VERT Threat Alert: October 2024 Patch Tuesday Analysis

Posted on October 8, 2024
Tripwire VERT Security Update

Today’s VERT Alert addresses Microsoft’s October 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1127 as soon as coverage is completed.

 

In-The-Wild & Disclosed CVEs

CVE-2024-43573

A vulnerability in the Windows MSHTML Platform has seen active exploitation attacks against a spoofing vulnerability. Based on the CWE that Microsoft selected for this vulnerability, the risk comes from a Cross-Site Scripting (XSS) attack. Microsoft has reported this vulnerability as Exploitation Detected.

CVE-2024-43572

A vulnerability in the Microsoft Management Console allows for code execution. While Microsoft has called this remote code execution, it is important to note that this is not a remote vulnerability. When an untrusted Microsoft Saved Console (MSC) file is opened, code execution can occur, which means that for this attack to occur remotely, an attacker must convince a user to download and open an MSC file. Microsoft has reported this vulnerability as Exploitation Detected.

CVE-2024-43583

A vulnerability within Winlogon could allow an attacker to gain SYSTEM privileges when using a third-party (3P) Input Method Editor (IME) to log into the system. On top of releasing an update, Microsoft has indicated that further actions must be taken to be protected from this vulnerability. Specifically, Microsoft has released a KB Article helping users enable a Microsoft first-party IME to mitigate against potential 3P IME vulnerabilities. Microsoft has reported this vulnerability as Exploitation More Likely.

CVE-2024-6197

vulnerability exists in curl when processing a specially crafted TLS certificate. The vulnerability was introduced in curl 8.6.0 and fixed in 8.9.0. A user would need to connect to a server with a malicious TLS certificate in order for the vulnerability to be exploited. Microsoft has reported this vulnerability as Exploitation Less Likely.

CVE-2024-20659

A vulnerability in Hyper-V could allow for a security feature bypass but requires a number of factors to line up, which is why Microsoft has indicated that the Attack Complexity is high in the CVSS scoring. An attacker would have to convince the victim to reboot their system, the system would need to be running specific hardware allowing for a UEFI bypass, and the attacker must be on the same physical or logical network (indicated by the CVSS scoring element Attack Vector being set to Adjacent). Microsoft has reported this vulnerability as Exploitation Less Likely.

 

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis. Vulnerabilities are also color coded to aid with identifying key issues.

