Source URL: https://www.theregister.com/2024/10/08/patch_tuesday_october_2024/
Source: The Register
Title: Microsoft issues 117 patches – some for flaws already under attack
Feedly Summary: Plus: SAP re-patches a failed patch for critical-rated flaw
Patch Tuesday It’s the second Tuesday of the month, which means Patch Tuesday, bringing with it fixes for numerous flaws, bugs and vulnerabilities in major software. And this one is a doozy.…
AI Summary and Description: Yes
Summary: The text discusses Microsoft’s Patch Tuesday updates, highlighting numerous vulnerabilities and patches including critical remote code execution flaws and a spoofing vulnerability within major Microsoft products. It also covers related patches from Adobe and SAP addressing various issues, indicating ongoing security challenges across widely used software.
Detailed Description:
This text provides a comprehensive overview of the vulnerabilities addressed during Microsoft’s monthly Patch Tuesday, along with other noteworthy updates from software developers such as Adobe and SAP. Key takeaways include:
– **Microsoft Patches**:
– **117 patches delivered**, with two vulnerabilities actively exploited (CVE-2024-43572 and CVE-2024-43573).
– **CVE-2024-43572**: A critical remote code execution flaw in Microsoft Management Console rated at **7.8**. It could allow an attacker to run code via malicious Microsoft Saved Console (MSC) files. Patches are essential as this affects Windows Server versions 2008 through 2022 and Windows 10/11.
– **CVE-2024-43573**: A **6.5-rated spoofing flaw** in MSHTML spanning multiple Windows Server versions and Windows 10. This showcases the legacy impact of older technologies still residing in modern systems.
– Several high-risk vulnerabilities were mentioned, such as:
– **CVE-2024-6197** and **CVE-2024-43583**, both rated **8.8** for remote code execution and elevation of privileges, respectively.
– **CVE-2024-43468**: A **9.8-rated** flaw in Microsoft Configuration Manager, allowing remote SQL execution.
– **CVE-2024-38124**: A **9.0-rated** flaw in Netlogon granting unauthorized access to admin credentials.
– **Adobe and SAP Updates**:
– Adobe addressed **52 CVEs** this month, all prioritizing low risk with no active exploitation noted.
– SAP issued patches for a dozen issues, including fixes for previously released patches, notably a **9.8-rated bug** in BusinessObjects that had to be addressed again.
For security professionals, these updates emphasize the ongoing need for timely and proactive patch management to mitigate risks associated with high and critical vulnerabilities, reinforcing the importance of a structured approach to software security and compliance within enterprise environments. Keeping systems current is vital in defending against exploitation, particularly for legacy systems that could be more susceptible to attacks.