High Threat Security Alert (A24-10-07): Multiple Vulnerabilities in Microsoft Products (October 2024)


 

Published on: 09 October 2024

  
  

Description:

Microsoft has released security updates addressing multiple vulnerabilities which affect several Microsoft products or components. The list of security updates can be found at:
https://msrc.microsoft.com/update-guide/releaseNote/2024-Oct

Reports indicated that the vulnerabilities (CVE-2024-43572 and CVE-2024-43573) in Microsoft Windows and Server are being exploited in the wild and the technical details of vulnerabilities (CVE-2024-6197, CVE-2024-20659, CVE-2024-43572, CVE-2024-43573 and CVE-2024-43583) in Microsoft Windows and Server were publicly disclosed. In addition, multiple vulnerabilities (CVE-2024-38124, CVE-2024-43468, CVE-2024-43488 and CVE-2024-43582) in Microsoft Windows and Server, Visual Studio Code and Microsoft Configuration Manager are also at a high risk of exploitation. System administrators and users are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.

 

Affected Systems:

  • Microsoft Windows 10, 11
  • Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016, 2019, 2022, 2022, 23H2 Edition
  • Microsoft Office 2016, 2019, LTSC 2021, LTSC 2024
  • Microsoft 365 Apps for Enterprise
  • Microsoft Excel 2016
  • Microsoft Outlook for Android
  • Microsoft SharePoint Enterprise Server 2016
  • Microsoft SharePoint Server 2019, Subscription Edition
  • Microsoft Visual Studio 2015, 2017, 2019, 2022
  • Visual Studio Code
  • Microsoft .NET Framework 2.0, 3.0, 3.5, 3.5.1, 4.6, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8, 4.8.1
  • .NET 6.0, 8.0
  • Remote Desktop client for Windows Desktop
  • Visual C++ Redistributable Installer
  • Microsoft Configuration Manager 2303, 2309, 2403
  • CBL Mariner 2.0
  • DeepSpeed
  • Power BI Report Server - May 2024

 

Impact:

Successful exploitation of the vulnerabilities could lead to remote code execution, denial of service, elevation of privilege, information disclosure, security restriction bypass, spoofing or tampering on an affected system.

 

Recommendation:

Patches for affected systems are available from the Windows Update / Microsoft Update Catalog. System administrators and users of affected systems should follow the recommendations provided by the vendor and take immediate actions to mitigate the risk.

 

More Information:

  • https://msrc.microsoft.com/update-guide/releaseNote/2024-Oct
  • https://www.hkcert.org/security-bulletin/microsoft-monthly-security-update-october-2024
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6197
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20659
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30092
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37976
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37979
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37982 (to CVE-2024-37983)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38029
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38097
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38124
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38129
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38149
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38179
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38212
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38229
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38261 (to CVE-2024-38262)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38265
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43453
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43456
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43468
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43480 (to CVE-2024-43481)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43483 (to CVE-2024-43485)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43488
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43497
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43500 (to CVE-2024-43506)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43508 (to CVE-2024-43509)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43511 (to CVE-2024-43529)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43532 (to CVE-2024-43538)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43540 (to CVE-2024-43547)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43549 (to CVE-2024-43565)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43567
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43570 (to CVE-2024-43576)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43581 (to CVE-2024-43585)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43589 (to CVE-2024-43593)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43599
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43601
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43603 (to CVE-2024-43604)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43607 (to CVE-2024-43609)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43611 (to CVE-2024-43612)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43615 (to CVE-2024-43616)


Tag: Microsoft , Windows , Microsoft Office , Windows Server , Microsoft 365 Apps , Excel , Outlook , SharePoint , Visual Studio , Visual Studio Code , .NET Framework , .NET , Remote Desktop , Configuration Manager , CBL Mariner , DeepSpeed , Power BI Report
Tags