A breach in the engine behind Internet Explorer and a vulnerability in the Remote Desktop Protocol Service top the list of about 117 patches deployed in Microsoft’s monthly update. Around the same time, Apple has released a fix for macOS 15 that restores functionality to some third-party security tools.
Patch Tuesday is a useful reminder for admins to ensure applications and security services are up to date.
Microsoft Management Console vulnerability exploited
Despite previous reports showing that Microsoft’s security vulnerabilities have fallen, the tech giant remains a popular target for cyber exploitations.
Perhaps the most serious vulnerability on the list of patches in October is CVE-2024-43572, a flaw in Microsoft Management Console that has been exploited. This vulnerability uses a malicious .msc file to take hold, and Microsoft’s patch forbids the use of untrusted .msc files. While technically a case of remote-code execution, attackers must interact with a user — perhaps through social engineering — to gain initial access.
Microsoft noted: “The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.”
SEE: Watch out for threat actors spoofing enterprise emails to send fake Microsoft notifications.
Internet Explorer Engine patched
CVE-2024-43573 originates in the MSHTML platform, the engine behind Internet Explorer mode in Microsoft Edge.
“The vulnerability allows an attacker to trick users into viewing malicious web content, which could appear legitimate due to the way the platform handles certain web elements,” wrote Nikolas Cemerikic, cybersecurity engineer at Immersive Labs, in an email to TechRepublic. “Once a user is deceived into interacting with this content (typically through phishing attacks), the attacker can potentially gain unauthorized access to sensitive information or manipulate web-based services.”
While the mention of Internet Explorer might sound outdated, the vulnerability was still actively exploited.
“Despite Internet Explorer being retired on many platforms, its underlying MSHTML technology remains active and vulnerable,” said Cemerikic. “This creates a risk for employees using these older systems as part of their everyday work, especially if they are accessing sensitive data or performing financial transactions online.”
Microsoft patched the vulnerability in the MSHTML platform in its October IE Cumulative Updates release.
Other significant Microsoft vulnerabilities patched in October 2024
The following were among the issues addressed on Patch Tuesday in October:
- CVE-2024-6197, a vulnerability in curl which Windows is republishing as an advisory. This vulnerability could allow for remote code execution.
- CVE-2024-43609, with which a user could spoof a Microsoft Office account to gain access to files.
- CVE-2024-43582, a use-after-free vulnerability in the Remote Desktop Protocol service, which could allow for remote code execution.
Apple stops Sequoia from breaking security tools
Apple’s Oct. 3 “what’s new” update for macOS 15 Sequoia included the bullet point “Improves compatibility with third-party security software.” According to TechCrunch’s reporting, CrowdStrike, SentinelOne, and Microsoft security products weren’t functioning on a significant number of Macs using the new operating system.
Read the full article here