CVE-2024-43485 | .NET and Visual Studio Denial of Service Vulnerability | Important |
.NET, .NET Framework, Visual Studio | CVE-2024-43484 | .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability | Important |
.NET, .NET Framework, Visual Studio | CVE-2024-43483 | .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability | Important |
Azure CLI | CVE-2024-43591 | Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability | Important |
Azure Monitor | CVE-2024-38097 | Azure Monitor Agent Elevation of Privilege Vulnerability | Important |
Azure Stack | CVE-2024-38179 | Azure Stack Hyperconverged Infrastructure (HCI) Elevation of Privilege Vulnerability | Important |
BranchCache | CVE-2024-43506 | BranchCache Denial of Service Vulnerability | Important |
BranchCache | CVE-2024-38149 | BranchCache Denial of Service Vulnerability | Important |
Code Integrity Guard | CVE-2024-43585 | Code Integrity Guard Security Feature Bypass Vulnerability | Important |
DeepSpeed | CVE-2024-43497 | DeepSpeed Remote Code Execution Vulnerability | Important |
Internet Small Computer Systems Interface (iSCSI) | CVE-2024-43515 | Internet Small Computer Systems Interface (iSCSI) Denial of Service Vulnerability | Important |
Microsoft ActiveX | CVE-2024-43517 | Microsoft ActiveX Data Objects Remote Code Execution Vulnerability | Important |
Microsoft Configuration Manager | CVE-2024-43468 | Microsoft Configuration Manager Remote Code Execution Vulnerability | Critical |
Microsoft Defender for Endpoint | CVE-2024-43614 | Microsoft Defender for Endpoint for Linux Spoofing Vulnerability | Important |
Microsoft Edge (Chromium-based) | CVE-2024-9369 | Chromium: CVE-2024-9369 Insufficient data validation in Mojo | Unknown |
Microsoft Edge (Chromium-based) | CVE-2024-9370 | Chromium: CVE-2024-9370 Inappropriate implementation in V8 | Unknown |
Microsoft Edge (Chromium-based) | CVE-2024-7025 | Chromium: CVE-2024-7025 Integer overflow in Layout | Unknown |
Microsoft Graphics Component | CVE-2024-43534 | Windows Graphics Component Information Disclosure Vulnerability | Important |
Microsoft Graphics Component | CVE-2024-43508 | Windows Graphics Component Information Disclosure Vulnerability | Important |
Microsoft Graphics Component | CVE-2024-43556 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
Microsoft Graphics Component | CVE-2024-43509 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
Microsoft Management Console | CVE-2024-43572 | Microsoft Management Console Remote Code Execution Vulnerability | Important |
Microsoft Office | CVE-2024-43616 | Microsoft Office Remote Code Execution Vulnerability | Important |
Microsoft Office | CVE-2024-43576 | Microsoft Office Remote Code Execution Vulnerability | Important |
Microsoft Office | CVE-2024-43609 | Microsoft Office Spoofing Vulnerability | Important |
Microsoft Office Excel | CVE-2024-43504 | Microsoft Excel Remote Code Execution Vulnerability | Important |
Microsoft Office SharePoint | CVE-2024-43503 | Microsoft SharePoint Elevation of Privilege Vulnerability | Important |
Microsoft Office Visio | CVE-2024-43505 | Microsoft Office Visio Remote Code Execution Vulnerability | Important |
Microsoft Simple Certificate Enrollment Protocol | CVE-2024-43544 | Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability | Important |
Microsoft Simple Certificate Enrollment Protocol | CVE-2024-43541 | Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability | Important |
Microsoft WDAC OLE DB provider for SQL | CVE-2024-43519 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
Microsoft Windows Speech | CVE-2024-43574 | Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability | Important |
OpenSSH for Windows | CVE-2024-43615 | Microsoft OpenSSH for Windows Remote Code Execution Vulnerability | Important |
OpenSSH for Windows | CVE-2024-43581 | Microsoft OpenSSH for Windows Remote Code Execution Vulnerability | Important |
OpenSSH for Windows | CVE-2024-38029 | Microsoft OpenSSH for Windows Remote Code Execution Vulnerability | Important |
Outlook for Android | CVE-2024-43604 | Outlook for Android Elevation of Privilege Vulnerability | Important |
Power BI | CVE-2024-43612 | Power BI Report Server Spoofing Vulnerability | Important |
Power BI | CVE-2024-43481 | Power BI Report Server Spoofing Vulnerability | Important |
Remote Desktop Client | CVE-2024-43533 | Remote Desktop Client Remote Code Execution Vulnerability | Important |
Remote Desktop Client | CVE-2024-43599 | Remote Desktop Client Remote Code Execution Vulnerability | Important |