  • Traditional Software
  • Mobile Software
  • Cloud or Cloud Adjacent
  • Vulnerabilities that are being exploited or that have been disclosed will be highlighted
TagCVE CountCVEs
Azure Monitor1CVE-2024-38097
Windows Secure Kernel Mode2CVE-2024-43516, CVE-2024-43528
Azure Stack1CVE-2024-38179
Windows Routing and Remote Access Service (RRAS)12CVE-2024-38261, CVE-2024-43608, CVE-2024-43607, CVE-2024-38265, CVE-2024-43453, CVE-2024-38212, CVE-2024-43549, CVE-2024-43564, CVE-2024-43589, CVE-2024-43592, CVE-2024-43593, CVE-2024-43611
Service Fabric1CVE-2024-43480
Power BI2CVE-2024-43481, CVE-2024-43612
.NET and Visual Studio2CVE-2024-38229, CVE-2024-43485
Windows Kernel6CVE-2024-43502, CVE-2024-43527, CVE-2024-37979, CVE-2024-43511, CVE-2024-43520, CVE-2024-43570
Microsoft Office SharePoint1CVE-2024-43503
Microsoft Office Excel1CVE-2024-43504
Microsoft Office Visio1CVE-2024-43505
BranchCache2CVE-2024-43506, CVE-2024-38149
Microsoft Graphics Component4CVE-2024-43508, CVE-2024-43534, CVE-2024-43509, CVE-2024-43556
Windows BitLocker1CVE-2024-43513
Internet Small Computer Systems Interface (iSCSI)1CVE-2024-43515
Windows Telephony Server1CVE-2024-43518
Microsoft WDAC OLE DB provider for SQL1CVE-2024-43519
Windows Mobile Broadband15CVE-2024-43525, CVE-2024-43526, CVE-2024-43537, CVE-2024-43538, CVE-2024-43540, CVE-2024-43542, CVE-2024-43543, CVE-2024-43523, CVE-2024-43524, CVE-2024-43536, CVE-2024-43555, CVE-2024-43557, CVE-2024-43558, CVE-2024-43559, CVE-2024-43561
Windows Print Spooler Components1CVE-2024-43529
RPC Endpoint Mapper Service1CVE-2024-43532
Remote Desktop Client2CVE-2024-43533, CVE-2024-43599
Windows Kernel-Mode Drivers2CVE-2024-43535, CVE-2024-43554
Microsoft Simple Certificate Enrollment Protocol2CVE-2024-43541, CVE-2024-43544
Windows MSHTML Platform1CVE-2024-43573
Microsoft Office3CVE-2024-43576, CVE-2024-43609, CVE-2024-43616
OpenSSH for Windows3CVE-2024-43581, CVE-2024-43615, CVE-2024-38029
Windows cURL Implementation1CVE-2024-6197
Visual Studio Code2CVE-2024-43601, CVE-2024-43488
Outlook for Android1CVE-2024-43604
Windows Resilient File System (ReFS)1CVE-2024-43500
Microsoft Edge (Chromium-based)3CVE-2024-7025, CVE-2024-9369, CVE-2024-9370
Role: Windows Hyper-V4CVE-2024-20659, CVE-2024-43521, CVE-2024-43567, CVE-2024-43575
Windows EFI Partition3CVE-2024-37976, CVE-2024-37982, CVE-2024-37983
Windows Kerberos2CVE-2024-38129, CVE-2024-43547
Windows Netlogon1CVE-2024-38124
Windows Remote Desktop Licensing Service1CVE-2024-38262
Windows Hyper-V1CVE-2024-30092
Windows Remote Desktop Services1CVE-2024-43456
.NET, .NET Framework, Visual Studio2CVE-2024-43483, CVE-2024-43484
DeepSpeed1CVE-2024-43497
Microsoft Configuration Manager1CVE-2024-43468
Windows Common Log File System Driver1CVE-2024-43501
Windows Standards-Based Storage Management Service1CVE-2024-43512
Windows NTFS1CVE-2024-43514
Microsoft ActiveX1CVE-2024-43517
Windows Local Security Authority (LSA)1CVE-2024-43522
Windows Online Certificate Status Protocol (OCSP)1CVE-2024-43545
Windows Cryptographic Services1CVE-2024-43546
Windows Secure Channel1CVE-2024-43550
Windows Storage1CVE-2024-43551
Windows Shell1CVE-2024-43552
Windows NT OS Kernel1CVE-2024-43553
Windows Storage Port Driver1CVE-2024-43560
Windows Network Address Translation (NAT)2CVE-2024-43562, CVE-2024-43565
Windows Ancillary Function Driver for WinSock1CVE-2024-43563
Sudo for Windows1CVE-2024-43571
Microsoft Management Console1CVE-2024-43572
Microsoft Windows Speech1CVE-2024-43574
Windows Remote Desktop1CVE-2024-43582
Windows Scripting1CVE-2024-43584
Code Integrity Guard1CVE-2024-43585
Visual C++ Redistributable Installer1CVE-2024-43590
Azure CLI1CVE-2024-43591
Visual Studio1CVE-2024-43603
Winlogon1CVE-2024-43583
Microsoft Defender for Endpoint1CVE-2024-43614
Mariner44CVE-2022-32149, CVE-2024-6104, CVE-2019-3833, CVE-2022-40898, CVE-2017-18207, CVE-2019-20907, CVE-2017-17522, CVE-2019-9674, CVE-2024-8096, CVE-2024-2398, CVE-2024-2466, CVE-2024-34062, CVE-2024-37535, CVE-2019-3816, CVE-2023-1393, CVE-2023-52447, CVE-2024-6874, CVE-2007-4559, CVE-2024-42154, CVE-2023-45288, CVE-2024-2379, CVE-2024-2004, CVE-2021-23336, CVE-2024-32020, CVE-2024-32465, CVE-2024-32021, CVE-2021-20286, CVE-2023-29402, CVE-2023-31084, CVE-2022-41722, CVE-2024-31080, CVE-2022-3116, CVE-2024-26953, CVE-2024-28180, CVE-2022-41717, CVE-2024-27397, CVE-2024-4032, CVE-2024-26458, CVE-2024-31081, CVE-2024-31082, CVE-2024-31083, CVE-2023-29404, CVE-2022-29526, CVE-2024-24806

Other Information

At the time of publication, there were no new advisories included with the October Security Guidance. 

Meet Fortra™ Your Cybersecurity Ally™

Fortra is creating a simpler, stronger, and more straightforward future for cybersecurity by offering a portfolio of integrated and scalable solutions. Learn more about how Fortra’s portfolio of solutions can benefit your business.

LEARN MORE
Related Products
Tripwire IP360
Related Solutions
Vulnerability & Risk Management VERT Research