Microsoft Monthly Security Update (October 2024)
Microsoft has released monthly security update for their products:
| Vulnerable Product | Risk Level | Impacts | Notes |
| Azure |  Medium Risk | Elevation of Privilege Remote Code Execution | |
| Windows |  High Risk | Elevation of Privilege Remote Code Execution Denial of Service Information Disclosure Security Restriction Bypass Spoofing Data Manipulation | CVE-2024-43573 is being exploited in the wild. This is a Windows MSHTML platform spoofing vulnerability, and another serious flaw that stems from the continued use of components of the officially retired Internet Explorer 11. CVE-2024-43572 is being exploited in the wild. This vulnerability allowed malicious Microsoft Saved Console (MSC) files to perform remote code execution on vulnerable devices. The attack itself is carried out locally. |
| Extended Security Updates (ESU) | High Risk | Remote Code Execution Denial of Service Security Restriction Bypass Elevation of Privilege Information Disclosure Spoofing Data Manipulation | CVE-2024-43573 is being exploited in the wild. This is a Windows MSHTML platform spoofing vulnerability, and another serious flaw that stems from the continued use of components of the officially retired Internet Explorer 11. CVE-2024-43572 is being exploited in the wild. This vulnerability allowed malicious Microsoft Saved Console (MSC) files to perform remote code execution on vulnerable devices. The attack itself is carried out locally. |
| SQL Server |  Low Risk | Spoofing | |
| Developer Tools | Medium Risk | Remote Code Execution Denial of Service Elevation of Privilege | |
| Microsoft Office | Medium Risk | Elevation of Privilege Remote Code Execution Spoofing | |
| Mariner | Medium Risk | Remote Code Execution | |
| Apps | Medium Risk | Elevation of Privilege | |
| System Center | Medium Risk | Remote Code Execution Spoofing |
Number of ‘Extremely High Risk’ product(s): 0
Number of ‘High Risk’ product(s): 2
Number of ‘Medium Risk’ product(s): 6
Number of ‘Low Risk’ product(s): 1
Evaluation of overall ‘Risk Level’: High Risk
RISK: High Risk
TYPE: Operating Systems – Windows OS
Impact
- Information Disclosure
- Elevation of Privilege
- Security Restriction Bypass
- Spoofing
- Denial of Service
- Remote Code Execution
- Data Manipulation
System / Technologies affected
- Azure
- Windows
- Extended Security Updates (ESU)
- SQL Server
- Developer Tools
- Microsoft Office
- Mariner
- Apps
- System Center
Solutions
Before installation of the software, please visit the vendor web-site for more details.
- Apply fixes issued by the vendor.
Vulnerability Identifier
Source
Related Link
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