Role: Windows Hyper-V | CVE-2024-43521 | Windows Hyper-V Denial of Service Vulnerability | Important |
Role: Windows Hyper-V | CVE-2024-20659 | Windows Hyper-V Security Feature Bypass Vulnerability | Important |
Role: Windows Hyper-V | CVE-2024-43567 | Windows Hyper-V Denial of Service Vulnerability | Important |
Role: Windows Hyper-V | CVE-2024-43575 | Windows Hyper-V Denial of Service Vulnerability | Important |
RPC Endpoint Mapper Service | CVE-2024-43532 | Remote Registry Service Elevation of Privilege Vulnerability | Important |
Service Fabric | CVE-2024-43480 | Azure Service Fabric for Linux Remote Code Execution Vulnerability | Important |
Sudo for Windows | CVE-2024-43571 | Sudo for Windows Spoofing Vulnerability | Important |
Visual C++ Redistributable Installer | CVE-2024-43590 | Visual C++ Redistributable Installer Elevation of Privilege Vulnerability | Important |
Visual Studio | CVE-2024-43603 | Visual Studio Collector Service Denial of Service Vulnerability | Important |
Visual Studio Code | CVE-2024-43488 | Visual Studio Code extension for Arduino Remote Code Execution Vulnerability | Critical |
Visual Studio Code | CVE-2024-43601 | Visual Studio Code for Linux Remote Code Execution Vulnerability | Important |
Windows Ancillary Function Driver for WinSock | CVE-2024-43563 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important |
Windows BitLocker | CVE-2024-43513 | BitLocker Security Feature Bypass Vulnerability | Important |
Windows Common Log File System Driver | CVE-2024-43501 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important |
Windows Cryptographic Services | CVE-2024-43546 | Windows Cryptographic Information Disclosure Vulnerability | Important |
Windows cURL Implementation | CVE-2024-6197 | Open Source Curl Remote Code Execution Vulnerability | Important |
Windows EFI Partition | CVE-2024-37982 | Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability | Important |
Windows EFI Partition | CVE-2024-37976 | Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability | Important |
Windows EFI Partition | CVE-2024-37983 | Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability | Important |
Windows Hyper-V | CVE-2024-30092 | Windows Hyper-V Remote Code Execution Vulnerability | Important |
Windows Kerberos | CVE-2024-43547 | Windows Kerberos Information Disclosure Vulnerability | Important |
Windows Kerberos | CVE-2024-38129 | Windows Kerberos Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2024-43502 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2024-43511 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2024-43520 | Windows Kernel Denial of Service Vulnerability | Important |
Windows Kernel | CVE-2024-43527 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2024-43570 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2024-37979 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Windows Kernel-Mode Drivers | CVE-2024-43554 | Windows Kernel-Mode Driver Information Disclosure Vulnerability | Important |
Windows Kernel-Mode Drivers | CVE-2024-43535 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | Important |
Windows Local Security Authority (LSA) | CVE-2024-43522 | Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability | Important |
Windows Mobile Broadband | CVE-2024-43555 | Windows Mobile Broadband Driver Denial of Service Vulnerability | Important |
Windows Mobile Broadband | CVE-2024-43540 | Windows Mobile Broadband Driver Denial of Service Vulnerability | Important |
Windows Mobile Broadband | CVE-2024-43536 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important |
Windows Mobile Broadband | CVE-2024-43538 | Windows Mobile Broadband Driver Denial of Service Vulnerability | Important |
Windows Mobile Broadband | CVE-2024-43525 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important |
Windows Mobile Broadband | CVE-2024-43559 | Windows Mobile Broadband Driver Denial of Service Vulnerability | Important |
Windows Mobile Broadband | CVE-2024-43561 | Windows Mobile Broadband Driver Denial of Service Vulnerability | Important |
Windows Mobile Broadband | CVE-2024-43558 | Windows Mobile Broadband Driver Denial of Service Vulnerability | Important |
Windows Mobile Broadband | CVE-2024-43542 | Windows Mobile Broadband Driver Denial of Service Vulnerability | Important |
Windows Mobile Broadband | CVE-2024-43557 | Windows Mobile Broadband Driver Denial of Service Vulnerability | Important |
Windows Mobile Broadband | CVE-2024-43526 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important |
Windows Mobile Broadband | CVE-2024-43543 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important |
