Microsoft Security Updates: 5 Zero-Days & 118 Vulnerabilities Patched

About

On October 2024 Patch Tuesday, Microsoft released security updates for 118 vulnerabilities, including five publicly disclosed zero-days, two of which are actively exploited. This update addresses three critical remote code execution flaws and provides comprehensive patches across various vulnerability categories.

Who's More Vulnerable?

Organizations and users still relying on older Microsoft technologies, particularly those using the MSHTML platform, are at increased risk. Environments that employ Microsoft Management Console or those with virtual machines utilizing UEFI are particularly vulnerable. Additionally, systems without regular updates or adequate security measures are prime targets for exploitation.

Impact

The updates include:

• CVE-2024-43573: A spoofing vulnerability in the Windows MSHTML platform, which could potentially allow attackers to manipulate web content.
• CVE-2024-43572: A remote code execution flaw in the Microsoft Management Console (MMC), enabling execution of malicious MSC files.
• CVE-2024-6197: An RCE vulnerability in libcurl, triggered by malicious server connections.
• CVE-2024-20659: A security feature bypass in Windows Hyper-V that could compromise hypervisors in UEFI environments.
• CVE-2024-43583: An elevation of privilege vulnerability in Winlogon, potentially granting SYSTEM privileges.

Mitigation

1. CVE-2024-43573 (Windows MSHTML Spoofing Vulnerability) Apply the security patch provided by Microsoft for the MSHTML platform. Ensure that browsers and any application using MSHTML components are updated. Disable or restrict MSHTML usage for web content where possible to minimize exposure to untrusted web pages. Use endpoint security solutions that can detect and block attempts to exploit MSHTML.

2. CVE-2024-43572 (Microsoft Management Console (MMC) RCE) Apply the relevant security patch for MMC as soon as it's available. Avoid opening MSC (Microsoft Saved Console) files from untrusted sources. Enforce restrictions using Group Policy to control which users can launch MMC or execute specific MSC files. Monitor file execution and network connections for suspicious activity relating to MMC usage.

3. CVE-2024-6197 (libcurl RCE) Update to the latest version of libcurl to ensure the vulnerability is patched. Validate server certificates properly when establishing connections to ensure they aren't tampered with by malicious servers. Restrict connections to trusted sources and use secure transport protocols (e.g., HTTPS). Regularly monitor libcurl-related logs for abnormal behaviors or exploit attempts.

4. CVE-2024-20659 (Windows Hyper-V Security Feature Bypass) Install updates for Hyper-V as soon as they become available. Limit access to virtual machine management and ensure that only trusted personnel have the necessary permissions to interact with UEFI environments. Enable Secure Boot and other security features to protect the integrity of virtual machines. Ensure strong isolation between guest VMs and the host machine.

5. CVE-2024-43583 (Winlogon Elevation of Privilege) Apply Microsoft's patch to address the vulnerability in Winlogon. Restrict user accounts from having unnecessary privileges and implement the principle of least privilege across your systems. Enable enhanced security auditing to detect any suspicious attempts to escalate privileges. Regularly review user and system privileges to identify and mitigate any unnecessary permissions that could be exploited. For all these vulnerabilities, timely patching is crucial, along with ongoing monitoring for potential exploitation attempts.