Patch Tuesday Update - October 2024

Fortra VM will include the Microsoft Patch Tuesday checks in the NIRV 4.52.0 and FVM Agent 2.13 releases.

Microsoft addressed 117 vulnerabilities in this release, including 3 rated as Critical and 43 Remote Code Execution vulnerabilities.
This release also includes fixes for two vulnerabilities that have been exploited in the wild.
- CVE-2024-43572 Microsoft Management Console Remote Code Execution Vulnerability
  - This update prevents untrusted MSC files from being opened.
- CVE-2024-43573 Windows MSHTML Platform Spoofing Vulnerability
  - This is a cross-site scripting vulnerability.

CVE/Advisory	Title	Tag	Microsoft Severity Rating	Base Score	Microsoft Impact	Exploited	Publicly Disclosed
CVE-2024-38097	Azure Monitor Agent Elevation of Privilege Vulnerability	Azure Monitor	Important	7.1	Elevation of Privilege	No	No
CVE-2024-43516	Windows Secure Kernel Mode Elevation of Privilege Vulnerability	Windows Secure Kernel Mode	Important	7.8	Elevation of Privilege	No	No
CVE-2024-38179	Azure Stack Hyperconverged Infrastructure (HCI) Elevation of Privilege Vulnerability	Azure Stack	Important	8.8	Elevation of Privilege	No	No
CVE-2024-38261	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	Windows Routing and Remote Access Service (RRAS)	Important	7.8	Remote Code Execution	No	No
CVE-2024-43480	Azure Service Fabric for Linux Remote Code Execution Vulnerability	Service Fabric	Important	6.6	Remote Code Execution	No	No
CVE-2024-43481	Power BI Report Server Spoofing Vulnerability	Power BI	Important	6.5	Spoofing	No	No
CVE-2024-38229	.NET and Visual Studio Remote Code Execution Vulnerability	.NET and Visual Studio	Important	8.1	Remote Code Execution	No	No
CVE-2024-43502	Windows Kernel Elevation of Privilege Vulnerability	Windows Kernel	Important	7.1	Elevation of Privilege	No	No
CVE-2024-43503	Microsoft SharePoint Elevation of Privilege Vulnerability	Microsoft Office SharePoint	Important	7.8	Elevation of Privilege	No	No
CVE-2024-43504	Microsoft Excel Remote Code Execution Vulnerability	Microsoft Office Excel	Important	7.8	Remote Code Execution	No	No
CVE-2024-43505	Microsoft Office Visio Remote Code Execution Vulnerability	Microsoft Office Visio	Important	7.8	Remote Code Execution	No	No
CVE-2024-43506	BranchCache Denial of Service Vulnerability	BranchCache	Important	7.5	Denial of Service	No	No
CVE-2024-43508	Windows Graphics Component Information Disclosure Vulnerability	Microsoft Graphics Component	Important	5.5	Information Disclosure	No	No
CVE-2024-43513	BitLocker Security Feature Bypass Vulnerability	Windows BitLocker	Important	6.4	Security Feature Bypass	No	No
CVE-2024-43515	Internet Small Computer Systems Interface (iSCSI) Denial of Service Vulnerability	Internet Small Computer Systems Interface (iSCSI)	Important	7.5	Denial of Service	No	No
CVE-2024-43518	Windows Telephony Server Remote Code Execution Vulnerability	Windows Telephony Server	Important	8.8	Remote Code Execution	No	No
CVE-2024-43519	Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability	Microsoft WDAC OLE DB provider for SQL	Important	8.8	Remote Code Execution	No	No
CVE-2024-43525	Windows Mobile Broadband Driver Remote Code Execution Vulnerability	Windows Mobile Broadband	Important	6.8	Remote Code Execution	No	No
CVE-2024-43526	Windows Mobile Broadband Driver Remote Code Execution Vulnerability	Windows Mobile Broadband	Important	6.8	Remote Code Execution	No	No
CVE-2024-43527	Windows Kernel Elevation of Privilege Vulnerability	Windows Kernel	Important	7.8	Elevation of Privilege	No	No
