Security operations · 2 MIN READ · MATT JASTRAM · OCT 9, 2024 · TAGS: MDR / vulnerability prioritization
TL;DR
- It’s Cybersecurity Awareness Month–don’t let those vulnerabilities get the best of you!
- Microsoft updates are continuing to yield numerous updates, this time more than in September
- These two vulnerabilities we highlighted are already in CISA’s Known Exploited Vulnerability (KEV) database
This Patch Tuesday includes 117 published CVEs from Microsoft.
October’s Patch Tuesday is a special edition, because it’s going live during Cybersecurity Awareness Month. Did you know that the Cybersecurity and Infrastructure Agency (CISA) is both a co-lead of the month, and the author of Patch Tuesday reports?
To increase your awareness this month (and every other month) be sure to subscribe to our blog to get monthly Patch Tuesday updates. You can also check out other Cybersecurity Awareness Month resources here.
To save you time, our team reviewed the October 2024 edition of Patch Tuesday, and has called out two CVEs this month for you to focus on—both of which CISA added immediately to their Known Exploited Vulnerability (KEV) database, with short remediation timelines.
Microsoft’s September release continues to yield numerous CVEs, up significantly more than we saw in September. CISA instantly added two vulnerabilities to their KEV database with a short remediation timeline—a 10/29/2024 due date for federal agencies and companies with policies aligned with CISA. The two vulnerabilities added to the KEV yesterday were our focus this month and are summarized here:
- Windows MSHTML Platform Spoofing Vulnerability: Trident, also known as MSHTML, is Microsoft’s browser engine. Earlier this year, Microsoft announced a fix for an actively exploited CVE-2024-38112. The first CVE was part of an attack chain run as an advanced persistent threat (APT) by Void Banshee, targeting information theft and financial access. Turns out the initial zero-day remediation didn’t comprehensively address the methods threat actors were leveraging to successfully exploit the browser. So CVE-2024-43573 is a second remediation effort. We highly recommend you take steps to remediate this actively exploited vulnerability. The security feature bypass flaw can be corrected by installing the IE Cumulative updates if you’re a user who installs Security Only updates normally.
- Microsoft Windows Management Console Remote Code Execution Vulnerability: Microsoft Saved Console (MSC) file manipulation has been around since 2018, however Microsoft has had their attention pulled elsewhere. Since then, threat actors have leveraged file manipulation to target unsuspecting victims that open them, triggering various process executions, loading a variety of possible payloads (JavaScript, .NET, and others). This past summer, threat actors leveraged CVE-2024-43572 to use MSC files via GrimResource—a new command execution mmc.exe technique. The vulnerability is now a more critical fix needing an update from Microsoft, and they’ve published 37 fixes that we recommend you fix to address the growing exploitation risk!
That’s it for this month. If you have any questions about these specific vulnerabilities (or others on the Patch Tuesday list)—or if you’re interested in learning how Expel Vulnerability Prioritization can give you context for your own environment—get in touch.