In October 2024, we were aware of a series of high-risk Common Vulnerabilities and Exposures (CVEs) for organizations and users. Such vulnerabilities, when taken advantage of, can allow attackers to gain root access and execute data breach, service disruption and other attacks. In this blog, we’ll dive into the top 10 CVEs for October 2024, in order of severity and mitigation recommended.
Total CVEs Reported:
It reported 2,800 vulnerabilities in October 2024, the same amount that we had over the course of the year. Notably, many of these vulnerabilities were RCE and EoP attacks, which indicates the increasing sophistication of the threats.
Patch Tuesday:
Microsoft’s Patch Tuesday of October 2024 fixed 117 CVEs, which are broken down into these categories:
- Critical: 3
- Important: 113
- Moderate: 1
Two of these zero-day vulnerabilities were even exploited in the wild:
- CVE-2024-43572: Microsoft Management Console Remote Code Execution Vulnerability
- CVE-2024-43573: Windows MSHTML Platform Spoofing Vulnerability
These vulnerabilities were patched immediately to prevent possible exploits.
Vulnerability Types and Trends:
- Elevation of Privilege (EoP): Caused 37% of vulnerability fixes. EoP bugs enable attackers to revoke higher level permissions in a system.
- Remote Code Execution (RCE): Identified 35% of the patched issues. RCE allows hackers to remotely run arbitrary code on systems.
- Denial of Service (DoS): Made up 22 % of the vulnerabilities which could enable attackers to crash services.
- Security Feature Bypass: Added 6% to the vulnerabilities allowing the attacker to bypass security.
Key Trends:
- Zero-day Vulnerabilities: Microsoft fixed two zero-day vulnerabilities in October 2024, and both of them have been actively exploited.
- Critical Vulnerabilities in Enterprise Software: Several critical vulnerabilities affected widely used enterprise software, including Microsoft Configuration Manager and Visual Studio Code.
- Ransomware Evolution: Ransomware groups adopted new tactics, such as using passwords to validate execution and prevent analysis.
- Surge in Magecart Attacks: There was a significant increase in Magecart attacks targeting e-commerce platforms.
- Focus on Remote Access and Security Solutions: Zero-day vulnerabilities affecting remote access and security solutions became prime targets for cybercriminals and state-sponsored groups.
Top 10 Vulnerabilities in October 2024
In October 2024, the cybersecurity world was dominated by a handful of serious issues to avoid at the first sign. These were issues that affected platforms and apps across many industries, with huge implications for companies and individuals. Here’s a look at the top 10 vulnerabilities discovered in this time:
- CVE-2024-47575: FortiManager Missing Authentication
- Description: A critical flaw in FortiManager’s fgfmd daemon lacked proper authentication, allowing unauthorized access.
- Impact: Exploitation could lead to data theft, system compromise, and service disruptions.
- Mitigation: Update to FortiManager version 7.2.6 build1164 or later.
Strobes
- CVE-2024-21260: Oracle WebLogic Server Vulnerability
- Description: An unauthenticated attacker could exploit T3 or IIOP protocols to compromise Oracle WebLogic Server.
- Impact: Potential for denial of service and unauthorized access.
- Mitigation: Apply the latest patches provided by Oracle.
Strobes
- CVE-2024-43573: Windows MSHTML Platform Spoofing Vulnerability
- Description: A spoofing vulnerability in the MSHTML platform, actively exploited in the wild.
- Impact: Attackers could deceive users by presenting malicious content as legitimate.
- Mitigation: Install the security updates released by Microsoft in October 2024.
Bleeping Computer
- CVE-2024-43572: Microsoft Management Console Remote Code Execution
- Description: A remote code execution vulnerability in the Microsoft Management Console, actively exploited.
- Impact: Attackers could execute arbitrary code on affected systems.
- Mitigation: Apply the security patches provided by Microsoft.