CVE-2024-43529	Windows Print Spooler Elevation of Privilege Vulnerability	Windows Print Spooler Components	Important	7.3	Elevation of Privilege	No	No
CVE-2024-43532	Remote Registry Service Elevation of Privilege Vulnerability	RPC Endpoint Mapper Service	Important	8.8	Elevation of Privilege	No	No
CVE-2024-43533	Remote Desktop Client Remote Code Execution Vulnerability	Remote Desktop Client	Important	8.8	Remote Code Execution	No	No
CVE-2024-43534	Windows Graphics Component Information Disclosure Vulnerability	Microsoft Graphics Component	Important	6.5	Information Disclosure	No	No
CVE-2024-43535	Windows Kernel-Mode Driver Elevation of Privilege Vulnerability	Windows Kernel-Mode Drivers	Important	7	Elevation of Privilege	No	No
CVE-2024-43537	Windows Mobile Broadband Driver Denial of Service Vulnerability	Windows Mobile Broadband	Important	6.5	Denial of Service	No	No
CVE-2024-43538	Windows Mobile Broadband Driver Denial of Service Vulnerability	Windows Mobile Broadband	Important	6.5	Denial of Service	No	No
CVE-2024-43540	Windows Mobile Broadband Driver Denial of Service Vulnerability	Windows Mobile Broadband	Important	6.5	Denial of Service	No	No
CVE-2024-43541	Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability	Microsoft Simple Certificate Enrollment Protocol	Important	7.5	Denial of Service	No	No
CVE-2024-43542	Windows Mobile Broadband Driver Denial of Service Vulnerability	Windows Mobile Broadband	Important	6.5	Denial of Service	No	No
CVE-2024-43543	Windows Mobile Broadband Driver Remote Code Execution Vulnerability	Windows Mobile Broadband	Important	6.8	Remote Code Execution	No	No
CVE-2024-43554	Windows Kernel-Mode Driver Information Disclosure Vulnerability	Windows Kernel-Mode Drivers	Important	5.5	Information Disclosure	No	No
CVE-2024-43573	Windows MSHTML Platform Spoofing Vulnerability	Windows MSHTML Platform	Moderate	6.5	Spoofing	Yes	Yes
CVE-2024-43576	Microsoft Office Remote Code Execution Vulnerability	Microsoft Office	Important	7.8	Remote Code Execution	No	No
CVE-2024-43581	Microsoft OpenSSH for Windows Remote Code Execution Vulnerability	OpenSSH for Windows	Important	7.1	Remote Code Execution	No	No
CVE-2024-43601	Visual Studio Code for Linux Remote Code Execution Vulnerability	Visual Studio Code	Important	7.1	Remote Code Execution	No	No
CVE-2024-43604	Outlook for Android Elevation of Privilege Vulnerability	Outlook for Android	Important	5.7	Elevation of Privilege	No	No
CVE-2024-43608	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	Windows Routing and Remote Access Service (RRAS)	Important	8.8	Remote Code Execution	No	No
CVE-2024-43609	Microsoft Office Spoofing Vulnerability	Microsoft Office	Important	6.5	Spoofing	No	No
CVE-2024-43607	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	Windows Routing and Remote Access Service (RRAS)	Important	8.8	Remote Code Execution	No	No
CVE-2024-43612	Power BI Report Server Spoofing Vulnerability	Power BI	Important	6.9	Spoofing	No	No
CVE-2024-43615	Microsoft OpenSSH for Windows Remote Code Execution Vulnerability	OpenSSH for Windows	Important	7.1	Remote Code Execution	No	No
CVE-2024-43616	Microsoft Office Remote Code Execution Vulnerability	Microsoft Office	Important	7.8	Remote Code Execution	No	No
CVE-2024-43500	Windows Resilient File System (ReFS) Information Disclosure Vulnerability	Windows Resilient File System (ReFS)	Important	5.5	Information Disclosure	No	No
CVE-2024-20659	Windows Hyper-V Security Feature Bypass Vulnerability	Role: Windows Hyper-V	Important	7.1	Security Feature Bypass	No	Yes
