Microsoft Security Update Summary (October 8, 2024)

Posted on 2024-10-08 by guenni

Update[German]On October 8, 2024, Microsoft released security updates for Windows clients and servers, for Office – as well as for other products. The security updates eliminate 117 vulnerabilities (CVEs), including three critical vulnerabilities, four of which are classified as 0-day (two are already being exploited). Below is a compact overview of these updates that were released on Patchday.

Advertising

Notes on the updates

A list of the updates can be found on this Microsoft site. Details on the update packages for Windows, Office etc. are available in separate blog posts.

Windows 10/11, Windows Server

All Windows 10/11 updates (as well as the updates of the server counterparts) are cumulative. The monthly patchday update contains all security fixes for these Windows versions – as well as all non-security fixes up to the patchday. In addition to the security patches for the vulnerabilities, the updates also contain fixes to correct errors or new features.

Windows Server 2012 R2

Windows Server 2012 /R2 will receive regular security updates until October 2023. After this date, an ESU license will be required to obtain further security updates (Windows Server 2012/R2 gets Extended Security Updates (ESU) until October 2026).

Fixed vulnerabilities

Tenable has this blog post with an overview of the vulnerabilities that have been fixed. Here are some of the critical vulnerabilities that have been fixed:

  • CVE-2024-43572: Microsoft Management Console Remote Code Execution vulnerability, CVEv3 Score 7.8, important; The RCE vulnerability in Microsoft Management Console (MMC), rated important, could allow an attacker to trick a vulnerable target into opening a specially crafted file through the use of social engineering tactics. If successfully exploited, the attacker could execute arbitrary code. According to Microsoft, CVE-2024-43572 was exploited in the wild as a zero-day (last month there was already a fix for the RCE vulnerability CVE-2024-38259 in the MMC). As part of the patch for CVE-2024-43572, Microsoft changed the behavior for Microsoft Saved Console (MSC) files and prevented untrusted MSC files from being opened on a system.
  • CVE-2024-43573: Windows MSHTML Platform Spoofing vulnerability, CVEv3 Score 6.5, moderate; An unauthenticated remote attacker could exploit this vulnerability by tricking a victim into opening a malicious file. According to Microsoft, CVE-2024-43573 has been exploited in the wild as a zero-day. The MSHTML Platform is a permanent construction site – in 2024 this is the fourth 0-day vulnerability that has been patched and exploited in the wild.
  • CVE-2024-20659: Windows Hyper-V Security Feature Bypass vulnerability, CVEv3 Score 7.1, important; The vulnerability allows the security function in Windows Hyper-V to be bypassed. A successful attack would allow an attacker to bypass the Unified Extensible Firmware Interface (UEFI) of a virtual machine on the host computer. This could compromise both the hypervisor and the secure kernel. According to Microsoft, the vulnerability CVE-2024-20659 was publicly known before a patch was made available. Microsoft has rated the exploitability as "Exploitation Less Likely". This is likely due to the fact that several conditions, such as a reboot of the machine by the user and application-specific behavior among other required user actions, must be met for the vulnerability to be exploitable.In addition to CVE-2024-20659, Microsoft has also patched three Denial of Service (DoS) vulnerabilities and an RCE vulnerability in Windows Hyper-V (details can be found at Tenable).
  • CVE-2024-43583: Winlogon Elevation of Privilege vulnerability, CVEv3 Score 7.8, important; A local, authenticated attacker could exploit this vulnerability to gain SYSTEM privileges. According to Microsoft, CVE-2024-43583 was publicly disclosed before a patch was made available. In addition, Microsoft recommends enabling the IME (Input Method Editor) to work around vulnerabilities in third-party IMEs (see KB5046254).
  • CVE-2024-38212CVE-2024-38261CVE-2024-38265CVE-2024-43453CVE-2024-43549CVE-2024-43564CVE-2024-43589CVE-2024-43592CVE-2024-43593CVE-2024-43607CVE-2024-43608 and CVE-2024-43611: Windows Routing and Remote Access Service (RRAS) Remote Code Execution vulnerabilities, CVEv3 Score 8.8, important; A series of RCE vulnerabilities in Windows Routing and Remote Access Service (RRAS), all 12 of which have a common CVSSv3 score of 8.8 – the exception is CVE-2024-38261, with a score of 7.8. Each of these vulnerabilities is rated Exploitation Less Likely by Microsoft and have similar attack paths. An unauthenticated attacker could exploit this vulnerability by attacking a vulnerable server with a specially crafted protocol message or by tricking a user into sending a request to a malicious server, resulting in a malicious message being returned, which could lead to RCE on the vulnerable computer.
  • CVE-2024-43533CVE-2024-43599: Remote Desktop Client Remote Code Execution vulnerability, CVEv3 Score 8.8, important; The attack vector described by Microsoft assumes that an attacker first compromises a remote desktop server. Once this is compromised, the attacker can use RCE against vulnerable connecting devices. As a mitigating factor and part of security best practices, it is recommended to disable the Remote Desktop Service when it is not needed. Microsoft's recommendation goes on to explain that disabling unused services can help reduce exposure. Exploitation is considered "Exploitation Less Likely".
  • CVE-2024-43468: Microsoft Configuration Manager Remote Code Execution vulnerability, CVEv3 Score 9.8, critical; EAn attacker can exploit this vulnerability without prior authentication by sending a specially crafted request to a vulnerable computer. This leads to RCE on the computer or the underlying database.
  • CVE-2024-38124: Windows Netlogon Elevation of Privilege vulnerability, CVEv3 Score 9.0, important; An attacker would need authenticated access to the same network as a vulnerable device and would need to rename their machine to match the domain controller in order to establish a secure channel. Once these requirements are met, the attacker would need to rename their machine back to its original name. Once the new domain controller has been promoted, the attacker could use the secure channel to impersonate the domain controller and potentially compromise the entire domain.

