Patch Tuesday: October 2024 Overview

Welcome to this month’s Patch Tuesday rundown! Microsoft is back with a hefty batch of updates, addressing 118 vulnerabilities across its platforms, with some scary inclusions just in time for spooky season 🎃 Out of the 118, five of these are zero-day vulnerabilities, with two already being actively exploited in the wild! Microsoft are releasing the fixes under KB5044273. 

What is Patch Tuesday?

Every second Tuesday of the month, Microsoft releases a batch of critical security updates known as Patch Tuesday. These updates are essential for maintaining the security and stability of your systems. The October 2024 Patch Tuesday, released on October 8th 2024, addresses several high-severity vulnerabilities across various Microsoft products. This blog post will guide you through the key updates, the affected products, and what actions you need to take to ensure your systems remain secure.

Key Updates in October 2024

• 118 new vulnerabilities disclosed
• 5 publicly disclosed zero-days, 2 of which are being actively exploited
  
• 3 critical vulnerabilities

Zero Day Vulnerabilities

• CVE-2024-43573  (Actively Exploited) - Windows MSHTML Platform Spoofing Vulnerability
  This vulnerability affects the MSHTML platform, which is used by Internet Explorer and various other applications to render web content in Windows. The flaw allows attackers to craft malicious content that can deceive users by spoofing legitimate websites or applications. Through this, attackers can trick victims into interacting with malicious content or entering sensitive information under the false belief that they are on a trusted site.
  
• CVE-2024-43572 (Actively Exploited) - Microsoft Management Console Remote Code Execution Vulnerability
  This vulnerability affects the Microsoft Management Console (MMC). It allows attackers to execute arbitrary code remotely by exploiting this flaw, potentially leading to full control over the affected system. Successful exploitation requires the victim to open a specially crafted file within MMC, which could enable the attacker to deploy malware or access sensitive information.
  
  
• CVE-2024-43468 - Microsoft Configuration Manager Remote Code Execution Vulnerability
  This vulnerability targets Microsoft Configuration Manager, a tool widely used for managing systems in enterprise environments. By exploiting this flaw, attackers can execute code remotely, compromising the configuration manager server. An attacker could use this vulnerability to disrupt or manipulate software updates and system configurations across a network, putting enterprise environments at significant risk.
  
  
• CVE-2024-43582 - Remote Desktop Protocol Server Remote Code Execution Vulnerability
  This vulnerability impacts Microsoft's Remote Desktop Protocol (RDP) server. It allows remote attackers to execute arbitrary code on a vulnerable RDP server. If successfully exploited, this vulnerability could lead to full system compromise, enabling attackers to access and control systems remotely without proper authentication. RDP vulnerabilities are especially dangerous as they can be exploited in scenarios where remote access is enabled on a wide scale.
  
  
• CVE-2024-43800 - Microsoft Word Information Disclosure Vulnerability
  This zero-day vulnerability affects Microsoft Word and could allow attackers to exploit information disclosure when a user opens a specially crafted Word document. While the flaw doesn't permit direct code execution, it enables attackers to extract sensitive data from the targeted system without the user's knowledge, potentially leading to further attacks.

Critical Vulnerability Summary

• CVE-2024-43468 - Microsoft Configuration Manager Remote Code Execution Vulnerability
  Severity: Critical (CVSS 9.8)
  This vulnerability affects Microsoft Configuration Manager, a widely used tool for managing devices and software across networks. It allows an attacker to remotely execute code on the configuration manager server without user interaction. A successful attack could lead to full system compromise, allowing the attacker to disrupt system configurations, deploy malware, or gain control over a network. Given its criticality and widespread use in enterprises, this flaw poses significant risks to large environments.
  
  
• CVE-2024-43582 - Remote Desktop Protocol (RDP) Server Remote Code Execution Vulnerability
  Severity: Critical (CVSS 8.1)
  This vulnerability impacts Microsoft’s Remote Desktop Protocol (RDP) server, enabling attackers to execute arbitrary code on a vulnerable server remotely. The flaw allows attackers to gain control of the RDP server without authentication, leading to a potential full system compromise. Due to the prevalence of RDP in remote work setups and server management, this vulnerability is particularly dangerous in environments where RDP is widely exposed or used for remote access.
  
  
• CVE-2024-43488 - Visual Studio Code Extension for Arduino Remote Code Execution Vulnerability
  Severity: Critical (CVSS 8.8)
  This vulnerability exists in the Visual Studio Code extension for Arduino. By exploiting it, attackers can execute arbitrary code when a user opens a compromised project within the extension. This could allow an attacker to take over the affected system, potentially leading to further compromise or malware deployment. Since Visual Studio Code is popular among developers, particularly those working on IoT and Arduino projects, the widespread use of this extension heightens the risk associated with this vulnerability.

Actions to Take:

1. Prioritize Critical Patches

Given the critical nature of several vulnerabilities disclosed this month, especially those affecting remote execution on commonly used services, it’s crucial to prioritize patches for the following:

• CVE-2024-43468 (Microsoft Configuration Manager RCE Vulnerability): As this vulnerability has a CVSS score of 9.8 and impacts enterprise-wide systems, ensure that this patch is applied immediately. Delay in patching could result in widespread system compromise.

• CVE-2024-43582 (Remote Desktop Protocol Server RCE Vulnerability): Remote Desktop is a common attack vector, and this vulnerability could allow remote attackers to gain control over systems. Make sure RDP servers are patched and consider disabling RDP on machines where it's not required.

• CVE-2024-43488 (Visual Studio Code Arduino Extension RCE Vulnerability): Developers using this extension should apply the patch immediately. Ensure that developers understand the risks of opening potentially compromised projects.

2. Review and Harden Remote Desktop Protocol (RDP) Environments

The vulnerability in RDP (CVE-2024-43582) highlights the need to secure RDP environments:

• Restrict RDP access to only those who need it.
• Use strong passwords and multi-factor authentication (MFA) for RDP access.
• Consider network-level restrictions such as Virtual Private Networks (VPNs) to further limit RDP access.
• Regularly review and log RDP access to detect any unusual or unauthorized attempts.
  
  

3. Patch All Other High-Severity Vulnerabilities

• Ensure that patches are applied across all systems, especially for vulnerabilities related to Remote Code Execution (RCE), which represent the majority of this month’s disclosed issues (43 out of 118).
• Focus on patches for systems that handle sensitive data or have public-facing components, as these are prime targets for attackers.
  
  

4. Strengthen Security Awareness and Monitoring

• Educate employees and users about phishing and social engineering tactics, particularly for vulnerabilities like the Microsoft Management Console (MMC) vulnerability, which requires users to open malicious files.
• Implement or review intrusion detection systems (IDS) and endpoint monitoring tools to detect and respond quickly to any suspicious activities or exploitation attempts.
  
  

5. Audit and Update Security Configurations

• Use this Patch Tuesday as an opportunity to review your broader security configurations:
  • Check firewall settings, antivirus software, and other security controls.
  • Ensure automatic updates are enabled on all systems where possible, to avoid missing critical patches.
  • For systems where automatic updates are not feasible, develop and execute a regular patching plan.

     

6. Test Patches in Non-Production Environments

• • Before deploying patches to production, particularly in critical environments, test them in non-production environments to ensure they do not introduce new issues or affect system stability.

If you have any questions about patch Tuesday, or any feedback on this blog please
reach out to us: hello@roboshadow.com 

Thanks for reading!