CVE-2024-37976	Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability	Windows EFI Partition	Important	6.7	Security Feature Bypass	No	No
CVE-2024-37982	Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability	Windows EFI Partition	Important	6.7	Security Feature Bypass	No	No
CVE-2024-37979	Windows Kernel Elevation of Privilege Vulnerability	Windows Kernel	Important	6.7	Elevation of Privilege	No	No
CVE-2024-37983	Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability	Windows EFI Partition	Important	6.7	Security Feature Bypass	No	No
CVE-2024-38149	BranchCache Denial of Service Vulnerability	BranchCache	Important	7.5	Denial of Service	No	No
CVE-2024-38029	Microsoft OpenSSH for Windows Remote Code Execution Vulnerability	OpenSSH for Windows	Important	7.5	Remote Code Execution	No	No
CVE-2024-38129	Windows Kerberos Elevation of Privilege Vulnerability	Windows Kerberos	Important	7.5	Elevation of Privilege	No	No
CVE-2024-38124	Windows Netlogon Elevation of Privilege Vulnerability	Windows Netlogon	Important	9	Elevation of Privilege	No	No
CVE-2024-38265	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	Windows Routing and Remote Access Service (RRAS)	Important	8.8	Remote Code Execution	No	No
CVE-2024-38262	Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability	Windows Remote Desktop Licensing Service	Important	7.5	Remote Code Execution	No	No
CVE-2024-43453	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	Windows Routing and Remote Access Service (RRAS)	Important	8.8	Remote Code Execution	No	No
CVE-2024-38212	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	Windows Routing and Remote Access Service (RRAS)	Important	8.8	Remote Code Execution	No	No
CVE-2024-30092	Windows Hyper-V Remote Code Execution Vulnerability	Windows Hyper-V	Important	8	Remote Code Execution	No	No
CVE-2024-43456	Windows Remote Desktop Services¬†Tampering Vulnerability	Windows Remote Desktop Services	Important	4.8	Tampering	No	No
CVE-2024-43483	.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability	.NET, .NET Framework, Visual Studio	Important	7.5	Denial of Service	No	No
CVE-2024-43484	.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability	.NET, .NET Framework, Visual Studio	Important	7.5	Denial of Service	No	No
CVE-2024-43485	.NET and Visual Studio Denial of Service Vulnerability	.NET and Visual Studio	Important	7.5	Denial of Service	No	No
CVE-2024-43497	DeepSpeed Remote Code Execution Vulnerability	DeepSpeed	Important	8.4	Remote Code Execution	No	No
CVE-2024-43468	Microsoft Configuration Manager Remote Code Execution Vulnerability	Microsoft Configuration Manager	Critical	9.8	Remote Code Execution	No	No
CVE-2024-43501	Windows Common Log File System Driver Elevation of Privilege Vulnerability	Windows Common Log File System Driver	Important	7.8	Elevation of Privilege	No	No
CVE-2024-43509	Windows Graphics Component Elevation of Privilege Vulnerability	Microsoft Graphics Component	Important	7.8	Elevation of Privilege	No	No
CVE-2024-43511	Windows Kernel Elevation of Privilege Vulnerability	Windows Kernel	Important	7	Elevation of Privilege	No	No
CVE-2024-43512	Windows Standards-Based Storage Management Service Denial of Service Vulnerability	Windows Standards-Based Storage Management Service	Important	6.5	Denial of Service	No	No
CVE-2024-43514	Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability	Windows NTFS	Important	7.8	Elevation of Privilege	No	No
CVE-2024-43517	Microsoft ActiveX Data Objects Remote Code Execution Vulnerability	Microsoft ActiveX	Important	8.8	Remote Code Execution	No	No
