Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws (2024)

Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws (1)

Today is Microsoft's October 2024 Patch Tuesday, which includes security updates for 118 flaws, including five publicly disclosed zero-days, two of which are actively exploited.

This Patch Tuesday fixed three critical vulnerabilities, all remote code execution flaws.

The number of bugs in each vulnerability category is listed below:

  • 28 Elevation of Privilege vulnerabilities
  • 7 Security Feature Bypass vulnerabilities
  • 43 Remote Code Execution vulnerabilities
  • 6 Information Disclosure vulnerabilities
  • 26 Denial of Service vulnerabilities
  • 7 Spoofing vulnerabilities

This count does not include three Edge flaws that were previously fixed on October 3rd.

To learn more about the non-security updates released today, you can review our dedicated articles on the new Windows 11 KB5044284 and KB5044285 cumulative updates and the Windows 10 KB5044273 update.

Four zero-days disclosed

This month's Patch Tuesday fixes five zero-days, two of which were actively exploited in attacks, and all five were publicly disclosed.

Microsoft classifies a zero-day flaw as one that is publicly disclosed or actively exploited while no official fix is available.

The two actively exploited zero-day vulnerabilities in today's updates are:

CVE-2024-43573 - Windows MSHTML Platform Spoofing Vulnerability

While Microsoft has not shared any detailed information about this bug or how it's exploited, they did state it involved the MSHTML platform, previously used by Internet Explorer and Legacy Microsoft Edge, whose components are still installed in Windows.

"While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported," explained Microsoft.

"The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control. The EdgeHTML platform is used by WebView and some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but can also be used by other legacy applications."

While not confirmed, this could be a bypass of a previous vulnerability that abused MSHTML to spoof file extensions in alerts displayed when opening files. A similar MSHTML spoofing flaw was disclosed last month when attacks utilizedBraille characters in filenames to spoof PDF files.

Microsoft has not shared who disclosed the vulnerability.

CVE-2024-43572 - Microsoft Management Console Remote Code Execution Vulnerability

This flaw allowed maliciousMicrosoft Saved Console (MSC) files to perform remote code execution on vulnerable devices.

Microsoft fixed the flaw by preventing untrusted MSC files from being opened.

"The security update will prevent untrusted Microsoft Saved Console (MSC) files from being opened to protect customers against the risks associated with this vulnerability," explained Microsoft.

It is unknown how this flaw was actively exploited in attacks.

Microsoft says the bug was disclosed by "Andres and Shady".

Microsoft says that both of these were also publicly disclosed.

The other three vulnerabilities that were publicly disclosedbut not exploited in attacks are:

CVE-2024-6197 -Open Source Curl Remote Code Execution Vulnerability

Microsoft fixed a libcurl remote code execution flaw that could cause commands to be executed when Curl attempts to connect to a malicious server.

"The vulnerable code path can be triggered by a malicious server offering an especially crafted TLS certificate," explains a Curl security advisory.

Microsoft fixed the flaw by updating the libcurl library used by the Curl executable bundled with Windows.

The flaw was discovered by a security researchernamed "z2_," who shared technical details in a HackerOne report.

CVE-2024-20659 - Windows Hyper-V Security Feature Bypass Vulnerability

Microsoft fixed a UEFI bypass that could allow attackers to compromised the hypervisor and kernel.

"This Hypervisor vulnerability relates to Virtual Machines within a Unified Extensible Firmware Interface (UEFI) host machine," explains Microsoft.

"On some specific hardware it might be possible to bypass the UEFI, which could lead to the compromise of the hypervisor and the secure kernel."

Microsoft says that an attacker needs physical access to the device and must reboot it to exploit the flaw.

The flaw was discovered byFrancisco Falcón and Iván Arce of Quarkslab but it is not known where it was publicly disclosed.

CVE-2024-43583 - Winlogon Elevation of Privilege Vulnerability

Microsoft fixed an elevation of privileges flaw that could give attackers SYSTEM privileges in Windows.

To be protected from this flaw, Microsoft says that admins must take additional actions.

"To address this vulnerability, ensure that a Microsoft first-party IME is enabled on your device," explains Microsoft.

"By doing so, you can help protect your device from potential vulnerabilities associated with a third-party (3P) IME during the sign in process."

Microsoft says wh1tc & Zhiniang Peng of pwnull discovered the flaws.

Recent updates from other companies

Other vendors who released updates or advisories in October 2024 include:

  • Ciscoreleases security updates for multiple products, includingCisco Meraki MX and Z Series Teleworker Gateway,Cisco Nexus Dashboard, and routers.
  • DrayTekreleased security updates for 14 vulnerabilities in various router models.
  • Fortinet fixes four vulnerabilities in various firmware, with none reported as actively exploited.
  • Ivantireleased security updates for three zero-days chained in active attacks.
  • Optigo Networks released security updates for two flaws in itsONS-S8 Aggregation Switch products.
  • Qualcommreleased security patches for a zero-day vulnerability in the Digital Signal Processor (DSP) service.
  • SAP releases security updates for multiple products as part of October Patch Day.

