Microsoft’s latest October Patch Tuesday addresses five zero-day vulnerabilities, two of which have been flagged by the Cybersecurity & Infrastructure Security Agency (CISA) due to active exploitation. These vulnerabilities pose significant risks, particularly for organizations that have not yet updated their systems. Let’s explore the critical vulnerabilities in this update and the importance of timely patching.
Highlighted Vulnerabilities in October 2024 Patch Tuesday:
1. CVE-2024-43572 (CVSS score: 7.8) – Microsoft Windows Management Console Remote Code Execution (RCE) Vulnerability
This vulnerability affects the Windows Management Console and can lead to remote code execution (RCE) if a user opens a maliciously crafted Microsoft Saved Console (MSC) file. The security update now blocks untrusted MSC files by default, helping to mitigate the risk of exploitation.
2. CVE-2024-43573 (CVSS score: 6.5) – Microsoft Windows MSHTML Platform Spoofing Vulnerability
Despite the retirement of Internet Explorer 11 and Microsoft Edge Legacy, the MSHTML platform still remains an active target. This vulnerability suggests that the previous patch (CVE-2024-43461) may have been insufficient. The Advanced Persistent Threat (APT) group “Void Banshee” has been known to exploit this flaw by using HTML Application (HTA) files disguised as PDFs, allowing them to bypass security measures via Internet Explorer download prompts.
Additional Zero-Day Vulnerabilities Addressed:
3. CVE-2024-6197 (CVSS score: 8.8) – Curl Remote Code Execution (RCE) Vulnerability
A critical flaw in libcurl allows for memory corruption when processing UTF-8 strings, potentially leading to remote code execution. While system crashes are the most likely outcome, under certain conditions, attackers could exploit this vulnerability to cause more severe damage.
4. CVE-2024-20659 (CVSS score: 7.1) – Windows Hyper-V Security Bypass Vulnerability
This vulnerability allows attackers to bypass Unified Extensible Firmware Interface (UEFI) protections on certain hardware. Successful exploitation could lead to a compromise of the hypervisor and secure kernel, although this requires a system reboot to take effect.
5. CVE-2024-43583 (CVSS score: 7.8) – Winlogon Elevation of Privilege (EoP) Vulnerability
This vulnerability could grant SYSTEM privileges to attackers by exploiting the Windows Input Method Editor (IME) feature. To mitigate the risk, administrators should ensure that a Microsoft first-party IME is enabled, particularly in environments using languages not supported by standard keyboards.
CISA’s Addition to the Known Exploited Vulnerabilities Catalog
CISA has added two of these vulnerabilities (CVE-2024-43572 and CVE-2024-43573) to its Known Exploited Vulnerabilities Catalog, emphasizing the risks posed by these attack vectors. In conjunction with Binding Operational Directive (BOD) 22-01, CISA urges federal agencies and private organizations alike to prioritize the remediation of these vulnerabilities to protect against ongoing threats.
Take Action: Protect Your Systems Now
With threat actors already exploiting these vulnerabilities, it’s crucial for organizations to prioritize patching and vulnerability management. Failing to address these risks in a timely manner could leave systems exposed to remote code execution, privilege escalation, or other severe attacks.
Ensure your systems are up to date by applying Microsoft’s October patches, and consult CISA’s Known Exploited Vulnerabilities Catalog for additional guidance.