Microsoft has rolled out its October 2024 Patch Tuesday release that contains fixes for over a hundred security vulnerabilities, including two flaws actively exploited by threat actors.
Actively exploited zero-day vulnerabilities include:
-
CVE-2024-43572 - Microsoft Management Console (MMC) Remote Code Execution Vulnerability. This critical flaw allows attackers to use specially crafted Microsoft Saved Console (MSC) files to achieve remote code execution (RCE) on targeted systems. Attackers could potentially exploit this vulnerability to execute malicious code remotely. Microsoft has addressed the issue by blocking untrusted MSC files from being opened, preventing them from being used in RCE attacks.
-
CVE-2024-43573 - Windows MSHTML Platform Spoofing Vulnerability. The flaw affects the MSHTML platform, a core component previously used in Internet Explorer and Legacy Microsoft Edge. While Microsoft has yet to release detailed information about the exploit, the vulnerability involves spoofing attacks using MSHTML components, which are still present in modern Windows systems.
In addition, the vendor has fixed several flaws that were previously publicly disclosed, but have not yet been seen in active attacks.
-
CVE-2024-6197 - Open Source Curl Remote Code Execution Vulnerability. This vulnerability targets the popular libcurl library, widely used for transferring data using various protocols. A flaw in the library allows remote code execution when Curl attempts to connect to a malicious server.
-
CVE-2024-20659 - Windows Hyper-V Security Feature Bypass Vulnerability. A UEFI bypass vulnerability that could allow attackers to compromise the Hyper-V hypervisor and potentially gain control over the host machine’s kernel.
-
CVE-2024-43583 - Winlogon Elevation of Privilege Vulnerability. This vulnerability allows for local privilege escalation, where an attacker could gain SYSTEM-level privileges by exploiting a flaw in the Windows logon process (Winlogon).
Microsoft’s October 2024 Patch Tuesday also addresses a slew of high-risk vulnerabilities in various software products, including Microsoft RRAS, Microsoft .NET and Visual Studio, Microsoft WDAC OLE DB provider for SQL Server, Microsoft Configuration Manager, Office and Excel, Microsoft RDPS, Microsoft ActiveX Data Objects, Microsoft DeepSpeed, and Microsoft Office Visio.
Of note, US IT software company Ivanti has patched three actively exploited vulnerabilities affecting Cloud Services Appliance (CSA). Tracked as CVE-2024-9379, CVE-2024-9380, and CVE-2024-9381 the zero-days can be exploited to execute arbitrary SQL commands, OS commands, or compromise the affected system via a specially crafted HTTP request.
“We are aware of a limited number of customers running CSA 4.6 patch 518 and prior who have been exploited when CVE-2024-9379, CVE-2024-9380 or CVE-2024-9381 are chained with CVE-2024-8963,” Ivanti said in a blog post, adding that it has no evidence that any other flaws being exploited in the wild.