Skip to content

2024-106: Multiple Critical Vulnerabilities in Microsoft Products

Table of Contents

On October 8, 2024, Microsoft addressed 118 vulnerabilities in its October 2024 Patch Tuesday update, including five zero-day vulnerabilities. This Patch Tuesday also fixes three critical vulnerabilities.


Microsoft October 2024 Patch Tuesday Update

Microsoft October 2024 Patch Tuesday Update Review

History: 09/10/2024 --- v1.0 -- Initial publication

Summary

On October 8, 2024, Microsoft addressed 118 vulnerabilities in its October 2024 Patch Tuesday update, including five zero-day vulnerabilities. This Patch Tuesday also fixes three critical vulnerabilities [1], [2].

Technical Details

We highlight here the zero-day vulnerabilities, but it is highly recommended to deploy Microsoft patches for all 118 vulnerabilities identified.

  • The vulnerability CVE-2024-43573, with a CVSS score 6.5, could be a bypass of a previous vulnerability that abused MSHTML to spoof file extensions in alerts displayed when opening files [3].
  • The vulnerability CVE-2024-43572, with a CVSS score 7.8, is a vulnerability that could allow malicious Microsoft Saved Console (MSC) files to perform remote code execution on vulnerable devices [4].
  • The vulnerability CVE-2024-6197, with a CVSS score 8.8, is a libcurl remote code execution flaw that could cause commands to be executed when Curl attempts to connect to a malicious server [5].
  • The vulnerability CVE-2024-20659, with a CVSS score 7.1, is a UEFI bypass that could allow attackers to compromise the hypervisor and kernel [6].
  • The vulnerability CVE-2024-43583, with a CVSS score 7.1, is an elevation of privileges flaw that could give attackers SYSTEM privileges in Windows [7].

Affected Products

Detailed information about each vulnerability and affected systems can be found in Microsoft's security bulletins [1].

Recommendations

It is recommended applying updates to the affected devices as soon as possible, prioritising Internet facing devices, and critical servers.

References


MITRE ATT&CK Matrix Analysis for October 2024 Microsoft Vulnerabilities

MITRE ATT&CK Matrix Analysis

Based on the Microsoft security advisory for October 2024.

Technique/Mitigation Enterprise Layer Mobile Layer ICS Layer
T1566 - Phishing: Spearphishing Attachment CVE-2024-43573 (MSHTML Spoof) N/A N/A
T1204 - User Execution CVE-2024-43572 (MSC File RCE) N/A N/A
T1105 - Ingress Tool Transfer CVE-2024-6197 (libcurl RCE) N/A N/A
T1542 - Subvert Trust Controls: Sub-technique T1542.002 - Bypass User Access Control CVE-2024-20659 (UEFI Bypass) N/A N/A
T1548 - Abuse Elevation Control Mechanism: Sub-technique T1548.003 - Sudo and Sudo Caching CVE-2024-43583 (Privilege Elevation) N/A N/A

Attacker Groups:

While the advisory does not specify attacker groups, entities that exploit zero-day vulnerabilities may include:

  • Advanced Persistent Threats (APTs)
  • Cyber Criminal Groups
  • Nation-State Affiliated Hackers

Mitigation Techniques:

To mitigate these vulnerabilities, the following strategies should be applied:

  • Update and patch all affected Microsoft products promptly.
  • Enable automatic updates where feasible.
  • Prioritize patching of internet-facing devices and critical servers.
  • Consider additional endpoint protection and monitoring for signs of compromise.

This post was generated entirely by an AI language model. Source: CERT EU

Latest