CVE-2024-43520	Windows Kernel Denial of Service Vulnerability	Windows Kernel	Important	5	Denial of Service	No	No
CVE-2024-43521	Windows Hyper-V Denial of Service Vulnerability	Role: Windows Hyper-V	Important	7.5	Denial of Service	No	No
CVE-2024-43522	Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability	Windows Local Security Authority (LSA)	Important	7	Elevation of Privilege	No	No
CVE-2024-43523	Windows Mobile Broadband Driver Remote Code Execution Vulnerability	Windows Mobile Broadband	Important	6.8	Remote Code Execution	No	No
CVE-2024-43524	Windows Mobile Broadband Driver Remote Code Execution Vulnerability	Windows Mobile Broadband	Important	6.8	Remote Code Execution	No	No
CVE-2024-43528	Windows Secure Kernel Mode Elevation of Privilege Vulnerability	Windows Secure Kernel Mode	Important	7.8	Elevation of Privilege	No	No
CVE-2024-43536	Windows Mobile Broadband Driver Remote Code Execution Vulnerability	Windows Mobile Broadband	Important	6.8	Remote Code Execution	No	No
CVE-2024-43544	Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability	Microsoft Simple Certificate Enrollment Protocol	Important	7.5	Denial of Service	No	No
CVE-2024-43545	Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability	Windows Online Certificate Status Protocol (OCSP)	Important	7.5	Denial of Service	No	No
CVE-2024-43546	Windows Cryptographic Information Disclosure Vulnerability	Windows Cryptographic Services	Important	5.6	Information Disclosure	No	No
CVE-2024-43547	Windows Kerberos Information Disclosure Vulnerability	Windows Kerberos	Important	6.5	Information Disclosure	No	No
CVE-2024-43549	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	Windows Routing and Remote Access Service (RRAS)	Important	8.8	Remote Code Execution	No	No
CVE-2024-43550	Windows Secure Channel Spoofing Vulnerability	Windows Secure Channel	Important	7.4	Spoofing	No	No
CVE-2024-43551	Windows Storage Elevation of Privilege Vulnerability	Windows Storage	Important	7.8	Elevation of Privilege	No	No
CVE-2024-43552	Windows Shell Remote Code Execution Vulnerability	Windows Shell	Important	7.3	Remote Code Execution	No	No
CVE-2024-43553	NT OS Kernel Elevation of Privilege Vulnerability	Windows NT OS Kernel	Important	7.4	Elevation of Privilege	No	No
CVE-2024-43555	Windows Mobile Broadband Driver Denial of Service Vulnerability	Windows Mobile Broadband	Important	6.5	Denial of Service	No	No
CVE-2024-43556	Windows Graphics Component Elevation of Privilege Vulnerability	Microsoft Graphics Component	Important	7.8	Elevation of Privilege	No	No
CVE-2024-43557	Windows Mobile Broadband Driver Denial of Service Vulnerability	Windows Mobile Broadband	Important	6.5	Denial of Service	No	No
CVE-2024-43558	Windows Mobile Broadband Driver Denial of Service Vulnerability	Windows Mobile Broadband	Important	6.5	Denial of Service	No	No
CVE-2024-43559	Windows Mobile Broadband Driver Denial of Service Vulnerability	Windows Mobile Broadband	Important	6.5	Denial of Service	No	No
CVE-2024-43560	Microsoft Windows Storage Port Driver Elevation of Privilege Vulnerability	Windows Storage Port Driver	Important	7.8	Elevation of Privilege	No	No
CVE-2024-43561	Windows Mobile Broadband Driver Denial of Service Vulnerability	Windows Mobile Broadband	Important	6.5	Denial of Service	No	No
CVE-2024-43562	Windows Network Address Translation (NAT) Denial of Service Vulnerability	Windows Network Address Translation (NAT)	Important	7.5	Denial of Service	No	No
