5 Zero-Days in Microsofts October Update to Patch Immediately

  /     /     /  
Publicated : 23/11/2024   Category : security


5 Zero-Days in Microsofts October Update to Patch Immediately


Threat actors are actively exploiting two of the vulnerabilities, while three others are publicly known and ripe for attack.



Microsofts October security update addressed a substantial 117 vulnerabilities, including two actively exploited flaws and three publicly disclosed but as yet unexploited bugs.
The update is the third largest so far this year in terms of disclosed CVEs, after
Aprils 147 CVEs
and
Julys set of 139 flaws
.
A plurality of the bugs (46) enables remote code execution (RCE), and 28 others give threat actors a way to elevate privileges. The remaining vulnerabilities include those that enable spoofing, denial of service, and other malicious outcomes. As always, the CVEs affected a wide range of Microsoft technologies, including the Windows operating system, Microsofts Hyper-V virtualization technology, Windows Kerberos, Azure, Power BI, and .NET components.
The two vulnerabilities in the
October update
that attackers are actively exploiting are also the ones that merit immediate attention.
One of them is
CVE-2024-43573
, a spoofing vulnerability in MSHTML, or the Trident legacy browsing engine for Internet Explorer that Microsoft includes in modern versions to maintain backward compatibility. The bug is similar to
CVE-2024-38112
and
CVE-2024-43461
that Microsoft disclosed in MSHTML in July and September, respectively, which the
Void Banshee group
has been actively exploiting. Another unusual aspect of the bug: Microsoft has not credited anyone for reporting or discovering it.
Organizations should not allow Microsofts moderate severity assessment for CVE-2024-43573 to lull them into thinking the bug does not merit immediate attention, researchers at Trend Micros Zero Day Initiative
wrote in a blog post
. Theres no word from Microsoft on whether its [Void Banshee], but considering there is no acknowledgment here, it makes me think the original patch was insufficient, the ZDI post noted. Either way, dont ignore this based on the severity rating. Test and deploy this update quickly.
The other zero-day that attackers are currently exploiting is
CVE-2024-43572
, an RCE flaw in Microsoft Management Console (MMC). Microsoft said its patch prevents untrusted Microsoft Saved Console (MSC) files from being opened to protect customers against the risks associated with this vulnerability.
Earlier this year, researchers at Elastic Security reported observing threat actors using specially crafted MMC files, dubbed
GrimResource
for initial access and defense evasion purposes. However, it is not immediately clear if the attackers were exploiting CVE-2024-43572 in that campaign or some other bug. Microsoft didnt address the point in this most recent patch update.
The three other zero-day bugs that Microsoft disclosed as part of its October security update — but which attackers have not exploited yet — are
CVE-2024-6197,
a remote code execution vulnerability in the open source cURLl command line tool;
CVE-2024-20659
, a moderate severity security bypass vulnerability in Windows Hyper-V; and
CVE-2024-43583
, a WinLogon elevation of privilege vulnerability.
Mike Walters, president and co-founder of Action 1, said organizations should prioritize patching CVE-2024-6197. Though Microsoft has assessed the vulnerability as something that attackers are less likely to exploit, Walters expects to see proof-of-concept code for the flaw become available soon. This vulnerability is particularly concerning, because it impacts the fundamental architecture of memory management in cURL, a tool integral to data transfers across various network protocols, Walters
wrote in a blog post
. The affected systems include those using cURL or libcurl, the underlying library that powers numerous applications on diverse platforms.
Meanwhile, organizations using third-party input method editors (IMEs) that allow users to type in different languages are at particular risk from CVE-2024-43583, which is the WinLogon elevation of privilege flaw, Walters added. This vulnerability is particularly pertinent in diverse settings where multilingual support is crucial, such as in global enterprises or educational institutions, he said. Attackers could exploit the vulnerability as part of a broader attack chain to compromise affected environments he said.
Microsoft assessed just three of the 117 vulnerabilities it disclosed this week as being critical. All three are RCEs. They are
CVE-2024-43468
in Microsoft Configuration Manager,
CVE-2024-43582
in the Remote Desktop Protocol (RDP) server, and
CVE-2024-43488
in Visual Studio Code extension for Arduino Remote.
CVE-2024-43468 highlights some memory safety concerns with Microsoft Configuration Manager, Cody Dietz, a researcher with Automox,
wrote in a blog post
. Successful exploitation of this vulnerability can allow for lateral movement throughout a network and offers the potential to deploy malicious configurations to other systems. In addition to immediately patching the vulnerability, organizations should consider using an alternate service account to mitigate risk, Dietz said.
Automox also highlighted
CVE-2024-43533
, a high-severity bug in RDP. The bug is present in the RDP client and enables attackers to execute arbitrary code on a client machine. Unlike typical RDP vulnerabilities targeting servers, this one flips the script, offering a unique attack vector against clients, Tom Bowyer, director of IT security at Automox, wrote in the companys blog post
.
This vulnerability opens the door for back-hacks, Boyer added, where attackers set up rogue RDP servers to exploit scanning activities from entities like nation-states or security companies.

Last News

▸ Criminal Possession of Government-Grade Stealth Malware ◂
Discovered: 23/12/2024
Category: security

▸ Senate wants changes to cybercrime law. ◂
Discovered: 23/12/2024
Category: security

▸ Car Sector Speeds Up In Security. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
5 Zero-Days in Microsofts October Update to Patch Immediately