Patch Tuesday October 2024: Counting Down to Windows 10 EoS, While Internet Explorer Lives
 
                  
                  The long tail of Internet Explorer reappears in this month’s Microsoft Patch Tuesday release as we hit the one year mark for the impending Windows 10 end of support. A multi-month issue with Remote Desktop Gateway services crashing on Windows Servers since July’s security updates has also been addressed this month, so any teams that have put in place deferments to preserve Remote Desktop functionality should be quickly evaluating moving forward in light of this month’s updates to close multiple vulnerabilities.
Microsoft Vulnerabilities
A total of 119 new vulnerabilities were addressed with fixes for October’s Patch Tuesday. Included in those are fixes for five zero-day vulnerabilities that were marked as publicly disclosed—two of which are Under Active Exploitation. Also buried in the release notes is an update for CVE-2024-38095. This was originally announced and addressed with a security update in July 2024, and highlights that sometimes just hitting go on your patch management solution of choice isn’t always enough to secure an environment.
CVE-2024-38095 is a .NET and Visual Studio Denial of Service vulnerability that affected multiple builds of Microsoft Visual Studio 2022, .NET 8.0, and Powershell 7.2 and 7.4. Microsoft added .NET 6.0 to the list of affected products, but did not and will not provide a fix to address the vulnerability.
From the release notes description: “In the Security Updates table, added .NET 6.0 as it is also affected by this vulnerability. Note that there is no security update for .NET 6.0 to address this vulnerability. HTTP/3 support was only experimental in .NET 6.0, so if you are using .NET 6 you must update your application to .NET 8 to be protected.”
CVE-2024-43573 is a Windows MSHTML Platform spoofing vulnerability that affects Windows systems potentially as far back as Windows 8. Microsoft has listed Windows 10 as well as Windows Server 2012 R2 and forward as being affected by the vulnerability, and has provided fixes for those supported Windows builds. However, the vulnerability may also exist in older versions of Windows as the MSHTML Platform and other components were integral to Internet Explorer 11, which was released on Windows 8 in 2013.
CVE-2024-6197 is one of the publicly disclosed zero-days that has not been seen being exploited in the wild yet. It’s been marked as Exploitation Less Likely, but combining it with other TTPs or vulnerabilities could result in easier exploitation of the vulnerability. An attacker who can successfully get a client to connect to a malicious server with a curl command could potentially reach remote code execution on the victim system, at the moment that would result in only a crash of the system.
Windows Lifecycle Management
With only one year remaining until Windows 10 reaches the end of support from Microsoft on October 14, 2025, now is the time to start planning hardware migrations and necessary updates to keep systems on supported Windows builds. While Windows 10 has provided over a decade of reliable service—and many end-users have known only this operating system—it is important for Managed Service Providers (MSPs) to have prepared and led their clients through the required end-user training and project work before support ends. Planning a significant transition like this ahead of time is always easier than trying to convince end-users to give up an out-of-support system that still allows them to perform their daily tasks.
Microsoft Patch Tuesday Vulnerability Prioritization
Addressing vulnerabilities effectively requires a mix of adhering to established best practices and leveraging informed judgment. While it’s a natural instinct to rank vulnerabilities with critical severity ratings higher on the list of things that need to be addressed, relying on severity ratings alone can be limiting. An often-overlooked component is temporal metrics, which provide a measure of the window of vulnerability—the time from initial vulnerability discovery to the availability and application of the patch. This is essential as the longer a vulnerability exists without a fix, the greater the potential for exploitation. By integrating temporal metrics into the risk evaluation process, organizations can gain a more comprehensive understanding of the threat landscape and potential attack vectors, ensuring that they don’t leave themselves open to unnecessary risks.
Table Key: Severity: C = Critical, I = Important, M = Moderate, R = Re-issue; Status: EML = Exploitation More Likely, ELL = Exploitation Less Likely, ED = Exploitation Detected, EU = Exploitation Unlikely, N/A = Not Available
| CVE Number | 
 | CVE Title | 
 | Severity | 
 | Status | 
| CVE-2024-43572 | Microsoft Management Console Remote Code Execution Vulnerability | I | ED | |||
| CVE-2024-43573 | Windows MSHTML Platform Spoofing Vulnerability | M | ED | |||
| CVE-2024-43488 | Visual Studio Code extension for Arduino Remote Code Execution Vulnerability | C | ELL | |||
| CVE-2024-43582 | Remote Desktop Protocol Server Remote Code Execution Vulnerability | C | ELL | |||
| CVE-2024-43468 | Microsoft Configuration Manager Remote Code Execution Vulnerability | C | ELL | |||
| CVE-2024-43610 | Copilot Studio Information Disclosure Vulnerability | C | EML | |||
| CVE-2024-43583 | Winlogon Elevation of Privilege Vulnerability | I | EML | |||
| CVE-2024-43560 | Microsoft Windows Storage Port Driver Elevation of Privilege Vulnerability | I | EML | |||
| CVE-2024-43556 | Windows Graphics Component Elevation of Privilege Vulnerability | I | EML | |||
| CVE-2024-43509 | Windows Graphics Component Elevation of Privilege Vulnerability | I | EML | |||
| CVE-2024-43615 | Microsoft OpenSSH for Windows Remote Code Execution Vulnerability | I | EML | |||
| CVE-2024-43609 | Microsoft Office Spoofing Vulnerability | I | EML | |||
| CVE-2024-43581 | Microsoft OpenSSH for Windows Remote Code Execution Vulnerability | I | EML | |||
| CVE-2024-43502 | Windows Kernel Elevation of Privilege Vulnerability | I | EML | 
Summary
As always make sure you have established patching processes for evaluation, testing and pushing into production. If you have traditionally only dealt with patches by applying them based on their severity consider including prioritization of patches for Zero-Days, Exploitation Detected and Exploitation More Likely vulnerabilities in your Patch Management routines.
Looking for more blogs on patching, or looking for previous Microsoft Patch Tuesday Reviews, then check out the Patch Management section of our blog.
Lewis Pope is the Head Security Nerd at N‑able. You can follow him on Twitter: @cybersec_nerd
LinkedIn: thesecuritypope
Twitch: cybersec_nerd
© N‑able Solutions ULC y N‑able Technologies Ltd. Todos los derechos reservados.
Este documento solo se proporciona con fines informativos. No debe utilizarse para obtener orientación legal. N‑able no ofrece ninguna garantía, implícita o explícita, ni asume ninguna responsabilidad legal o jurídica por la exactitud, integridad o utilidad de cualquier información contenida en este documento.
N-ABLE, N-CENTRAL y otras marcas comerciales y logotipos de N‑able son propiedad exclusiva de N‑able Solutions ULC y N‑able Technologies Ltd., y pueden ser marcas sujetas al derecho anglosajón, estar registradas o pendientes de registro en la Oficina de Patentes y Marcas de Estados Unidos o en otros países. El resto de marcas comerciales mencionadas en este documento solo se utilizan con fines de identificación y son marcas comerciales (o marcas comerciales registradas) de sus respectivas empresas.
