***If you are receiving this email, it is because you subscribed to it. If you have not subscribed and want to unsubscribe, click here. Please do not mark as spam instead. We've had some problems lately with email blacklisting. We'd appreciate if you unsubscribe if you don't want mailings from us.***

Welcome to my October Patch Tuesday newsletter. Today Microsoft released updates for 118 CVE's. Since our last Patch Tuesday newsletter last month there are also an additional 28 updates totaling 146 CVE's patched this month. Of these we have 5 that are zero days: CVE-2024-43572 and CVE-2024-43573 are not only publicly disclosed but have also been detected as being exploited in the wild. CVE-2024-43572 is a remote code execution vulnerability with a rating of important. This update will prevent untrusted MS Saved Console (MSC) files from being opened, which will protect the end user against an arbitrary code execution vulnerability. CVE-2024-43573 is a spoofing exploit rated moderate. You will want to make sure these get patched ASAP.

CVE-2024-2059 is rated as important but is also a pretty serious vulnerability. Successful exploitation could result in a compromised hypervisor by bypassing the UEFI on a host machine. So although it carries a "Exploitability Assessment" of "Exploitation Less Likely" I do recommend this one is also high up on your "get it patch soon" list.

Besides these zero days we have five CVE's rated critical:
These mainly affect Windows OS's as well as MS Configuration Manager and some one offs for Dynamics and the GroupMe app. You can find more details in the chart below. So, you will definitely want to get this month's updates tested and deployed as soon as you can. It looks like the bad guys have been busy so please update soon to remediate these recent vulnerabilities.

Besides these there is not much to talk about this month. It's a fairly light month with the usual being released. I recently had a webinar showing how my Supercharger product can help you collect the events you need from your domain controllers to detect malicious activity. Unfortunately, our webinar service provider had a few audio issues. We still managed to do the live event but if you missed it or were there and want to see a recording of it you can register for it here.

Happy patching!
Follow randyfsmith on Twitter

Subscribe to Randy Franklin Smith on Facebook

So, without further ado, here’s the chart of MS patches that affect Windows platforms in the past month.

Patch data provided by:

LOGbinder.com

Technology

Products Affected

Severity

Reference

Workaround/ Exploited / Publicly Disclosed

Vulnerability Info

Windows

Windows 10, 11

Server 2008 SP2, 2008 R2 SP1, 2012, 2012 R2, 2016, 2019, 2022 including Server Core Installations

Remote Desktop Client

Critical

CVE-2024-20659*
CVE-2024-30092
CVE-2024-37976
CVE-2024-37979
CVE-2024-37982
CVE-2024-37983
CVE-2024-38029
CVE-2024-38124
CVE-2024-38129
CVE-2024-38149
CVE-2024-38212
CVE-2024-38261
CVE-2024-38262
CVE-2024-38265
CVE-2024-43453
CVE-2024-43456
CVE-2024-43500
CVE-2024-43501
CVE-2024-43502
CVE-2024-43506
CVE-2024-43508
CVE-2024-43509
CVE-2024-43511
CVE-2024-43512
CVE-2024-43513
CVE-2024-43514
CVE-2024-43515
CVE-2024-43516
CVE-2024-43517
CVE-2024-43518
CVE-2024-43519
CVE-2024-43520
CVE-2024-43521
CVE-2024-43522
CVE-2024-43523
CVE-2024-43524
CVE-2024-43525
CVE-2024-43526
CVE-2024-43527
CVE-2024-43528
CVE-2024-43529
CVE-2024-43532
CVE-2024-43533
CVE-2024-43534
CVE-2024-43535
CVE-2024-43536
CVE-2024-43537
CVE-2024-43538
CVE-2024-43540
CVE-2024-43541
CVE-2024-43542
CVE-2024-43543
CVE-2024-43544
CVE-2024-43545
CVE-2024-43546
CVE-2024-43547
CVE-2024-43549
CVE-2024-43550
CVE-2024-43551
CVE-2024-43552
CVE-2024-43553
CVE-2024-43554
CVE-2024-43555
CVE-2024-43556
CVE-2024-43557
CVE-2024-43558
CVE-2024-43559
CVE-2024-43560
CVE-2024-43561
CVE-2024-43562
CVE-2024-43563
CVE-2024-43564
CVE-2024-43565
CVE-2024-43567
CVE-2024-43570
CVE-2024-43571
CVE-2024-43572*
CVE-2024-43573*

CVE-2024-43574
CVE-2024-43575
CVE-2024-43581
CVE-2024-43582
CVE-2024-43583*
CVE-2024-43584
CVE-2024-43585
CVE-2024-43589
CVE-2024-43592
CVE-2024-43593
CVE-2024-43599
CVE-2024-43607
CVE-2024-43608
CVE-2024-43611
CVE-2024-43615
CVE-2024-6197*