The October 2024Patch Tuesday Security Updates

Below is the complete list of resolved vulnerabilities in the October 2024 Patch Tuesday updates.

Toaccess the full description of each vulnerability and the systemsit affects, you can view thefull report here.

TagCVE IDCVE TitleSeverity
.NET and Visual StudioCVE-2024-38229.NET and Visual Studio Remote Code Execution VulnerabilityImportant
.NET and Visual StudioCVE-2024-43485.NET and Visual Studio Denial of Service VulnerabilityImportant
.NET, .NET Framework, Visual StudioCVE-2024-43484.NET, .NET Framework, and Visual Studio Denial of Service VulnerabilityImportant
.NET, .NET Framework, Visual StudioCVE-2024-43483.NET, .NET Framework, and Visual Studio Denial of Service VulnerabilityImportant
Azure CLICVE-2024-43591Azure Command Line Integration (CLI) Elevation of Privilege VulnerabilityImportant
Azure MonitorCVE-2024-38097Azure Monitor Agent Elevation of Privilege VulnerabilityImportant
Azure StackCVE-2024-38179Azure Stack Hyperconverged Infrastructure (HCI) Elevation of Privilege VulnerabilityImportant
BranchCacheCVE-2024-43506BranchCache Denial of Service VulnerabilityImportant
BranchCacheCVE-2024-38149BranchCache Denial of Service VulnerabilityImportant
Code Integrity GuardCVE-2024-43585Code Integrity Guard Security Feature Bypass VulnerabilityImportant
DeepSpeedCVE-2024-43497DeepSpeed Remote Code Execution VulnerabilityImportant
Internet Small Computer Systems Interface (iSCSI)CVE-2024-43515Internet Small Computer Systems Interface (iSCSI) Denial of Service VulnerabilityImportant
Microsoft ActiveXCVE-2024-43517Microsoft ActiveX Data Objects Remote Code Execution VulnerabilityImportant
Microsoft Configuration ManagerCVE-2024-43468Microsoft Configuration Manager Remote Code Execution VulnerabilityCritical
Microsoft Defender for EndpointCVE-2024-43614Microsoft Defender for Endpoint for Linux Spoofing VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2024-9369Chromium: CVE-2024-9369 Insufficient data validation in MojoUnknown
Microsoft Edge (Chromium-based)CVE-2024-9370Chromium: CVE-2024-9370 Inappropriate implementation in V8Unknown
Microsoft Edge (Chromium-based)CVE-2024-7025Chromium: CVE-2024-7025 Integer overflow in LayoutUnknown
Microsoft Graphics ComponentCVE-2024-43534Windows Graphics Component Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2024-43508Windows Graphics Component Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2024-43556Windows Graphics Component Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2024-43509Windows Graphics Component Elevation of Privilege VulnerabilityImportant
Microsoft Management ConsoleCVE-2024-43572Microsoft Management Console Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2024-43616Microsoft Office Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2024-43576Microsoft Office Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2024-43609Microsoft Office Spoofing VulnerabilityImportant
Microsoft Office ExcelCVE-2024-43504Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2024-43503Microsoft SharePoint Elevation of Privilege VulnerabilityImportant
Microsoft Office VisioCVE-2024-43505Microsoft Office Visio Remote Code Execution VulnerabilityImportant
Microsoft Simple Certificate Enrollment ProtocolCVE-2024-43544Microsoft Simple Certificate Enrollment Protocol Denial of Service VulnerabilityImportant
Microsoft Simple Certificate Enrollment ProtocolCVE-2024-43541Microsoft Simple Certificate Enrollment Protocol Denial of Service VulnerabilityImportant
Microsoft WDAC OLE DB provider for SQLCVE-2024-43519Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution VulnerabilityImportant
Microsoft Windows SpeechCVE-2024-43574Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution VulnerabilityImportant
OpenSSH for WindowsCVE-2024-43615Microsoft OpenSSH for Windows Remote Code Execution VulnerabilityImportant
OpenSSH for WindowsCVE-2024-43581Microsoft OpenSSH for Windows Remote Code Execution VulnerabilityImportant
OpenSSH for WindowsCVE-2024-38029Microsoft OpenSSH for Windows Remote Code Execution VulnerabilityImportant
Outlook for AndroidCVE-2024-43604Outlook for Android Elevation of Privilege VulnerabilityImportant
Power BICVE-2024-43612Power BI Report Server Spoofing VulnerabilityImportant
Power BICVE-2024-43481Power BI Report Server Spoofing VulnerabilityImportant
Remote Desktop ClientCVE-2024-43533Remote Desktop Client Remote Code Execution VulnerabilityImportant
Remote Desktop ClientCVE-2024-43599Remote Desktop Client Remote Code Execution VulnerabilityImportant
Role: Windows Hyper-VCVE-2024-43521Windows Hyper-V Denial of Service VulnerabilityImportant
