October’s Patch Tuesday instalment addresses 119 vulnerabilities, an increase from the 79 in September. This month sees 4 critical vulnerabilities patched, along with 5 publicly disclosed and 2 exploited in the wild.
An unauthenticated attacker could exploit this critical vulnerability by sending specially crafted requests to the target environment which are processed in an unsafe manner enabling the attacker to execute commands on the server or underlying database. Customers using a vulnerable version of Configuration Manager must install an in-console update to be protected.
For a list of affected versions, and guidance for installing in-console updates, please see Microsoft’s security advisory for this CVE.
A critical vulnerability in Visual Studio Code extension for Arduino could allow remote code execution through a network attack vector stemming from missing authentication for critical functions in the extension.
Microsoft reported it is not planning on patching this vulnerability in Visual Studio Code extension for Arduino as the extension has been deprecated however, the flaw has been fully mitigated by Microsoft. Microsoft’s security advisory clearly states that this CVE is to provide transparency, and there is no action for users to take.
Relating to RDP Server, this critical vulnerability could facilitate server-side remote code execution with the same permissions as the RPC service. This can be achieved by an unauthenticated attacker by sending malformed packets to an RCP host. Microsoft has noted that successful exploitation requires the attacker to win a race condition, reducing the likelihood of abuse.
Relating to RDP Client, two important RCE vulnerabilities could allow an attacker controlling a Remote Desktop Server to trigger remote code execution on the RDP client machine when a victim connects to the attacking server with a vulnerable Remote Desktop Client. Microsoft advises disabling Remote Desktop Services if they are not required. It is also recommended that you install the updates for this vulnerability as soon as possible even if you plan to leave Remote Desktop Services disabled.
This Hyper-V vulnerability relates to Virtual Machines within a Unified Extensible Firmware Interface (UEFI) host machine. It might be possible to bypass the UEFI, which could lead to the compromise of the hypervisor and the secure kernel.
Successful exploitation of this vulnerability requires multiple conditions, such as specific application behaviour, user actions, manipulation of parameters passed to a function, and impersonation of an integrity level token as well as requiring an attacker to reboot the machine. The attacker is also required to first compromise the restricted network before running an attack.,
An attack with LAN access could predict the name of a new domain controller and rename their computer to match, establish a secure channel, and keep it active while renaming their computer back to its original name. Once the new domain controller is promoted, the attacker could use the secure channel to impersonate the domain controller resulting in domain administrator privileges and potentially compromise the entire domain.
Microsoft has reported a vulnerability relating to MSHTML, a software component used to render web pages, which has been publicly disclosed and exploited in the wild. MSHTML is a key component in many Microsoft 365 and Microsoft Office products as well as Internet Explorer 11 and Legacy Microsoft Edge browsers on certain platforms and Windows applications. Specific information surrounding the vulnerability and its classification as spoofing has been restricted by Microsoft.
For a full list of this month’s updates please see the links below:
Patch Tuesday release notes: https://msrc.microsoft.com/update-guide/releaseNote/2024-Oct
Security update guide: https://msrc.microsoft.com/update-guide/
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