Workaround: No
Exploited: Yes
Public: Yes*

Denial of Service

Elevation of Privilege

Information Disclosure

Remote Code Execution

Security Feature Bypass

Spoofing

Tampering

Edge

Chromium-based

For Android

Moderate

CVE-2024-38221
CVE-2024-38222
CVE-2024-43489
CVE-2024-43496
CVE-2024-7025
CVE-2024-7970
CVE-2024-8194
CVE-2024-8198
CVE-2024-8362
CVE-2024-8636
CVE-2024-8637
CVE-2024-8638
CVE-2024-8639
CVE-2024-8904
CVE-2024-8905
CVE-2024-8906
CVE-2024-8907
CVE-2024-8908
CVE-2024-8909
CVE-2024-9120
CVE-2024-9121
CVE-2024-9122
CVE-2024-9123
CVE-2024-9369
CVE-2024-9370

Workaround: No
Exploited: No
Public: No

Information Disclosure

Remote Code Execution

Spoofing

Office

365 Apps for Enterprise

Office 2016, 2019

LTSC 2021, 2024

Excel/Visio 2016

Outlook for Android

Important

CVE-2024-38016
CVE-2024-43504
CVE-2024-43505
CVE-2024-43576

CVE-2024-43604
CVE-2024-43609
CVE-2024-43616

Workaround: No
Exploited: No
Public: No

Elevation of Privilege

Remote Code Execution

Spoofing

SharePoint

Enterprise Server 2016

Server 2019

Server Subscription Edition

Important

CVE-2024-43503

Workaround: No
Exploited: No
Public: No

Elevation of Privilege

Dynamics 365

Business Central Online

Critical

CVE-2024-43460

Workaround: No
Exploited: No

Public: No

Elevation of Privilege

SQL Server

Power BI Report Server - May 2024

Important

CVE-2024-43481
CVE-2024-43612

Workaround: No
Exploited: No

Public: No

Spoofing

Azure

Service Connector

CLI

Service Fabric 9.1, 10, 10.1 for Linux

Stack HCI 22H2,
HCI 23H2

Monitor Agent

Important

CVE-2024-38097
CVE-2024-38179
CVE-2024-43480
CVE-2024-43591

Workaround: No
Exploited: No
Public: No

Elevation of Privilege

Remote Code Execution

Apps

GroupMe

Critical

CVE-2024-38183

Workaround: No
Exploited: No
Public: No

Elevation of Privilege

.NET

6.0 & 8.0 for Windows, Linux & Mac OS

Important

CVE-2024-38229
CVE-2024-43483
CVE-2024-43484
CVE-2024-43485

Workaround: No
Exploited: No
Public: No

Denial of Service

Remote Code Execution

.NET Framework

2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.6, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8, 4.8.1

Important

CVE-2024-43483
CVE-2024-43484

Workaround: No
Exploited: No
Public: No

Denial of Service

Visual Studio

2015 Update 3

2017 15.0-15.9

2019 16.0-16.11

2022 17.6-17.11

Visual Studio Code

Critical

CVE-2024-38229
CVE-2024-43483
CVE-2024-43484
CVE-2024-43485
CVE-2024-43488
CVE-2024-43590
CVE-2024-43601
CVE-2024-43603

Workaround: No
Exploited: No
Public: No

Denial of Service

Elevation of Privilege

Remote Code Execution

Dev Tools

DeepSpeed

Visual C++ Redistributable Installer

Important

CVE-2024-43497
CVE-2024-43590

Workaround: No
Exploited: No
Public: No

Elevation of Privilege

Remote Code Execution

Mariner

CBL Mariner 2.0 x64/ARM

Important

CVE-2024-6197*

Workaround: No
Exploited: No
Public: Yes*

Remote Code Execution

System Center

MS Configuration Manager 2303, 2309, 2403

Defender for EndPoint for Linux

Critical

CVE-2024-43468
CVE-2024-43614

Workaround: No
Exploited: No
Public: No

Remote Code Execution

Spoofing

Dev Tools

DeepSpeed

Visual C++ Redistributable Installer

Important

CVE-2024-43497
CVE-2024-43590

Workaround: No
Exploited: No
Public: No

Elevation of Privilege

Remote Code Execution

Thanks as always for reading and best wishes on security,

Randy Franklin Smith

Follow randyfsmith on Twitter Subscribe to Randy Franklin Smith on Facebook

Click here to unsubscribe

Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2024 Monterey Technology Group, All rights reserved. You may forward this email in its entirety but all other rights reserved.

9450 SW Gemini Drive #53822, Beaverton, OR 97008

Note: We do our best to provide quality information and expert commentary but use all information at your own risk.