Role: Windows Hyper-VCVE-2024-20659Windows Hyper-V Security Feature Bypass VulnerabilityImportant
Role: Windows Hyper-VCVE-2024-43567Windows Hyper-V Denial of Service VulnerabilityImportant
Role: Windows Hyper-VCVE-2024-43575Windows Hyper-V Denial of Service VulnerabilityImportant
RPC Endpoint Mapper ServiceCVE-2024-43532Remote Registry Service Elevation of Privilege VulnerabilityImportant
Service FabricCVE-2024-43480Azure Service Fabric for Linux Remote Code Execution VulnerabilityImportant
Sudo for WindowsCVE-2024-43571Sudo for Windows Spoofing VulnerabilityImportant
Visual C++ Redistributable InstallerCVE-2024-43590Visual C++ Redistributable Installer Elevation of Privilege VulnerabilityImportant
Visual StudioCVE-2024-43603Visual Studio Collector Service Denial of Service VulnerabilityImportant
Visual Studio CodeCVE-2024-43488Visual Studio Code extension for Arduino Remote Code Execution VulnerabilityCritical
Visual Studio CodeCVE-2024-43601Visual Studio Code for Linux Remote Code Execution VulnerabilityImportant
Windows Ancillary Function Driver for WinSockCVE-2024-43563Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityImportant
Windows BitLockerCVE-2024-43513BitLocker Security Feature Bypass VulnerabilityImportant
Windows Common Log File System DriverCVE-2024-43501Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
Windows Cryptographic ServicesCVE-2024-43546Windows Cryptographic Information Disclosure VulnerabilityImportant
Windows cURL ImplementationCVE-2024-6197Open Source Curl Remote Code Execution VulnerabilityImportant
Windows EFI PartitionCVE-2024-37982Windows Resume Extensible Firmware Interface Security Feature Bypass VulnerabilityImportant
Windows EFI PartitionCVE-2024-37976Windows Resume Extensible Firmware Interface Security Feature Bypass VulnerabilityImportant
Windows EFI PartitionCVE-2024-37983Windows Resume Extensible Firmware Interface Security Feature Bypass VulnerabilityImportant
Windows Hyper-VCVE-2024-30092Windows Hyper-V Remote Code Execution VulnerabilityImportant
Windows KerberosCVE-2024-43547Windows Kerberos Information Disclosure VulnerabilityImportant
Windows KerberosCVE-2024-38129Windows Kerberos Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2024-43502Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2024-43511Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2024-43520Windows Kernel Denial of Service VulnerabilityImportant
Windows KernelCVE-2024-43527Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2024-43570Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2024-37979Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows Kernel-Mode DriversCVE-2024-43554Windows Kernel-Mode Driver Information Disclosure VulnerabilityImportant
Windows Kernel-Mode DriversCVE-2024-43535Windows Kernel-Mode Driver Elevation of Privilege VulnerabilityImportant
Windows Local Security Authority (LSA)CVE-2024-43522Windows Local Security Authority (LSA) Elevation of Privilege VulnerabilityImportant
Windows Mobile BroadbandCVE-2024-43555Windows Mobile Broadband Driver Denial of Service VulnerabilityImportant
Windows Mobile BroadbandCVE-2024-43540Windows Mobile Broadband Driver Denial of Service VulnerabilityImportant
Windows Mobile BroadbandCVE-2024-43536Windows Mobile Broadband Driver Remote Code Execution VulnerabilityImportant
Windows Mobile BroadbandCVE-2024-43538Windows Mobile Broadband Driver Denial of Service VulnerabilityImportant
Windows Mobile BroadbandCVE-2024-43525Windows Mobile Broadband Driver Remote Code Execution VulnerabilityImportant
Windows Mobile BroadbandCVE-2024-43559Windows Mobile Broadband Driver Denial of Service VulnerabilityImportant
Windows Mobile BroadbandCVE-2024-43561Windows Mobile Broadband Driver Denial of Service VulnerabilityImportant
Windows Mobile BroadbandCVE-2024-43558Windows Mobile Broadband Driver Denial of Service VulnerabilityImportant
Windows Mobile BroadbandCVE-2024-43542Windows Mobile Broadband Driver Denial of Service VulnerabilityImportant
Windows Mobile BroadbandCVE-2024-43557Windows Mobile Broadband Driver Denial of Service VulnerabilityImportant
Windows Mobile BroadbandCVE-2024-43526Windows Mobile Broadband Driver Remote Code Execution VulnerabilityImportant
Windows Mobile BroadbandCVE-2024-43543Windows Mobile Broadband Driver Remote Code Execution VulnerabilityImportant
Windows Mobile BroadbandCVE-2024-43523Windows Mobile Broadband Driver Remote Code Execution VulnerabilityImportant
Windows Mobile BroadbandCVE-2024-43524Windows Mobile Broadband Driver Remote Code Execution VulnerabilityImportant
