Microsoft recently released a significant update bundle, addressing a total of 117 security vulnerabilities with the October 2024 Patch Tuesday. This update includes fixes for some publicly known and actively exploited flaws, making it one of the largest updates of the year.
Key Security Updates in October Patch Tuesday
Among the most critical security fixes in this month’s update are two publicly known vulnerabilities and two actively exploited flaws. While these vulnerabilities may not have high severity scores, their public disclosure increases the potential threat. The vulnerabilities addressed include:
- CVE-2024-43572 (important; CVSS 7.8): A remote code execution vulnerability in the Microsoft Management Console that is actively exploited.
- CVE-2024-43573 (moderate; CVSS 6.5): A spoofing vulnerability in the Windows MSHTML Platform that is actively exploited.
- CVE-2024-20659 (important; CVSS 7.1): A security feature bypass in Windows Hyper-V.
- CVE-2024-43583 (important; CVSS 7.8): A privilege escalation vulnerability in Winlogon.
Additional Vulnerability Patches
In addition to the above, Microsoft’s October update also addressed three critical remote code execution vulnerabilities affecting various Microsoft products. These include vulnerabilities in Microsoft Configuration Manager, Remote Desktop Protocol Server, and Visual Studio Code extension for Arduino.
Overall, the update bundle includes patches for 117 vulnerabilities, covering a range of issues such as denial of service, privilege escalation, information disclosure, remote code execution, security feature bypass, spoofing, and tampering vulnerabilities. It is essential for all users to update their systems promptly to protect against potential threats.
Share your thoughts in the comments section below.