Source URL: https://blog.talosintelligence.com/microsoft-patch-tuesday-october-2024/
Source: Cisco Talos Blog
Title: Largest Patch Tuesday since July includes two exploited in the wild, three critical vulnerabilities
Feedly Summary: The two vulnerabilities that Microsoft reports have been actively exploited in the wild and are publicly known are both rated as only being of “moderate” severity.
AI Summary and Description: Yes
Summary: The text discusses Microsoft’s October Patch Tuesday, which reveals multiple vulnerabilities across its hardware and software products. It highlights critical vulnerabilities that have been actively exploited and others that may pose significant risks. The text is crucial for security professionals who need to stay informed about vulnerabilities to mitigate risks effectively.
Detailed Description:
The October Patch Tuesday from Microsoft has unveiled an extensive array of vulnerabilities needing immediate attention from security professionals. With fixes for 117 CVEs—the highest since July—this release signifies critical updates for organizations relying on Microsoft products.
Key Points:
– **Actively Exploited Vulnerabilities:**
– **CVE-2024-43572**: A remote code execution vulnerability in the Microsoft Management Console. It enables potential attackers to execute arbitrary code on targeted machines. The security update restricts untrusted Microsoft Saved Console (MSC) files from being opened to prevent exploitation.
– **CVE-2024-43573**: This platform spoofing vulnerability in Windows MSHTML allows unauthorized access by impersonating a trusted source.
– **Other Critical Vulnerabilities:**
– **CVE-2024-43468**: The most severe this month, with a CVSS score of 9.8. It affects Microsoft Configuration Manager, enabling attackers to execute commands on targeted servers or databases.
– **CVE-2024-43488**: Located within the Visual Studio Code extension for Arduino, it could allow remote code execution due to a lack of authentication.
– **CVE-2024-43582**: A vulnerability in the Windows Remote Desktop Protocol server, allowing attackers to execute code with the same permissions as an RPC service.
– **Additional Information for Mitigation:**
– The company advises users to enable Microsoft’s Input Method Editor (IME) on devices to prevent third-party IMEs from being exploited.
– Several “important” vulnerabilities have also been noted, which may be more likely to be exploited, emphasizing the need for vigilance.
– **Response and Monitoring Tools:**
– Cisco Talos has launched a new Snort rule set designed to detect attempted exploits of some disclosed vulnerabilities, with updates promised in the future to keep organizations protected.
Overall, this release serves as a critical reminder for organizations to ensure their systems are regularly updated and monitored to protect against these types of vulnerabilities. Hence, security and compliance professionals should take immediate action to address these flaws and maintain robust security postures within their infrastructures.