Bleeping Computer
- CVE-2024-43468: Microsoft Configuration Manager Remote Code Execution
- Description: A critical RCE vulnerability in Microsoft Configuration Manager with a CVSS score of 9.8.
- Impact: Unauthenticated attackers could execute commands on the server or underlying database.
- Mitigation: Install the in-console update as Microsoft advised.
Tenable
- CVE-2024-43488: Visual Studio Code Extension for Arduino Remote Code Execution
- Description: An RCE vulnerability in the Arduino extension for Visual Studio Code.
- Impact: Attackers could execute code remotely through network-based attacks.
- Mitigation: Microsoft has deprecated the extension; users should switch to alternative solutions.
CrowdStrike
- CVE-2024-43582: Remote Desktop Protocol Server Remote Code Execution
- Description: An RCE vulnerability in the Remote Desktop Protocol Server.
- Impact: Remote, unauthenticated attackers could gain arbitrary code execution by sending specially crafted RPC requests.
- Mitigation: Apply the security updates released by Microsoft.
CrowdStrike
- CVE-2024-38124: Windows Netlogon Elevation of Privilege
- Description: An elevation of privilege vulnerability in Windows Netlogon with a CVSS score of 9.
- Impact: Authenticated attackers could impersonate domain controllers and potentially compromise the entire domain.
- Mitigation: Implement the security patches provided by Microsoft.
Tenable
- CVE-2024-43583: Winlogon Elevation of Privilege
- Description: An elevation of privilege vulnerability in Winlogon.
- Impact: Attackers could gain system privileges if exploited.
- Mitigation: Apply the relevant security updates from Microsoft.
Tenable
- CVE-2024-6197: Windows cURL Implementation Remote Code Execution
- Description: An RCE vulnerability in Windows cURL implementation.
- Impact: Attackers could execute arbitrary code by exploiting this flaw.
- Mitigation: Update to the latest version of cURL as recommended by Microsoft.
Dark Reading
The takeaway from October 2024 was that you need to be vigilant and proactive about cybersecurity, with vulnerabilities in every critical application and platform. Resolving these bugs is not just a process of patching as it is one of the most important activities in protecting sensitive data and infrastructure against ever-changing attacks. Enterprises and users should prioritize patching on a regular basis, have rigorous security measures, and scan systems frequently to strengthen defences against attack vectors. We can then mitigate risk and maintain a solid security posture even during the persistent cyber threats.
References
- https://www.bleepingcomputer.com/news/microsoft/microsoft-october-2024-patch-tuesday-fixes-5-zero-days-118-flaws/
- https://www.crowdstrike.com/en-us/blog/patch-tuesday-analysis-october-2024/
- https://www.tenable.com/blog/microsoft-october-2024-patch-tuesday-addresses-117-cves-cve-2024-43572-cve-2024-43573
- https://security.googleblog.com/2024/10/
- https://www.cisa.gov/news-events/bulletins/sb24-295
- https://www.shield53.com/insights/critical-security-vulnerabilities-in-windows-and-microsoft-configuration-manager-october-2024
- https://www.csoonline.com/article/3554938/microsoft-october-update-patches-two-zero-day-vulnerabilities-it-says-are-being-actively-exploited.html
- https://jetpatch.com/blog/patch-tuesday/october-2024-patch-tuesday-analysis-2/
- https://www.bleepingcomputer.com/news/microsoft/microsoft-october-2024-patch-tuesday-fixes-5-zero-days-118-flaws/
- https://windowsforum.com/threads/october-2024-windows-security-updates-critical-fixes-and-known-issues.343569/
- https://windowsforum.com/threads/critical-vulnerability-cve-2024-38029-in-windows-openssh-what-you-need-to-know.343559/
- https://www.darkreading.com/vulnerabilities-threats/5-cves-microsofts-october-2024-update-patch-now
- https://redmondmag.com/Articles/2024/10/08/Microsoft-October-Patch-Rollout.aspx