Windows Mobile Broadband | CVE-2024-43523 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important |
Windows Mobile Broadband | CVE-2024-43524 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important |
Windows Mobile Broadband | CVE-2024-43537 | Windows Mobile Broadband Driver Denial of Service Vulnerability | Important |
Windows MSHTML Platform | CVE-2024-43573 | Windows MSHTML Platform Spoofing Vulnerability | Moderate |
Windows Netlogon | CVE-2024-38124 | Windows Netlogon Elevation of Privilege Vulnerability | Important |
Windows Network Address Translation (NAT) | CVE-2024-43562 | Windows Network Address Translation (NAT) Denial of Service Vulnerability | Important |
Windows Network Address Translation (NAT) | CVE-2024-43565 | Windows Network Address Translation (NAT) Denial of Service Vulnerability | Important |
Windows NT OS Kernel | CVE-2024-43553 | NT OS Kernel Elevation of Privilege Vulnerability | Important |
Windows NTFS | CVE-2024-43514 | Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability | Important |
Windows Online Certificate Status Protocol (OCSP) | CVE-2024-43545 | Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability | Important |
Windows Print Spooler Components | CVE-2024-43529 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
Windows Remote Desktop | CVE-2024-43582 | Remote Desktop Protocol Server Remote Code Execution Vulnerability | Critical |
Windows Remote Desktop Licensing Service | CVE-2024-38262 | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | Important |
Windows Remote Desktop Services | CVE-2024-43456 | Windows Remote Desktop Services Tampering Vulnerability | Important |
Windows Resilient File System (ReFS) | CVE-2024-43500 | Windows Resilient File System (ReFS) Information Disclosure Vulnerability | Important |
Windows Routing and Remote Access Service (RRAS) | CVE-2024-43592 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
Windows Routing and Remote Access Service (RRAS) | CVE-2024-43589 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
Windows Routing and Remote Access Service (RRAS) | CVE-2024-38212 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
Windows Routing and Remote Access Service (RRAS) | CVE-2024-43593 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
Windows Routing and Remote Access Service (RRAS) | CVE-2024-38261 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
Windows Routing and Remote Access Service (RRAS) | CVE-2024-43611 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
Windows Routing and Remote Access Service (RRAS) | CVE-2024-43453 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
Windows Routing and Remote Access Service (RRAS) | CVE-2024-38265 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
Windows Routing and Remote Access Service (RRAS) | CVE-2024-43607 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
Windows Routing and Remote Access Service (RRAS) | CVE-2024-43549 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
Windows Routing and Remote Access Service (RRAS) | CVE-2024-43608 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
Windows Routing and Remote Access Service (RRAS) | CVE-2024-43564 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
Windows Scripting | CVE-2024-43584 | Windows Scripting Engine Security Feature Bypass Vulnerability | Important |
Windows Secure Channel | CVE-2024-43550 | Windows Secure Channel Spoofing Vulnerability | Important |
Windows Secure Kernel Mode | CVE-2024-43516 | Windows Secure Kernel Mode Elevation of Privilege Vulnerability | Important |
Windows Secure Kernel Mode | CVE-2024-43528 | Windows Secure Kernel Mode Elevation of Privilege Vulnerability | Important |
Windows Shell | CVE-2024-43552 | Windows Shell Remote Code Execution Vulnerability | Important |
Windows Standards-Based Storage Management Service | CVE-2024-43512 | Windows Standards-Based Storage Management Service Denial of Service Vulnerability | Important |
Windows Storage | CVE-2024-43551 | Windows Storage Elevation of Privilege Vulnerability | Important |
Windows Storage Port Driver | CVE-2024-43560 | Microsoft Windows Storage Port Driver Elevation of Privilege Vulnerability | Important |
Windows Telephony Server | CVE-2024-43518 | Windows Telephony Server Remote Code Execution Vulnerability | Important |
Winlogon | CVE-2024-43583 | Winlogon Elevation of Privilege Vulnerability | Important |
Update 9/11/24: Updated to explain that only three flaws were actively exploited and why CVE-2024-43491 was marked as exploited.