Microsoft has announced the release of security updates addressing 118 vulnerabilities in its software suite, two of which have been identified as actively exploited vulnerabilities in the wild.
Among these vulnerabilities, three have been classified as Critical, while 113 are rated Important, and two are deemed Moderate. Notably, this Patch Tuesday update does not encompass the additional 25 vulnerabilities identified in its Chromium-based Edge browser within the past month.
At the time of release, five of the vulnerabilities were publicly known, with two categorized as zero-day exploits. The vulnerabilities of particular concern include:
- CVE-2024-43572 (CVSS score: 7.8) – A Remote Code Execution vulnerability in Microsoft Management Console, with confirmed exploitation.
- CVE-2024-43573 (CVSS score: 6.5) – A Spoofing vulnerability in the Windows MSHTML platform, also under active exploitation.
- CVE-2024-43583 (CVSS score: 7.8) – Elevation of Privilege vulnerability affecting Winlogon.
- CVE-2024-20659 (CVSS score: 7.1) – A Security Feature Bypass vulnerability associated with Windows Hyper-V.
- CVE-2024-6197 (CVSS score: 8.8) – A Remote Code Execution vulnerability in Open Source Curl (non-Microsoft CVE).
Notably, CVE-2024-43573 shares similarities with previously exploited MSHTML spoofing vulnerabilities CVE-2024-38112 and CVE-2024-43461. These vulnerabilities were previously utilized by the Void Banshee threat actor to distribute the Atlantida Stealer malware.
While Microsoft has not disclosed the specifics of how these vulnerabilities are being exploited or the entities behind such actions, it has acknowledged the contributions of researchers Andres and Shady for their role in identifying CVE-2024-43572. However, CVE-2024-43573 remains uncredited, which raises concerns regarding potential patch bypass issues.
In light of the discoveries related to CVE-2024-43572, Microsoft has implemented measures to block untrusted MSC files from being opened on affected systems. This update follows the recognition of active exploitation of both CVE-2024-43572 and CVE-2024-43573 by the U.S. Cybersecurity and Infrastructure Security Agency (CISA). CISA has included these vulnerabilities in its Known Exploited Vulnerabilities (KEV) catalog, compelling federal agencies to implement fixes by October 29, 2024.
Among the most severe vulnerabilities disclosed, CVE-2024-43468 stands out due to its high severity, with a CVSS score of 9.8, indicating a critical Remote Code Execution flaw in Microsoft Configuration Manager. This vulnerability could potentially allow unauthenticated attackers to execute arbitrary commands on impacted systems by sending specially crafted requests.
In addition to CVE-2024-43468, two other critical vulnerabilities pertain to remote code execution in Visual Studio Code extensions for Arduino and the Remote Desktop Protocol (RDP) server, with CVSS scores of 8.8 and 8.1, respectively. Exploiting these vulnerabilities necessitates an attacker to transmit specifically crafted packets to a Windows RPC host, which may lead to execution in the context of the RPC service.
The exploitation of these vulnerabilities calls into question the complexity of the underlying attacks, with exploitation complexity rated as high, indicating that attackers may need to navigate a series of conditions to succeed. This raises critical awareness regarding the sophistication of current cyber threats, particularly for organizations reliant on Microsoft products.
Additional Security Updates from Other Vendors
In conjunction with Microsoft, numerous other vendors have issued security updates to address vulnerabilities within their systems, including major players like Adobe, Amazon Web Services, Apple, and Cisco, among others. Companies are urged to stay vigilant and ensure all security patches are applied promptly to protect against emerging threats.
