Randy Franklin Smith's Ultimate Windows Security

Upcoming Webinars

Webinar Library

Latest Blogs

How to Detect Pass-the-Hash Attacks Blog Series

Come meet Randy in Orlando at Microsoft Ignite at Quest's Booth #1818

Detecting Pass-the-Hash with Honeypots

Catch Malware Hiding in WMI with Sysmon

For of all sad words of tongue or pen, the saddest are these: 'We weren’t logging’

Experimenting with Windows Security: Controls for Enforcing Policies

Sysmon Event IDs 1, 6, 7 Report All the Binary Code Executing on Your Network

Yet Another Ransomware Can That Can be Immediately Detected with Process Tracking on Workstations

Cracking AD Passwords with NTDSXtract, Dsusers.py and John the Ripper

Cracking local windows passwords with Mimikatz, LSA dump and Hashcat

Top Resources

Security Log

Additional Resources

October, 2024: Patch Tuesday - Five Zero Days!

Welcome to my October Patch Tuesday newsletter. Today Microsoft released updates for 118 CVE's. Since our last Patch Tuesday newsletter last month there are also an additional 28 updates totaling 146 CVE's patched this month. Of these we have 5 that are zero days:

CVE-2024-43572 and CVE-2024-43573 are not only publicly disclosed but have also been detected as being exploited in the wild. CVE-2024-43572 is a remote code execution vulnerability with a rating of important. This update will prevent untrusted MS Saved Console (MSC) files from being opened, which will protect the end user against an arbitrary code execution vulnerability. CVE-2024-43573 is a spoofing exploit rated moderate. You will want to make sure these get patched ASAP.

CVE-2024-2059 is rated as important but is also a pretty serious vulnerability. Successful exploitation could result in a compromised hypervisor by bypassing the UEFI on a host machine. So although it carries a "Exploitability Assessment" of "Exploitation Less Likely" I do recommend this one is also high up on your "get it patch soon" list.

Besides these zero days we have five CVE's rated critical:

These mainly affect Windows OS's as well as MS Configuration Manager and some one offs for Dynamics and the GroupMe app. You can find more details in the chart below. So, you will definitely want to get this month's updates tested and deployed as soon as you can. It looks like the bad guys have been busy so please update soon to remediate these recent vulnerabilities.

Besides these there is not much to talk about this month.

Happy patching!

