Microsoft Releases October 2024 Patches

Microsoft has released software updates as part of its October 2024 Patch Tuesday. The updates fix 118 security vulnerabilities in total, including 5 zero-day vulnerabilities, 2 of which is being actively exploited.

The breakdown of the vulnerabilities are as follows:

  • 28 privilege escalation

  • 7 security feature bypass

  • 43 remote code execution

  • 6 information disclosure

  • 26 denial of service

  • 7 spoofing

The 2 actively exploited zero-day vulnerabilities are as follows:

  • CVE-2024-43573 - vulnerability in Windows MSHTML Platform that allows an attacker to spoof files

  • CVE-2024-43572 - vulnerability in Microsoft Management Console that can lead to remote code execution

Why You Should Care?

Zero-day vulnerabilities are vulnerabilities where a flaw has been identified but there was no fix for the flaw, which means attackers will try to exploit as many targets as possible before users fix the vulnerability. This makes it extra dangerous, and needs to be addressed as soon as possible.

In this case, 2 of the zero-days are already being exploited, which means it is only a matter of time before the attackers compromise your business. Now that patches are available, it is critical to apply the patches as soon as possible to avoid getting compromised.

What Should You Do?

  • Test the patches ASAP at your organization, and make sure it does not break any business applications

  • Prioritize patching against the 2 actively exploited zero-days

  • Next priority are the other zero-days

  • Roll out the rest of the Patch Tuesday updates

References

  • https://www.bleepingcomputer.com/news/microsoft/microsoft-october-2024-patch-tuesday-fixes-5-zero-days-118-flaws/

Previous
Previous

Lego’s website hacked and more - October 13, 2024

Next
Next

UMC Health System suffered ransomware attack and more - October 6, 2024