Windows Mobile BroadbandCVE-2024-43537Windows Mobile Broadband Driver Denial of Service VulnerabilityImportant
Windows MSHTML PlatformCVE-2024-43573Windows MSHTML Platform Spoofing VulnerabilityModerate
Windows NetlogonCVE-2024-38124Windows Netlogon Elevation of Privilege VulnerabilityImportant
Windows Network Address Translation (NAT)CVE-2024-43562Windows Network Address Translation (NAT) Denial of Service VulnerabilityImportant
Windows Network Address Translation (NAT)CVE-2024-43565Windows Network Address Translation (NAT) Denial of Service VulnerabilityImportant
Windows NT OS KernelCVE-2024-43553NT OS Kernel Elevation of Privilege VulnerabilityImportant
Windows NTFSCVE-2024-43514Windows Resilient File System (ReFS) Elevation of Privilege VulnerabilityImportant
Windows Online Certificate Status Protocol (OCSP)CVE-2024-43545Windows Online Certificate Status Protocol (OCSP) Server Denial of Service VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2024-43529Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Remote DesktopCVE-2024-43582Remote Desktop Protocol Server Remote Code Execution VulnerabilityCritical
Windows Remote Desktop Licensing ServiceCVE-2024-38262Windows Remote Desktop Licensing Service Remote Code Execution VulnerabilityImportant
Windows Remote Desktop ServicesCVE-2024-43456Windows Remote Desktop Services Tampering VulnerabilityImportant
Windows Resilient File System (ReFS)CVE-2024-43500Windows Resilient File System (ReFS) Information Disclosure VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2024-43592Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2024-43589Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2024-38212Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2024-43593Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2024-38261Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2024-43611Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2024-43453Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2024-38265Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2024-43607Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2024-43549Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2024-43608Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2024-43564Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows ScriptingCVE-2024-43584Windows Scripting Engine Security Feature Bypass VulnerabilityImportant
Windows Secure ChannelCVE-2024-43550Windows Secure Channel Spoofing VulnerabilityImportant
Windows Secure Kernel ModeCVE-2024-43516Windows Secure Kernel Mode Elevation of Privilege VulnerabilityImportant
Windows Secure Kernel ModeCVE-2024-43528Windows Secure Kernel Mode Elevation of Privilege VulnerabilityImportant
Windows ShellCVE-2024-43552Windows Shell Remote Code Execution VulnerabilityImportant
Windows Standards-Based Storage Management ServiceCVE-2024-43512Windows Standards-Based Storage Management Service Denial of Service VulnerabilityImportant
Windows StorageCVE-2024-43551Windows Storage Elevation of Privilege VulnerabilityImportant
Windows Storage Port DriverCVE-2024-43560Microsoft Windows Storage Port Driver Elevation of Privilege VulnerabilityImportant
Windows Telephony ServerCVE-2024-43518Windows Telephony Server Remote Code Execution VulnerabilityImportant
WinlogonCVE-2024-43583Winlogon Elevation of Privilege VulnerabilityImportant

Update 9/11/24: Updated to explain that only three flaws were actively exploited and whyCVE-2024-43491 was marked as exploited.

Related Articles:

Microsoft September 2024 Patch Tuesday fixes 4 zero-days, 79 flaws

Windows 10 KB5043064 update released with 6 fixes, security updates

Windows 11 KB5043076 cumulative update released with 19 changes

Windows 10 KB5044273 update released with 9 fixes, security updates

Windows 10 KB5043131 update released with 9 changes and fixes

Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws (2024)
Top Articles
Latest Posts
Recommended Articles
Article information

Author: Francesca Jacobs Ret

Last Updated:

Views: 5812

Rating: 4.8 / 5 (68 voted)

Reviews: 91% of readers found this page helpful

Author information

Name: Francesca Jacobs Ret

Birthday: 1996-12-09

Address: Apt. 141 1406 Mitch Summit, New Teganshire, UT 82655-0699

Phone: +2296092334654

Job: Technology Architect

Hobby: Snowboarding, Scouting, Foreign language learning, Dowsing, Baton twirling, Sculpting, Cabaret

Introduction: My name is Francesca Jacobs Ret, I am a innocent, super, beautiful, charming, lucky, gentle, clever person who loves writing and wants to share my knowledge and understanding with you.