Microsoft’s October 2024 Patch Tuesday Addresses 117 CVEs

On October 8, Microsoft released its October 2024 Patch Tuesday release which patched 117 CVEs with three rated as critical, 113 rated important and one rated moderate.

This month's update included patches for four zero-day vulnerabilities, two of which were exploited in the wild.

CVE-2024-43572 is a RCE vulnerability in Microsoft Management Console (MMC) and according to Microsoft, was exploited in the wild as a zero-day. It was assigned a CVSSv3 score of 7.8 and is rated as important. An attacker could exploit this vulnerability by convincing a vulnerable target through the use of social engineering tactics to open a specially crafted file. Successful exploitation would allow the attacker to execute arbitrary code. 

CVE-2024-43573 is a spoofing vulnerability in the Windows MSHTML Platform. It was assigned a CVSSv3 score of 6.5 and is rated as moderate. An unauthenticated, remote attacker could exploit this vulnerability by convincing a potential target to open a malicious file. According to Microsoft, CVE-2024-43573 was exploited in the wild as a zero-day. 

This month’s update includes patches for:

• .NET and Visual Studio
• .NET, .NET Framework, Visual Studio
• Azure CLI
• Azure Monitor
• Azure Stack
• BranchCache
• Code Integrity Guard
• DeepSpeed
• Internet Small Computer Systems Interface (iSCSI)
• Microsoft ActiveX
• Microsoft Configuration Manager
• Microsoft Defender for Endpoint
• Microsoft Graphics Component
• Microsoft Management Console
• Microsoft Office
• Microsoft Office Excel
• Microsoft Office SharePoint
• Microsoft Office Visio
• Microsoft Simple Certificate Enrollment Protocol
• Microsoft WDAC OLE DB provider for SQL
• Microsoft Windows Speech
• OpenSSH for Windows
• Outlook for Android
• Power BI
• RPC Endpoint Mapper Service
• Remote Desktop Client
• Role: Windows Hyper-V
• Service Fabric
• Sudo for Windows
• Visual C++ Redistributable Installer
• Visual Studio
• Visual Studio Code
• Windows Ancillary Function Driver for WinSock
• Windows BitLocker
• Windows Common Log File System Driver
• Windows Cryptographic Services
• Windows EFI Partition
• Windows Hyper-V
• Windows Kerberos
• Windows Kernel
• Windows Kernel-Mode Drivers
• Windows Local Security Authority (LSA)
• Windows MSHTML Platform
• Windows Mobile Broadband
• Windows NT OS Kernel
• Windows NTFS
• Windows Netlogon
• Windows Network Address Translation (NAT)
• Windows Online Certificate Status Protocol (OCSP)
• Windows Print Spooler Components
• Windows Remote Desktop
• Windows Remote Desktop Licensing Service
• Windows Remote Desktop Services
• Windows Resilient File System (ReFS)
• Windows Routing and Remote Access Service (RRAS)
• Windows Scripting
• Windows Secure Channel
• Windows Secure Kernel Mode
• Windows Shell
• Windows Standards-Based Storage Management Service
• Windows Storage
• Windows Storage Port Driver
• Windows Telephony Server
• Winlogon

For more information, please visit our blog.