Patch data provided by:
Technology	Products Affected	Severity	Reference	Workaround/ Exploited / Publicly Disclosed	Vulnerability Info
Windows	Windows 10, 11 Server 2008 SP2, 2008 R2 SP1, 2012, 2012 R2, 2016, 2019, 2022 including Server Core Installations Remote Desktop Client	Critical	CVE-2024-20659* CVE-2024-30092 CVE-2024-37976 CVE-2024-37979 CVE-2024-37982 CVE-2024-37983 CVE-2024-38029 CVE-2024-38124 CVE-2024-38129 CVE-2024-38149 CVE-2024-38212 CVE-2024-38261 CVE-2024-38262 CVE-2024-38265 CVE-2024-43453 CVE-2024-43456 CVE-2024-43500 CVE-2024-43501 CVE-2024-43502 CVE-2024-43506 CVE-2024-43508 CVE-2024-43509 CVE-2024-43511 CVE-2024-43512 CVE-2024-43513 CVE-2024-43514 CVE-2024-43515 CVE-2024-43516 CVE-2024-43517 CVE-2024-43518 CVE-2024-43519 CVE-2024-43520 CVE-2024-43521 CVE-2024-43522 CVE-2024-43523 CVE-2024-43524 CVE-2024-43525 CVE-2024-43526 CVE-2024-43527 CVE-2024-43528 CVE-2024-43529 CVE-2024-43532 CVE-2024-43533 CVE-2024-43534 CVE-2024-43535 CVE-2024-43536 CVE-2024-43537 CVE-2024-43538 CVE-2024-43540 CVE-2024-43541 CVE-2024-43542 CVE-2024-43543 CVE-2024-43544 CVE-2024-43545 CVE-2024-43546 CVE-2024-43547 CVE-2024-43549 CVE-2024-43550 CVE-2024-43551 CVE-2024-43552 CVE-2024-43553 CVE-2024-43554 CVE-2024-43555 CVE-2024-43556 CVE-2024-43557 CVE-2024-43558 CVE-2024-43559 CVE-2024-43560 CVE-2024-43561 CVE-2024-43562 CVE-2024-43563 CVE-2024-43564 CVE-2024-43565 CVE-2024-43567 CVE-2024-43570 CVE-2024-43571 CVE-2024-43572* CVE-2024-43573* CVE-2024-43574 CVE-2024-43575 CVE-2024-43581 CVE-2024-43582 CVE-2024-43583* CVE-2024-43584 CVE-2024-43585 CVE-2024-43589 CVE-2024-43592 CVE-2024-43593 CVE-2024-43599 CVE-2024-43607 CVE-2024-43608 CVE-2024-43611 CVE-2024-43615 CVE-2024-6197*	Workaround: No *Exploited: Yes* Public: Yes*	Denial of Service Elevation of Privilege Information Disclosure Remote Code Execution Security Feature Bypass Spoofing Tampering
Edge	Chromium-based For Android	Moderate	CVE-2024-38221 CVE-2024-38222 CVE-2024-43489 CVE-2024-43496 CVE-2024-7025 CVE-2024-7970 CVE-2024-8194 CVE-2024-8198 CVE-2024-8362 CVE-2024-8636 CVE-2024-8637 CVE-2024-8638 CVE-2024-8639 CVE-2024-8904 CVE-2024-8905 CVE-2024-8906 CVE-2024-8907 CVE-2024-8908 CVE-2024-8909 CVE-2024-9120 CVE-2024-9121 CVE-2024-9122 CVE-2024-9123 CVE-2024-9369 CVE-2024-9370	Workaround: No Exploited: No Public: No	Information Disclosure Remote Code Execution Spoofing
Office	365 Apps for Enterprise Office 2016, 2019 LTSC 2021, 2024 Excel/Visio 2016 Outlook for Android	Important	CVE-2024-38016 CVE-2024-43504 CVE-2024-43505 CVE-2024-43576 CVE-2024-43604 CVE-2024-43609 CVE-2024-43616	Workaround: No Exploited: No Public: No	Elevation of Privilege Remote Code Execution Spoofing
SharePoint	Enterprise Server 2016 Server 2019 Server Subscription Edition	Important	CVE-2024-43503	Workaround: No Exploited: No Public: No	Elevation of Privilege
Dynamics 365	Business Central Online	Critical	CVE-2024-43460	Workaround: No Exploited: No Public: No	Elevation of Privilege
SQL Server	Power BI Report Server - May 2024	Important	CVE-2024-43481 CVE-2024-43612	Workaround: No Exploited: No Public: No	Spoofing
Azure	Service Connector CLI Service Fabric 9.1, 10, 10.1 for Linux Stack HCI 22H2, HCI 23H2 Monitor Agent	Important	CVE-2024-38097 CVE-2024-38179 CVE-2024-43480 CVE-2024-43591	Workaround: No Exploited: No Public: No	Elevation of Privilege Remote Code Execution
Apps	GroupMe	Critical	CVE-2024-38183	Workaround: No Exploited: No Public: No	Elevation of Privilege
.NET	6.0 & 8.0 for Windows, Linux & Mac OS	Important	CVE-2024-38229 CVE-2024-43483 CVE-2024-43484 CVE-2024-43485	Workaround: No Exploited: No Public: No	Denial of Service Remote Code Execution
.NET Framework	2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.6, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8, 4.8.1	Important	CVE-2024-43483 CVE-2024-43484	Workaround: No Exploited: No Public: No	Denial of Service
Visual Studio	2015 Update 3 2017 15.0-15.9 2019 16.0-16.11 2022 17.6-17.11 Visual Studio Code	Critical	CVE-2024-38229 CVE-2024-43483 CVE-2024-43484 CVE-2024-43485 CVE-2024-43488 CVE-2024-43590 CVE-2024-43601 CVE-2024-43603	Workaround: No Exploited: No Public: No	Denial of Service Elevation of Privilege Remote Code Execution
Dev Tools	DeepSpeed Visual C++ Redistributable Installer	Important	CVE-2024-43497 CVE-2024-43590	Workaround: No Exploited: No Public: No	Elevation of Privilege Remote Code Execution
Mariner	CBL Mariner 2.0 x64/ARM	Important	CVE-2024-6197*	Workaround: No Exploited: No Public: Yes*	Remote Code Execution
System Center	MS Configuration Manager 2303, 2309, 2403 Defender for EndPoint for Linux	Critical	CVE-2024-43468 CVE-2024-43614	Workaround: No Exploited: No Public: No	Remote Code Execution Spoofing
Dev Tools	DeepSpeed Visual C++ Redistributable Installer	Important	CVE-2024-43497 CVE-2024-43590	Workaround: No Exploited: No Public: No	Elevation of Privilege Remote Code Execution

Send me this chart next Patch Tuesday.

User name:
Password:
	/ Forgot?
	Register

October 2024 Patch Tuesday	"Patch Tuesday - Five Zero Days! " - sponsored by LOGbinder

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2024 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.