{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2024-106.pdf"
    },
    "title": "Multiple Critical Vulnerabilities in Microsoft Products",
    "serial_number": "2024-106",
    "publish_date": "09-10-2024 16:06:57",
    "description": "On October 8, 2024, Microsoft addressed 118 vulnerabilities in its October 2024 Patch Tuesday update, including five zero-day vulnerabilities. This Patch Tuesday also fixes three critical vulnerabilities.<br>\n",
    "url_title": "2024-106",
    "content_markdown": "---    \ntitle: 'Multiple Critical Vulnerabilities in\u00a0Microsoft\u00a0Products'\nnumber: '2024-106'\nversion: '1.0'\noriginal_date: '2024-10-08'\ndate: '2024-10-09'\n---\n\n_History:_\n\n* _09/10/2024 --- v1.0 -- Initial publication_\n\n\n# Summary\n\nOn October 8, 2024, Microsoft addressed 118 vulnerabilities in its October 2024 Patch Tuesday update, including five zero-day vulnerabilities. This Patch Tuesday also fixes three critical vulnerabilities [1,2].\n\n# Technical Details\n\nWe highlight here the zero-day vulnerabilities, but it is highly recommended to deploy Microsoft patches for all 118 vulnerabilities identified. \n\nThe vulnerability **CVE-2024-43573**, with a CVSS score 6.5, could be a bypass of a previous vulnerability that abused MSHTML to spoof file extensions in alerts displayed when opening files [3].\n\nThe vulnerability **CVE-2024-43572**, with a CVSS score 7.8, is a vulnerability that could allow malicious Microsoft Saved Console (MSC) files to perform remote code execution on vulnerable devices.[4].\n\nThe vulnerability **CVE-2024-6197**, with a CVSS score 8.8, is a `libcurl` remote code execution flaw that could cause commands to be executed when Curl attempts to connect to a malicious server [5].\n\nThe vulnerability **CVE-2024-20659**, with a CVSS score 7.1, is a UEFI bypass that could allow attackers to compromise the hypervisor and kernel [6].\n\nThe vulnerability **CVE-2024-43583**, with a CVSS score 7.1, is an elevation of privileges flaw that could give attackers SYSTEM privileges in Windows [7].\n\n# Affected Products\n\nDetailed information about each vulnerability and affected systems can be found in Microsoft's security bulletins [1]. \n\n# Recommendations\n\nIt is recommended applying updates to the affected devices as soon as possible, prioritising Internet facing devices, and critical servers. \n\n# References\n\n[1] <https://msrc.microsoft.com/update-guide/releaseNote/2024-Oct>\n\n[2] <https://www.bleepingcomputer.com/news/microsoft/microsoft-october-2024-patch-tuesday-fixes-5-zero-days-118-flaws/>\n\n[3] <https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-43573>\n\n[4] <https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-43572>\n\n[5] <https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-6197>\n\n[6] <https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20659>\n\n[7] <https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43583>",
    "content_html": "<p><em>History:</em></p><ul><li><em>09/10/2024 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On October 8, 2024, Microsoft addressed 118 vulnerabilities in its October 2024 Patch Tuesday update, including five zero-day vulnerabilities. This Patch Tuesday also fixes three critical vulnerabilities [1,2].</p><h2 id=\"technical-details\">Technical Details</h2><p>We highlight here the zero-day vulnerabilities, but it is highly recommended to deploy Microsoft patches for all 118 vulnerabilities identified. </p><p>The vulnerability <strong>CVE-2024-43573</strong>, with a CVSS score 6.5, could be a bypass of a previous vulnerability that abused MSHTML to spoof file extensions in alerts displayed when opening files [3].</p><p>The vulnerability <strong>CVE-2024-43572</strong>, with a CVSS score 7.8, is a vulnerability that could allow malicious Microsoft Saved Console (MSC) files to perform remote code execution on vulnerable devices.[4].</p><p>The vulnerability <strong>CVE-2024-6197</strong>, with a CVSS score 8.8, is a <code>libcurl</code> remote code execution flaw that could cause commands to be executed when Curl attempts to connect to a malicious server [5].</p><p>The vulnerability <strong>CVE-2024-20659</strong>, with a CVSS score 7.1, is a UEFI bypass that could allow attackers to compromise the hypervisor and kernel [6].</p><p>The vulnerability <strong>CVE-2024-43583</strong>, with a CVSS score 7.1, is an elevation of privileges flaw that could give attackers SYSTEM privileges in Windows [7].</p><h2 id=\"affected-products\">Affected Products</h2><p>Detailed information about each vulnerability and affected systems can be found in Microsoft's security bulletins [1]. </p><h2 id=\"recommendations\">Recommendations</h2><p>It is recommended applying updates to the affected devices as soon as possible, prioritising Internet facing devices, and critical servers. </p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://msrc.microsoft.com/update-guide/releaseNote/2024-Oct\">https://msrc.microsoft.com/update-guide/releaseNote/2024-Oct</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.bleepingcomputer.com/news/microsoft/microsoft-october-2024-patch-tuesday-fixes-5-zero-days-118-flaws/\">https://www.bleepingcomputer.com/news/microsoft/microsoft-october-2024-patch-tuesday-fixes-5-zero-days-118-flaws/</a></p><p>[3] <a rel=\"noopener\" target=\"_blank\" href=\"https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-43573\">https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-43573</a></p><p>[4] <a rel=\"noopener\" target=\"_blank\" href=\"https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-43572\">https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-43572</a></p><p>[5] <a rel=\"noopener\" target=\"_blank\" href=\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-6197\">https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-6197</a></p><p>[6] <a rel=\"noopener\" target=\"_blank\" href=\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20659\">https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20659</a></p><p>[7] <a rel=\"noopener\" target=\"_blank\" href=\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43583\">https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43583</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}