Monday, December 23, 2024

Microsoft Fixed 100+ Vulnerabilities With October Patch Tuesday

Must read

Microsoft addressed crossed the century of vulnerability fixes, making it one of the huge update bundles released this year. With October 2024 Patch Tuesday, Microsoft patched 117 security vulnerabilities, including some publicly known and actively exploited flaws.

Important Security Fixes With October Patch Tuesday From Microsoft

This month’s update’s most crucial security fixes address two publicly known and two other actively exploited flaws. While these vulnerabilities did not achieve high severity scores, they attracted attention due to their publicly disclosed status, which increases the threat. These vulnerabilities include,

  • CVE-2024-43572 (important; CVSS 7.8): A publicly known remote code execution vulnerability in the Microsoft Management Console. Exploiting the flaw requires a remote attacker to trick the victim into loading a maliciously crafted MMC snap-in. The tech giant confirmed detecting active exploitation of the flaw.
  • CVE-2024-43573 (moderate; CVSS 6.5): Another publicly known and actively exploited spoofing vulnerability affecting the Windows MSHTML Platform.
  • CVE-2024-20659 (important; CVSS 7.1): A security feature bypass in the Windows Hyper-V. Exploiting the flaw required an attacker to lure the victim into restarting their system. Successful exploitation would allow bypassing UEFI to compromise the Hypervisor and the secure kernel. While not exploited, Microsoft confirmed public disclosure of the flaw prior to a fix.
  • CVE-2024-43583 (important; CVSS 7.8): Another publicly disclosed privilege escalation vulnerability that barely escaped exploits. This vulnerability affected Winlogon, allowing SYSTEM privileges to an adversary.

Other Vulnerability Patches

In addition to the above, this month’s massive update bundle addressed three critical remote code execution vulnerabilities. These flaws affected Microsoft Configuration Manager (CVE-2024-43468), Remote Desktop Protocol Server (CVE-2024-43582), and Visual Studio Code extension for Arduino (CVE-2024-43488).

The remaining vulnerabilities, which affect different Microsoft products, have all achieved important severity ratings. These include 26 denial of service vulnerabilities, 27 privilege escalation issues, 6 information disclosure vulnerabilities, 38 remote code execution flaws, 6 security feature bypass issues, 6 spoofing vulnerabilities, and a single tampering issue.

In all, Microsoft released 117 vulnerability patches, alongside some third-party security fixes, with October Patch Tuesday, making it a huge update. Given the patch for some publicly known flaws, all users must update their systems with the latest updates to prevent potential threats.

Let us know your thoughts in the comments.

Latest article