Microsoft Monthly Security Update – 09 October 2024

In Cyber Security by Matsco Engineering Team

 

Microsoft have released a security advisory on the 9th of October 2024 in line with their regular monthly patch schedule which includes a number of updates to address vulnerabilities in two (2) high risk, six (6) medium risk and one (1) low risk products. 

These updates address vulnerabilities which may impact services through Information Disclosure, Elevation of Privilege, Security Restriction Bypass, Spoofing, Denial of Service, Remote Code Execution and Data Manipulation. 

For more information please see: Microsoft Security Update

This release consists of security updates for the following products, features and roles:

  • .NET and Visual Studio
  • .NET, .NET Framework, Visual Studio
  • Azure CLI
  • Azure Monitor
  • Azure Stack
  • BranchCache
  • Code Integrity Guard
  • DeepSpeed
  • Internet Small Computer Systems Interface (iSCSI)
  • Microsoft ActiveX
  • Microsoft Configuration Manager
  • Microsoft Defender for Endpoint
  • Microsoft Graphics Component
  • Microsoft Management Console
  • Microsoft Office
  • Microsoft Office Excel
  • Microsoft Office SharePoint
  • Microsoft Office Visio
  • Microsoft Simple Certificate Enrollment Protocol
  • Microsoft WDAC OLE DB provider for SQL
  • Microsoft Windows Speech
  • OpenSSH for Windows
  • Outlook for Android
  • Power BI
  • Remote Desktop Client
  • Role: Windows Hyper-V
  • RPC Endpoint Mapper Service
  • Service Fabric
  • Sudo for Windows
  • Visual C++ Redistributable Installer
  • Visual Studio
  • Visual Studio Code
  • Windows Ancillary Function Driver for WinSock
  • Windows BitLocker
  • Windows Common Log File System Driver
  • Windows Cryptographic Services
  • Windows EFI Partition
  • Windows Hyper-V
  • Windows Kerberos
  • Windows Kernel
  • Windows Kernel-Mode Drivers
  • Windows Local Security Authority (LSA)
  • Windows Mobile Broadband
  • Windows MSHTML Platform
  • Windows Netlogon
  • Windows Network Address Translation (NAT)
  • Windows NT OS Kernel
  • Windows NTFS
  • Windows Online Certificate Status Protocol (OCSP)
  • Windows Print Spooler Components
  • Windows Remote Desktop
  • Windows Remote Desktop Licensing Service
  • Windows Remote Desktop Services
  • Windows Resilient File System (ReFS)
  • Windows Routing and Remote Access Service (RRAS)
  • Windows Scripting
  • Windows Secure Channel
  • Windows Secure Kernel Mode
  • Windows Shell
  • Windows Standards-Based Storage Management Service
  • Windows Storage
  • Windows Storage Port Driver
  • Windows Telephony Server
  • Winlogon

 

CVE-2024-43573 is being exploited in the wild and this is a Windows MSHTML platform spoofing vulnerability that stems from the continued use of components of the officially retired Internet Explorer 11.

CVE-2024-43572 is being exploited in the wild and this vulnerability allows malicious Microsoft Saved Console (MSC) files to perform remote code execution on vulnerable devices. 

Please contact the Matsco Solutions team on the below if you would like any further information or would like to schedule a maintenance.

support@matscosolutions.com

Beijing  +86 400 120 2782
Hong Kong  +852 8101 8418
London   +44 (0)20 7821 4950
New York  +1 866 446 9226
Singapore  +65 6100 1090

Share this Post