Service Notices
Microsoft Releases October 2024 Security Updates
Oct 11, 2024 GMT+08:00
I. Overview
Microsoft has released its October 2024 Security Updates. A total of 117 security vulnerabilities have been disclosed, among which 3 are marked as important vulnerabilities. Attackers can exploit these vulnerabilities to implement remote code execution, privilege escalation, and security feature bypass. The affected applications include Microsoft Windows, Microsoft Office, Microsoft Visual Studio and .NET.
For details, visit the Microsoft official website:
https://msrc.microsoft.com/update-guide/releaseNote/2024-Oct
The following vulnerabilities require close scrutiny as their details have been disclosed or they have already been exploited by attackers:
Microsoft Management Console Remote Code Execution Vulnerability (CVE-2024-43572): 0-day vulnerability. An attacker can exploit this vulnerability by inducing a victim to download and open a specially crafted file from a website. Successful exploitation of this vulnerability allows the attacker to execute arbitrary code on the target host. This vulnerability has been exploited in the wild, and the risk is high.
Windows MSHTML Platform Spoofing Vulnerability (CVE-2024-43573): 0-day vulnerability. Unauthenticated remote attackers can exploit this vulnerability by persuading potential victims to open malicious files. Successful exploitation of this vulnerability allows remote attackers to execute cross-site scripting (XSS) attacks. This vulnerability has been exploited in the wild, and the risk is high.
Windows Hyper-V Security Feature Bypass Vulnerability (CVE-2024-20659): Successful exploitation of this vulnerability allows attackers to bypass the Unified Extensible Firmware Interface (UEFI) of VMs within the host machine, compromising both the hypervisor and security kernel. The vulnerability has been disclosed, and the risk is high.
Winlogon Elevation of Privilege Vulnerability (CVE-2024-43583): An authenticated local attacker can exploit this vulnerability to gain SYSTEM privileges. The vulnerability has been disclosed, and the risk is high.
8 vulnerabilities (such as CVE-2024-43583, CVE-2024-43560, and CVE-2024-43556) are marked as Exploitation More Likely. For details, see the official announcement. Please perform security self-check and security hardening in a timely manner to reduce attack risks.
II. Severity
Severity: important
(Severity: low, moderate, important, and critical)
III. Affected Products
Microsoft Windows, Microsoft Office, Visual Studio, and .NET.
IV. Vulnerability Details
|
CVE ID |
Vulnerability |
Severity |
Description |
|
CVE-2024-43468 |
Microsoft Configuration Manager Remote Code Execution Vulnerability |
Important |
An unauthenticated attacker can trigger the vulnerability by sending a specially crafted request to the target host. An attacker who successfully exploited the vulnerability could execute remote code on the target server. |
|
CVE-2024-43488 |
Visual Studio Code extension for Arduino Remote Code Execution Vulnerability |
Important |
This vulnerability arises from missing authentication for critical functions in the Arduino Visual Studio Code extension. Unauthenticated attackers can exploit this vulnerability to execute remote code via network attack vectors. |
|
CVE-2024-43582 |
Remote Desktop Protocol Server Remote Code Execution Vulnerability |
Important |
An unauthenticated attacker can exploit this vulnerability by sending specially crafted packets to the target server. Successful exploitation could lead to arbitrary remote code execution on the target server. |
(Note: Vulnerabilities listed above are important ones. For more information, refer to the official website of Microsoft.)
V. Security Recommendations
1. Use Windows Update or download patches from the following address to fix the vulnerabilities:
https://msrc.microsoft.com/update-guide
2. Back up data remotely to protect your data.
Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.