October 2024 Patch Tuesday Zero Day vulnerabilities

Published: October 16, 2024

Summary:

Microsoft has released its October 2024 patch Tuesday updates, addressing 118 vulnerabilities including 5 zero-day vulnerabilities from which 2 are actively exploited. The products that are affected are Windows 10, 11, Server 2008 SP2, 2008 R2 SP1, 2012, 2012 R2, 2016, 2019, 2022 including server core installations and remote desktop client. Exploitation of these vulnerabilities poses sever risks including denial of service, elevation of privilege, information disclosure, remote code execution, security feature bypass, spoofing and tampering.

Details:

The 5 zero day vulnerabilities are below.

  • CVE-2024-20659 – vulnerability in Windows Hyper-V
  • CVE-2024-43572 – remote code execution vulnerability in Microsoft Management Console MMC (Actively exploited)
  • CVE-2024-43573 – spoofing vulnerability in the Windows MSHTML Platform (Actively exploited)
  • CVE-2024-6197 – remote code execution vulnerability in libcURL’s ASN1 parser
  • CVE-2024-43583 – elevation of privilege vulnerability in the Winlogon component of Windows OS

Recommendations:

  • Immediate patch application:
    Ensure all Microsoft Windows and Servers have October 2024 security patches applied
  • Review and adjust security configurations:
    Harden SSH configurations and restrict access through firewalls and network segmentation.
  • Continuous monitoring and incident response:
    Implement comprehensive monitoring for unusual SSH activity and have an incident response plan in place for potential exploit attempts.

Support:

As always, please let us know if you have any questions or concerns or see unusual activity on your systems that you believe might be associated with this or any other vulnerability. Please send these communications to security.response@utoronto.ca.