Summarizing from https://msrc.microsoft.com/update-guide/releaseNote/2024-Oct.
Key Takeways#
177newly disclosed vulnerabilities and4non-Microsoft CVEs released in Oct 2024.- Highest CVSS Based Score is 9.8 (CVE-2024-43468).
- Other 2 critical vulnerabilities include CVE-2024-43488 and CVE-2024-43582.
4zero-day flaws with 2 are actively exploited.- CVE-2024-43572 [CISA_KEV]
- CVE-2024-43573 [CISA_KEV]
- CVE-2024-20659
- CVE-2024-43583
- Total of
2CVEs found in CISA_KEV and exploited in wild. - Total of
120CVEs that require customer action. (New metric starting in Aug 2024) 43remote code execution vulnerabilities (RCE).
Video is added later since it only been released on Oct 10.
Patch_Tuesday#
$ patch_tuesday -k 2024-oct -vc
_____ _ _ _____ _
| _ |___| |_ ___| |_ |_ _|_ _ ___ ___ _| |___ _ _
| __| .'| _| _| | | | | | | -_|_ -| . | .'| | |
|__| |__,|_| |___|_|_| |_| |___|___|___|___|__,|_ |
|___|
[*] Finish fetching [2,146,701 bytes] from https://api.msrc.microsoft.com/cvrf/v3.0/cvrf/2024-oct
[*] CISA Catalog of Known Exploited Vulnerabilities [ 2024.10.08/1190 ]
Microsoft Patch Tuesday - By MSRC
===============================================
<< October 2024 Security Updates [ 2024-10-08 ] >>
[+] Vulnerabilities : [ 122 ]
[-] High_Severity : [ 23 ]
[-] High_likelihood : [ 9 ]
[-] Exploited in_wild : [ 2 ]
[-] Action_required : [ 120 ]
[-] Found in CISA_KEV : [ 2 ]
High_Severity/23
โโโโโโโโโโโโโโโโโโณโโโโโโโโโโโโโโโโโณโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ CVE โ CVSS_Base/Temp โ Title_Value โ
โกโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฉ
โ CVE-2024-38179 โ B:8.8/T:7.7 โ Azure Stack Hyperconverged Infrastructure (HCI) Elevation of Privilege Vulnerability โ
โ CVE-2024-43518 โ B:8.8/T:7.7 โ Windows Telephony Server Remote Code Execution Vulnerability โ
โ CVE-2024-43519 โ B:8.8/T:7.7 โ Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability โ
โ CVE-2024-43532 โ B:8.8/T:7.7 โ Remote Registry Service Elevation of Privilege Vulnerability โ
โ CVE-2024-43533 โ B:8.8/T:7.7 โ Remote Desktop Client Remote Code Execution Vulnerability โ
โ CVE-2024-6197 โ B:8.8/T:7.7 โ Open Source Curl Remote Code Execution Vulnerability โ
โ CVE-2024-43608 โ B:8.8/T:7.7 โ Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability โ
โ CVE-2024-43607 โ B:8.8/T:7.7 โ Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability โ
โ CVE-2024-38124 โ B:9.0/T:7.8 โ Windows Netlogon Elevation of Privilege Vulnerability โ
โ CVE-2024-38265 โ B:8.8/T:7.7 โ Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability โ
โ CVE-2024-43453 โ B:8.8/T:7.7 โ Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability โ
โ CVE-2024-38212 โ B:8.8/T:7.7 โ Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability โ
โ CVE-2024-43468 โ B:9.8/T:8.5 โ Microsoft Configuration Manager Remote Code Execution Vulnerability โ
โ CVE-2024-43517 โ B:8.8/T:7.7 โ Microsoft ActiveX Data Objects Remote Code Execution Vulnerability โ
โ CVE-2024-43549 โ B:8.8/T:7.7 โ Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability โ
โ CVE-2024-43564 โ B:8.8/T:7.7 โ Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability โ
โ CVE-2024-43589 โ B:8.8/T:8.1 โ Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability โ
โ CVE-2024-43591 โ B:8.7/T:7.6 โ Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability โ
โ CVE-2024-43592 โ B:8.8/T:7.7 โ Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability โ
โ CVE-2024-43593 โ B:8.8/T:7.7 โ Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability โ
โ CVE-2024-43599 โ B:8.8/T:7.7 โ Remote Desktop Client Remote Code Execution Vulnerability โ
โ CVE-2024-43611 โ B:8.8/T:7.7 โ Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability โ
โ CVE-2024-43488 โ B:8.8/T:7.7 โ Visual Studio Code extension for Arduino Remote Code Execution Vulnerability โ
โโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
High_Likelihood/9
โโโโโโโโโโโโโโโโโโณโโโโโโโโโโโโโโโโโณโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ CVE โ CVSS_Base/Temp โ Title_Value โ
โกโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฉ
โ CVE-2024-43502 โ B:7.1/T:6.2 โ Windows Kernel Elevation of Privilege Vulnerability โ
โ CVE-2024-43581 โ B:7.1/T:6.2 โ Microsoft OpenSSH for Windows Remote Code Execution Vulnerability โ
โ CVE-2024-43609 โ B:6.5/T:5.7 โ Microsoft Office Spoofing Vulnerability โ
โ CVE-2024-43615 โ B:7.1/T:6.2 โ Microsoft OpenSSH for Windows Remote Code Execution Vulnerability โ
โ CVE-2024-43509 โ B:7.8/T:6.8 โ Windows Graphics Component Elevation of Privilege Vulnerability โ
โ CVE-2024-43556 โ B:7.8/T:6.8 โ Windows Graphics Component Elevation of Privilege Vulnerability โ
โ CVE-2024-43560 โ B:7.8/T:6.8 โ Microsoft Windows Storage Port Driver Elevation of Privilege Vulnerability โ
โ CVE-2024-43583 โ B:7.8/T:6.8 โ Winlogon Elevation of Privilege Vulnerability โ
โ CVE-2024-43610 โ B:0.0/T:0.0 โ Copilot Studio Information Disclosure Vulnerability โ
โโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
Exploited_in_Wild/2
โโโโโโโโโโโโโโโโโโณโโโโโโโโโโโโโโโโโโณโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ CVE โ CVSS_Base/Temp โ Title_Value โ
โกโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฉ
โ CVE-2024-43573 โ B:6.5/T:6.0 [K] โ Windows MSHTML Platform Spoofing Vulnerability โ
โ CVE-2024-43572 โ B:7.8/T:7.2 [K] โ Microsoft Management Console Remote Code Execution Vulnerability โ
โโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
[+] Product Families (10)
Developer Tools โโโโโโโโโโโโโโโโโโโโโโโโโโโ 89
Windows โโโโโโโโโ 28
Microsoft Office โโโโโ 15
ESU โโโ 10
Azure โโ 8
Mariner โโ 6
System Center โ 4
SQL Server โ 1
Apps โ 1
Browser โ 1
[*] "October 2024 Security Updates" (Rev 118)
[-] Initial Release date: 2024-10-08T07:00:00
[-] Current Release date: 2024-10-08T07:00:00
[*] [2024-10-09] main(): Completed within [7.2541 sec].
Outro#
- Tool: Patch_Tuesday at GitHub.
- Tool: CISA KEV Catalog at GitHub.