CVE-2024-43563	Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability	Windows Ancillary Function Driver for WinSock	Important	7.8	Elevation of Privilege	No	No
CVE-2024-43564	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	Windows Routing and Remote Access Service (RRAS)	Important	8.8	Remote Code Execution	No	No
CVE-2024-43565	Windows Network Address Translation (NAT) Denial of Service Vulnerability	Windows Network Address Translation (NAT)	Important	7.5	Denial of Service	No	No
CVE-2024-43567	Windows Hyper-V Denial of Service Vulnerability	Role: Windows Hyper-V	Important	7.5	Denial of Service	No	No
CVE-2024-43570	Windows Kernel Elevation of Privilege Vulnerability	Windows Kernel	Important	6.4	Elevation of Privilege	No	No
CVE-2024-43571	Sudo for Windows Spoofing Vulnerability	Sudo for Windows	Important	5.6	Spoofing	No	No
CVE-2024-43572	Microsoft Management Console Remote Code Execution Vulnerability	Microsoft Management Console	Important	7.8	Remote Code Execution	Yes	Yes
CVE-2024-43574	Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability	Microsoft Windows Speech	Important	8.3	Remote Code Execution	No	No
CVE-2024-43575	Windows Hyper-V Denial of Service Vulnerability	Role: Windows Hyper-V	Important	7.5	Denial of Service	No	No
CVE-2024-43582	Remote Desktop Protocol Server Remote Code Execution Vulnerability	Windows Remote Desktop	Critical	8.1	Remote Code Execution	No	No
CVE-2024-43584	Windows Scripting Engine Security Feature Bypass Vulnerability	Windows Scripting	Important	7.7	Security Feature Bypass	No	No
CVE-2024-43585	Code Integrity Guard Security Feature Bypass Vulnerability	Code Integrity Guard	Important	5.5	Security Feature Bypass	No	No
CVE-2024-43589	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	Windows Routing and Remote Access Service (RRAS)	Important	8.8	Remote Code Execution	No	No
CVE-2024-43590	Visual C++ Redistributable Installer Elevation of Privilege Vulnerability	Visual C++ Redistributable Installer	Important	7.8	Elevation of Privilege	No	No
CVE-2024-43591	Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability	Azure CLI	Important	8.7	Elevation of Privilege	No	No
CVE-2024-43592	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	Windows Routing and Remote Access Service (RRAS)	Important	8.8	Remote Code Execution	No	No
CVE-2024-43593	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	Windows Routing and Remote Access Service (RRAS)	Important	8.8	Remote Code Execution	No	No
CVE-2024-43599	Remote Desktop Client Remote Code Execution Vulnerability	Remote Desktop Client	Important	8.8	Remote Code Execution	No	No
CVE-2024-43603	Visual Studio Collector Service Denial of Service Vulnerability	Visual Studio	Important	5.5	Denial of Service	No	No
CVE-2024-43583	Winlogon Elevation of Privilege Vulnerability	Winlogon	Important	7.8	Elevation of Privilege	No	Yes
CVE-2024-43614	Microsoft Defender for Endpoint for Linux Spoofing Vulnerability	Microsoft Defender for Endpoint	Important	5.5	Spoofing	No	No
CVE-2024-43611	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	Windows Routing and Remote Access Service (RRAS)	Important	8.8	Remote Code Execution	No	No
CVE-2024-43488	Visual Studio Code extension for Arduino Remote Code Execution Vulnerability	Visual Studio Code	Critical	8.8	Remote Code Execution	No	No

Quickly Find and Fix Your Most At-Risk Weaknesses

Watch this demo to see how Fortra VM can help.

Watch now

Patch Tuesday Update - October 2024

Quickly Find and Fix Your Most At-Risk Weaknesses

Footer 1

Footer 2

Footer 3

Footer Menu 4

Contact Information

Privacy Policy

Cookie Policy

Impressum