Table of Contents
On October 8, 2024, Microsoft addressed 118 vulnerabilities in its October 2024 Patch Tuesday update, including five zero-day vulnerabilities. This Patch Tuesday also fixes three critical vulnerabilities.
Microsoft October 2024 Patch Tuesday Update
Microsoft October 2024 Patch Tuesday Update Review
History: 09/10/2024 --- v1.0 -- Initial publication
Summary
On October 8, 2024, Microsoft addressed 118 vulnerabilities in its October 2024 Patch Tuesday update, including five zero-day vulnerabilities. This Patch Tuesday also fixes three critical vulnerabilities [1], [2].
Technical Details
We highlight here the zero-day vulnerabilities, but it is highly recommended to deploy Microsoft patches for all 118 vulnerabilities identified.
- The vulnerability CVE-2024-43573, with a CVSS score 6.5, could be a bypass of a previous vulnerability that abused MSHTML to spoof file extensions in alerts displayed when opening files [3].
- The vulnerability CVE-2024-43572, with a CVSS score 7.8, is a vulnerability that could allow malicious Microsoft Saved Console (MSC) files to perform remote code execution on vulnerable devices [4].
- The vulnerability CVE-2024-6197, with a CVSS score 8.8, is a libcurl remote code execution flaw that could cause commands to be executed when Curl attempts to connect to a malicious server [5].
- The vulnerability CVE-2024-20659, with a CVSS score 7.1, is a UEFI bypass that could allow attackers to compromise the hypervisor and kernel [6].
- The vulnerability CVE-2024-43583, with a CVSS score 7.1, is an elevation of privileges flaw that could give attackers SYSTEM privileges in Windows [7].
Affected Products
Detailed information about each vulnerability and affected systems can be found in Microsoft's security bulletins [1].
Recommendations
It is recommended applying updates to the affected devices as soon as possible, prioritising Internet facing devices, and critical servers.
References
- [1] Microsoft's Security Release Note
- [2] Bleeping Computer's Patch Tuesday Coverage
- [3] Vulnerability CVE-2024-43573 Detail
- [4] Vulnerability CVE-2024-43572 Detail
- [5] Vulnerability CVE-2024-6197 Detail
- [6] Vulnerability CVE-2024-20659 Detail
- [7] Vulnerability CVE-2024-43583 Detail
MITRE ATT&CK Matrix Analysis for October 2024 Microsoft Vulnerabilities
MITRE ATT&CK Matrix Analysis
Based on the Microsoft security advisory for October 2024.
| Technique/Mitigation | Enterprise Layer | Mobile Layer | ICS Layer |
|---|---|---|---|
| T1566 - Phishing: Spearphishing Attachment | CVE-2024-43573 (MSHTML Spoof) | N/A | N/A |
| T1204 - User Execution | CVE-2024-43572 (MSC File RCE) | N/A | N/A |
| T1105 - Ingress Tool Transfer | CVE-2024-6197 (libcurl RCE) | N/A | N/A |
| T1542 - Subvert Trust Controls: Sub-technique T1542.002 - Bypass User Access Control | CVE-2024-20659 (UEFI Bypass) | N/A | N/A |
| T1548 - Abuse Elevation Control Mechanism: Sub-technique T1548.003 - Sudo and Sudo Caching | CVE-2024-43583 (Privilege Elevation) | N/A | N/A |
Attacker Groups:
While the advisory does not specify attacker groups, entities that exploit zero-day vulnerabilities may include:
- Advanced Persistent Threats (APTs)
- Cyber Criminal Groups
- Nation-State Affiliated Hackers
Mitigation Techniques:
To mitigate these vulnerabilities, the following strategies should be applied:
- Update and patch all affected Microsoft products promptly.
- Enable automatic updates where feasible.
- Prioritize patching of internet-facing devices and critical servers.
- Consider additional endpoint protection and monitoring for signs of compromise.
This post was generated entirely by an AI language model. Source: CERT EU
