Microsoft Monthly Security Update (October 2024)

Last Update Date: 23 Oct 2024 Release Date: 9 Oct 2024 4101 Views

RISK: High Risk

High Risk

TYPE: Operating Systems - Windows OS

TYPE: Windows OS

[Updated on 2024-10-23]

Updated Description, Related Links.

Proof of Concept exploit code Is publicly available for CVE-2024-43532.

 

Microsoft has released monthly security update for their products:

 

Vulnerable ProductRisk LevelImpactsNotes
AzureMedium Risk Medium RiskElevation of Privilege
Remote Code Execution		 
WindowsHigh Risk High RiskElevation of Privilege
Remote Code Execution
Denial of Service
Information Disclosure
Security Restriction Bypass
Spoofing
Data Manipulation

CVE-2024-43573 is being exploited in the wild. This  is a Windows MSHTML platform spoofing vulnerability, and another serious flaw that stems from the continued use of components of the officially retired Internet Explorer 11.

CVE-2024-43572 is being exploited in the wild. This vulnerability allowed malicious Microsoft Saved Console (MSC) files to perform remote code execution on vulnerable devices.  The attack itself is carried out locally.

Proof of Concept exploit code Is publicly available for CVE-2024-43532 

Extended Security Updates (ESU)High Risk High RiskRemote Code Execution
Denial of Service
Security Restriction Bypass
Elevation of Privilege
Information Disclosure
Spoofing
Data Manipulation

CVE-2024-43573 is being exploited in the wild. This  is a Windows MSHTML platform spoofing vulnerability, and another serious flaw that stems from the continued use of components of the officially retired Internet Explorer 11.

CVE-2024-43572 is being exploited in the wild. This vulnerability allowed malicious Microsoft Saved Console (MSC) files to perform remote code execution on vulnerable devices.  The attack itself is carried out locally.

Proof of Concept exploit code Is publicly available for CVE-2024-43532 

SQL ServerLow Risk Low RiskSpoofing 
Developer ToolsMedium Risk Medium RiskRemote Code Execution
Denial of Service
Elevation of Privilege		 
Microsoft OfficeMedium Risk Medium RiskElevation of Privilege
Remote Code Execution
Spoofing		 
MarinerMedium Risk Medium RiskRemote Code Execution 
AppsMedium Risk Medium RiskElevation of Privilege 
System CenterMedium Risk Medium RiskRemote Code Execution
Spoofing		 

 

Number of 'Extremely High Risk' product(s): 0

Number of 'High Risk' product(s): 2

Number of 'Medium Risk' product(s): 6

Number of 'Low Risk' product(s): 1

Evaluation of overall 'Risk Level': High Risk

Impact

  • Information Disclosure
  • Elevation of Privilege
  • Security Restriction Bypass
  • Spoofing
  • Denial of Service
  • Remote Code Execution
  • Data Manipulation

System / Technologies affected

  • Azure
  • Windows
  • Extended Security Updates (ESU)
  • SQL Server
  • Developer Tools
  • Microsoft Office
  • Mariner
  • Apps
  • System Center

Solutions

Before installation of the software, please visit the vendor web-site for more details.

  •  Apply fixes issued by the vendor.

Vulnerability Identifier

Source

Related Link

Related Tags

MicrosoftExploit In The WildInformation DisclosureElevation of PrivilegeSecurity Restriction BypassSpoofingDenial of ServiceRemote Code ExecutionData ManipulationProof of Concept

Share with

Previous

Microsoft Monthly Security Update (July 2024)

10 Jul 2024 4896 Views

Next

Google Chrome Multiple Vulnerabilities

23 Oct 2024 2940 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY