Patch Tuesday | October 2024

Every month on the second Tuesday, Microsoft and other vendors release security software patches in what has become known as Patch Tuesday. For the October 2024 Patch Tuesday update, Microsoft released 120 CVEs, 3 of which were rated as Critical. This includes 43 Remote Code Execution, 28 Elevation of Privilege, and 27 Denial of Service vulnerabilities. 2 of them have been previously exploited and 5 were previously publicly disclosed. 28 received a CVSS3.1 base score higher than 8.0.

CVE-2024-43572 - Microsoft Management Console Remote Code Execution Vulnerability

Microsoft is patching a vulnerability pertaining to Microsoft Saved Console (MSC) files that can be leveraged in phishing and other social engineering attacks to execute code when the file is opened by a victim. Specifically, the update prevents users from opening untrusted MSC files.

MSC files have been used by attackers as a defense evasion method while attempting to gain initial access. For example, North Korean APT group Kimsuky has used the technique. Researchers at Elastic also outline another method for using MSC files in June, dubbed GrimResource .

CVE-2024-43573 - Windows MSHTML Platform Spoofing Vulnerability

This vulnerability release joins multiple other 0day MSHTML platform spoofing vulnerabilities patched this year, such as CVE-2024-43461 and CVE-2024-38112 , which were observed being actively exploited in the wild by APT group Void Banshee . The MSHTML platform is a rendering engine used by Internet Explorer and remains supported despite Internet Explorer’s retirement.

CVE-2024-43468 - Microsoft Configuration Manager Remote Code Execution Vulnerability

Microsoft clocks this vulnerability affecting the Configuration Manager in at a 9.8 CVSS 3.1 score. Exploitation of this vulnerability has not been previously observed, but it would allow an unauthenticated attacker with access to the Configuration Manager environment remote code execution.

To update and protect against this vulnerability, the Configuration Manager needs an in-console update . Otherwise, Microsoft suggests ensuring that the Management point connection account is set to an alternate service account instead of the default computer account.

Affected versions of the Configuration Manager include: 2303, 2309, and 2403.

CVE-2024-43582 - Remote Desktop Protocol Server Remote Code Execution Vulnerability

This vulnerability would allow unauthenticated attackers with network access to an RPC host to achieve remote code execution with the RPC service’s permissions. Successful attackers would have to win a race condition to exploit CVE-2024-43582. This raises the bar of complexity for attackers, but still highlights yet another reason why RDP servers should not be openly accessible to the internet.

?

?