Microsoft October 2024 Patch Tuesday Addresses 117 CVEs, Including Two Zero-Day Vulnerabilities

Microsoft has released the October 2024 Patch Tuesday, addressing a total of 117 Common Vulnerabilities and Exposures (CVEs). This month’s update includes three critical vulnerabilities, 113 important ones, and one moderate issue. Of particular concern are two zero-day vulnerabilities actively exploited in the wild: CVE-2024-43573 and CVE-2024-43572.

The first vulnerability, CVE-2024-43572, affects the Microsoft Management Console (MMC) and allows remote code execution through malicious Microsoft Saved Console (MSC) files. This flaw, with a CVSS score of 7.8, could compromise sensitive information stored in console windows. Microsoft has released a security update to prevent untrusted MSC files from being opened.

The second critical vulnerability, CVE-2024-43573, targets the Windows MSHTML Platform, impacting various Microsoft 365 applications, Internet Explorer 11, and Legacy Microsoft Edge browsers. With a CVSS score of 6.5, this moderate spoofing vulnerability poses risks to user security.

Security expert Satnam Narang emphasized the severity of these vulnerabilities, noting the need for immediate updates to prevent exploitation. He highlighted the increasing use of social engineering tactics to exploit these flaws.

In addition to the zero-day vulnerabilities, the Patch Tuesday update addressed other critical issues, including remote code execution and elevation of privilege vulnerabilities. Users and organizations are urged to prioritize these updates to safeguard their systems and educate employees on identifying potential threats. Stay informed and proactive to stay ahead of cyber threats in today’s digital landscape.