This years October Patch Tuesday delivers a crucial update. Microsoft is addressing 118 vulnerabilities across its platforms. Five of these are zero-days, which are actively exploited flaws requiring urgent attention. As organisations face increasing cyber threats, this month’s updates underscore the importance of maintaining a robust patching routine. Remember Patch Tuesday always proceeds Exploit Wednesday – Your Systems are at risk right now!
Key Highlights
Among the 118 vulnerabilities fixed, several stand out for their severity and the impact if left unpatched:
- CVE-2024-43572: A Remote Code Execution (RCE) vulnerability in the Microsoft Management Console. This flaw can allow attackers to execute malicious code remotely, making it a top priority for patching.
- CVE-2024-43573: Another RCE vulnerability, this time within the Windows Graphics Component. If exploited, attackers could gain control over a system by manipulating how memory is managed. This is a particularly dangerous attack vector for organisations reliant on graphical processes(BleepingComputer)(Qualys Security Blog).
- CVE-2024-43574: Affecting Microsoft’s Speech API, this vulnerability enables remote code execution, particularly concerning in environments using voice-activated systems(Qualys Security Blog).
- CVE-2024-43602: A critical zero-day in Microsoft Exchange Server. Attackers have been actively exploiting this flaw to gain unauthorised access. If you’re running Exchange in any form, this is an essential update(BleepingComputer)(Qualys Security Blog).
- CVE-2024-43582: This flaw targets Remote Desktop Protocol (RDP). It allows attackers to send malicious packets. Attackers can gain control over servers without needing user interaction(BleepingComputer).
Zero-Days in the Wild
Five zero-days were addressed this month, with CVE-2024-43602 and CVE-2024-43576 (affecting Microsoft Office) already being actively exploited. Exchange Server vulnerabilities are often targets for attackers. This is due to their widespread use. It is also because of the sensitive nature of the data they manage. Patch this promptly if you’re using on-premise servers(Neowin).
Microsoft’s Official Stand
This month’s updates focus on vulnerabilities, according to Microsoft. If exploited, these vulnerabilities could allow attackers to take control of systems. They might also elevate privileges or disrupt critical infrastructure. They recommend that IT administrators prioritise updates for RDP, Microsoft Office, and any systems running Microsoft Exchange(CISA)(BleepingComputer).
Microsoft has also flagged important updates in Azure, .NET, and OpenSSH for Windows, addressing issues ranging from privilege escalation to denial of service(CISA).
Recommendations for IT Teams
The scope of vulnerabilities addressed is large. IT administrators should prioritise applying patches for internet-facing systems. They should especially focus on RDP, Exchange Servers, and Office Suite installations. These systems are often the first point of entry for attackers. Additionally, they are more likely to be exploited in the wild.
Along with zero-day vulnerabilities, the Microsoft Configuration Manager also saw a critical fix this month. It addresses an RCE vulnerability. This could allow attackers to compromise the server environment(Qualys Security Blog).
Final Thoughts
October 2024’s Patch Tuesday is a significant one. With the increasing frequency of zero-day exploits, organisations can’t afford to delay patching processes. Neglecting these updates could lead to breaches, data loss, or worse, the disruption of critical services.
At Equate, we understand the complexities of managing security in today’s digital landscape. If you’re struggling to keep up with patches, contact us. If you’re unsure about how these vulnerabilities impact your infrastructure, reach out to us. We offer expert assistance in managing your IT security and ensuring compliance.