A list of all CVEs discovered can be found on this Microsoft page, excerpts are available at Tenable. Below is the list of patched products:

Advertising
  • .NET and Visual Studio
  • .NET,.NET Framework, Visual Studio
  • Azure CLI
  • Azure Monitor
  • Azure Stack
  • BranchCache
  • Code Integrity Guard
  • DeepSpeed
  • Internet Small Computer Systems Interface (iSCSI)
  • Microsoft ActiveX
  • Microsoft Configuration Manager
  • Microsoft Defender for Endpoint
  • Microsoft Graphics Component
  • Microsoft Management Console
  • Microsoft Office
  • Microsoft Office Excel
  • Microsoft Office SharePoint
  • Microsoft Office Visio
  • Microsoft Simple Certificate Enrollment Protocol
  • Microsoft WDAC OLE DB provider for SQL
  • Microsoft Windows Speech
  • OpenSSH for Windows
  • Outlook for Android
  • Power BI
  • RPC Endpoint Mapper Service
  • Remote Desktop Client
  • Role: Windows Hyper-V
  • Service Fabric
  • Sudo for Windows
  • Visual C++ Redistributable Installer
  • Visual Studio
  • Visual Studio Code
  • Windows Ancillary Function Driver for WinSock
  • Windows BitLocker
  • Windows Common Log File System Driver
  • Windows Cryptographic Services
  • Windows EFI Partition
  • Windows Hyper-V
  • Windows Kerberos
  • Windows Kernel
  • Windows Kernel-Mode Drivers
  • Windows Local Security Authority (LSA)
  • Windows MSHTML Platform
  • Windows Mobile Broadband
  • Windows NT OS Kernel
  • Windows NTFS
  • Windows Netlogon
  • Windows Network Address Translation (NAT)
  • Windows Online Certificate Status Protocol (OCSP)
  • Windows Print Spooler Components
  • Windows Remote Desktop
  • Windows Remote Desktop Licensing Service
  • Windows Remote Desktop Services
  • Windows Resilient File System (ReFS)
  • Windows Routing and Remote Access Service (RRAS)
  • Windows Scripting
  • Windows Secure Channel
  • Windows Secure Kernel Mode
  • Windows Shell
  • Windows Standards-Based Storage Management Service
  • Windows Storage
  • Windows Storage Port Driver
  • Windows Telephony Server
  • Winlogon

Similar articles:
Office Updates October 1, 2024
Microsoft Security Update Summary (October 8, 2024)
Patchday: Windows 10/Server-Updates (October 8, 2024)
Patchday: Windows 11/Server 2022-Updates (October 8, 2024)
Patchday: Windows Server 2012 / R2 and Windows 7 (October 8, 2024)
Patchday: Microsoft Office Updates (October 8, 2024)

Advertising
This entry was posted in Office, Security, Software, Update, Windows and tagged , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).