3 minute read

Microsoft Issues Security Update Fixing 118 Flaws, Two Actively Exploited in the Wild

info@thehackernews.com (The Hacker News)

October 9, 2024

Microsoft has released security updates to fix a total of 118 vulnerabilities across its software portfolio, two of which have come under active exploitation in the wild. Of the 118 flaws, three are rated Critical, 113 are rated Important, and two are rated Moderate in severity. The Patch Tuesday update doesn’t include the 25 additional flaws that the tech giant addressed in its Chromium-based

Microsoft has released security updates to fix a total of 118 vulnerabilities across its software portfolio, two of which have come under active exploitation in the wild.

Of the 118 flaws, three are rated Critical, 113 are rated Important, and two are rated Moderate in severity. The Patch Tuesday update doesn’t include the 25 additional flaws that the tech giant addressed in its Chromium-based Edge browser over the past month.

Five of the vulnerabilities are listed as publicly known at the time of release, with two of them coming under active exploitation as a zero-day –

CVE-2024-43572 (CVSS score: 7.8) – Microsoft Management Console Remote Code Execution Vulnerability (Exploitation detected)
CVE-2024-43573 (CVSS score: 6.5) – Windows MSHTML Platform Spoofing Vulnerability (Exploitation Detected)
CVE-2024-43583 (CVSS score: 7.8) – Winlogon Elevation of Privilege Vulnerability
CVE-2024-20659 (CVSS score: 7.1) – Windows Hyper-V Security Feature Bypass Vulnerability
CVE-2024-6197 (CVSS score: 8.8) – Open Source Curl Remote Code Execution Vulnerability (non-Microsoft CVE)

It’s worth noting that CVE-2024-43573 is similar to CVE-2024-38112 and CVE-2024-43461, two other MSHTML spoofing flaws that have been exploited prior to July 2024 by the Void Banshee threat actor to deliver the Atlantida Stealer malware.

Microsoft makes no mention of how the two vulnerabilities are exploited in the wild, and by whom, or how widespread they are. It credited researchers Andres and Shady for reporting CVE-2024-43572, but no acknowledgment has been given for CVE-2024-43573, raising the possibility that it could be a case of patch bypass.

“Since the discovery of CVE-2024-43572, Microsoft now prevents untrusted MSC files from being opened on a system,” Satnam Narang, senior staff research engineer at Tenable, said in a statement shared with The Hacker News.

The active exploitation of CVE-2024-43572 and CVE-2024-43573 has also been noted by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), which added them to its Known Exploited Vulnerabilities (KEV) catalog, requiring federal agencies to apply the fixes by October 29, 2024.

Among all the flaws disclosed by Redmond on Tuesday, the most severe concerns a remote execution flaw in Microsoft Configuration Manager (CVE-2024-43468, CVSS score: 9.8) that could allow unauthenticated actors to run arbitrary commands.

“An unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to the target environment which are processed in an unsafe manner enabling the attacker to execute commands on the server and/or underlying database,” it said.

Two other Critical-rated severity flaws also relate to remote code execution in Visual Studio Code extension for Arduino (CVE-2024-43488, CVSS score: 8.8) and Remote Desktop Protocol (RDP) Server (CVE-2024-43582, CVSS score: 8.1).

“Exploitation requires an attacker to send deliberately-malformed packets to a Windows RPC host, and leads to code execution in the context of the RPC service, although what this means in practice may depend on factors including RPC Interface Restriction configuration on the target asset,” Adam Barnett, lead software engineer at Rapid7, said about CVE-2024-43582.

“One silver lining: attack complexity is high, since the attacker must win a race condition to access memory improperly.”

Software Patches from Other Vendors

Outside of Microsoft, security updates have also been released by other vendors over the past few weeks to rectify several vulnerabilities, including —

Adobe
Amazon Web Services
Apache Avro
Apple
AutomationDirect
Bosch
Broadcom (including VMware)
Cisco (including Splunk)
Citrix
CODESYS
Dell
Draytek
Drupal
F5
Fortinet
GitLab
Google Android
Google Chrome
Google Cloud
Hitachi Energy
HP
HP Enterprise (including Aruba Networks)
IBM
Intel
Ivanti
Jenkins
Juniper Networks
Lenovo
Linux distributions Amazon Linux, Debian, Oracle Linux, Red Hat, Rocky Linux, SUSE, and Ubuntu
MediaTek
Mitsubishi Electric
MongoDB
Mozilla Firefox, Firefox ESR, and Thunderbird
NVIDIA
Okta
Palo Alto Networks
Progress Software
QNAP
Qualcomm
Rockwell Automation
Salesforce Tableau
Samsung
SAP
Schneider Electric
Siemens
Sophos
Synology
Trend Micro
Veritas
Zoom, and
Zyxel

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

“}]] The Hacker News

Microsoft

EU condemns Russia after detecting ‘increasing number’ of hybrid activities

October 8, 2024

Latest News

Social Media Accounts: The Weak Link in Organizational SaaS Security

October 9, 2024

5 min

Latest News

AWS Cloud Development Kit Vulnerability Exposes Users to Potential Account Takeover Risks

Cybersecurity researchers have disclosed a security flaw impacting Amazon Web Services (AWS) Cloud Development Kit (CDK) that could have resulted in an account takeover under specific circumstances. "The impact of this issue could, in certain scenarios, allow an attacker to gain administrative access to a target AWS account, resulting in a full account takeover," Aqua said in a report shared

info@thehackernews.com (The Hacker News)

October 24, 2024

3 min

Latest News

New Grandoreiro Banking Malware Variants Emerge with Advanced Tactics to Evade Detection

New variants of a banking malware called Grandoreiro have been found to adopt new tactics in an effort to bypass anti-fraud measures, indicating that the malicious software is continuing to be actively developed despite law enforcement efforts to crack down on the operation. "Only part of this gang was arrested: the remaining operators behind Grandoreiro continue attacking users all over the

info@thehackernews.com (The Hacker News)

October 23, 2024

6 min

Latest News

Want to Grow Vulnerability Management into Exposure Management? Start Here!

Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident. At its core, Vulnerability Management

info@thehackernews.com (The Hacker News)

December 5, 2024

Hand-Picked Top-Read Stories

LockBit Developer Rostislav Panev Charged for Billions in Global Ransomware Damages

Judge rules NSO Group is liable for spyware hacks targeting 1,400 WhatsApp user devices

Nearly 6 million people were impacted by ransomware attack on Ascension Health

Trending Tags

Microsoft Issues Security Update Fixing 118 Flaws, Two Actively Exploited in the Wild

Software Patches from Other Vendors

Previous Post

EU condemns Russia after detecting ‘increasing number’ of hybrid activities

Next Post

Social Media Accounts: The Weak Link in Organizational SaaS Security

LockBit Developer Rostislav Panev Charged for Billions in Global Ransomware Damages

Judge rules NSO Group is liable for spyware hacks targeting 1,400 WhatsApp user devices

Nearly 6 million people were impacted by ransomware attack on Ascension Health

Romanian Netwalker ransomware affiliate sentenced to 20 years in US prison

US unseals complaint against Russian-Israeli accused of working for LockBit

Microsoft Issues Security Update Fixing 118 Flaws, Two Actively Exploited in the Wild

Software Patches from Other Vendors

Previous Post

Next Post

Related Posts