On October 7, 2024, Microsoft released its October security update, addressing 117 vulnerabilities. Arctic Wolf has highlighted four of these vulnerabilities, which were either classified by Microsoft as critical or reported to have been exploited in the wild.
Impacted Product #1: Windows
Vulnerabilities Impacting Windows:
| CVE-2024-43572 | CVSS: 7.8 – High MS Severity: Important |
Exploitation Detected |
| Microsoft Management Console Remote Code Execution (RCE) Vulnerability – A remote attacker can exploit this vulnerability by convincing a victim to download and open a specially crafted Microsoft Saved Console (MSC) file which could lead to RCE. The security update mitigates this vulnerability by restricting the opening of untrusted MSC files. | ||
| CVE-2024-43573 | CVSS: 6.5 – Medium MS Severity: Moderate |
Exploitation Detected |
| Windows MSHTML Platform Spoofing Vulnerability – This vulnerability affects all supported versions of Microsoft Windows, except for certain older Windows Server editions. It targets the MSHTML platform, which is still used in Internet Explorer mode within Microsoft Edge and other applications via the WebBrowser control. The scripting platforms used by MSHTML and EdgeHTML are also impacted. | ||
| CVE-2024-43582 | CVSS: 8.1 – High MS Severity: Critical |
No Exploitation Detected |
| Remote Desktop Protocol Server RCE Vulnerability – A remote unauthenticated threat actor could exploit this vulnerability by sending malformed packets to an RPC host, potentially leading to RCE on the server side with the same permissions as the RPC service. Successful exploitation of CVE-2024-43582 requires the threat actor to win a race condition. | ||
Impacted Product #2: Microsoft Configuration Manager
Vulnerability Impacting Microsoft Configuration Manager:
| CVE-2024-43468 | CVSS: 9.8 – Critical MS Severity: Critical |
No Exploitation Detected |
| Microsoft Configuration Manager RCE Vulnerability – A remote unauthenticated threat actor could exploit this vulnerability by sending specially crafted requests to the target environment. These requests are processed unsafely, potentially enabling the threat actor to achieve RCE on the server and/or the underlying database. | ||
Recommendation
Upgrade to Latest Fixed Versions
Arctic Wolf strongly recommends upgrading to the latest fixed versions.
| Product | Vulnerability | Article |
| Windows Server 2022, 23H2 Edition | CVE-2024-43572, CVE-2024-43573, CVE-2024-43582 | 5044288 |
| Windows Server 2022 | CVE-2024-43572, CVE-2024-43573, CVE-2024-43582 | 5044281 |
| Windows Server 2019 | CVE-2024-43572, CVE-2024-43573, CVE-2024-43582 | 5044277 |
| Windows Server 2016 | CVE-2024-43572, CVE-2024-43573 | 5044293 |
| Windows Server 2012 R2 | CVE-2024-43572, CVE-2024-43573 | 5044343 |
| Windows Server 2012 | CVE-2024-43572 | 5044342 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | CVE-2024-43572 | 5044356, 5044321 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | CVE-2024-43572 | 5044320, 5044306 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | CVE-2024-43572 | 5044320, 5044306 |
| Windows 11 Version 24H2 for x64-based Systems | CVE-2024-43572, CVE-2024-43573, CVE-2024-43582 | 5044284 |
| Windows 11 Version 24H2 for ARM64-based Systems | CVE-2024-43572, CVE-2024-43573, CVE-2024-43582 | 5044284 |
| Windows 11 Version 23H2 for x64-based Systems | CVE-2024-43572, CVE-2024-43573, CVE-2024-43582 | 5044285 |
| Windows 11 Version 23H2 for ARM64-based Systems | CVE-2024-43572, CVE-2024-43573, CVE-2024-43582 | 5044285 |
| Windows 11 Version 22H2 for x64-based Systems | CVE-2024-43572, CVE-2024-43573, CVE-2024-43582 | 5044285 |
| Windows 11 Version 22H2 for ARM64-based Systems | CVE-2024-43572, CVE-2024-43573, CVE-2024-43582 | 5044285 |
| Windows 11 version 21H2 for x64-based Systems | CVE-2024-43572, CVE-2024-43573, CVE-2024-43582 | 5044280 |
| Windows 11 version 21H2 for ARM64-based Systems | CVE-2024-43572, CVE-2024-43573, CVE-2024-43582 | 5044280 |
| Windows 10 Version 22H2 for x64-based Systems | CVE-2024-43572, CVE-2024-43573, CVE-2024-43582 | 5044273 |
| Windows 10 Version 22H2 for ARM64-based Systems | CVE-2024-43572, CVE-2024-43573, CVE-2024-43582 | 5044273 |
| Windows 10 Version 22H2 for 32-bit Systems | CVE-2024-43572, CVE-2024-43573, CVE-2024-43582 | 5044273 |
| Windows 10 Version 21H2 for x64-based Systems | CVE-2024-43572, CVE-2024-43573, CVE-2024-43582 | 5044273 |
| Windows 10 Version 21H2 for ARM64-based Systems | CVE-2024-43572, CVE-2024-43573, CVE-2024-43582 | 5044273 |
| Windows 10 Version 21H2 for 32-bit Systems | CVE-2024-43572, CVE-2024-43573, CVE-2024-43582 | 5044273 |
| Windows 10 Version 1809 for x64-based Systems | CVE-2024-43572, CVE-2024-43573, CVE-2024-43582 | 5044277 |
| Windows 10 Version 1809 for 32-bit Systems | CVE-2024-43572, CVE-2024-43573, CVE-2024-43582 | 5044277 |
| Windows 10 Version 1607 for x64-based Systems | CVE-2024-43572, CVE-2024-43573 | 5044293 |
| Windows 10 Version 1607 for 32-bit Systems | CVE-2024-43572, CVE-2024-43573 | 5044293 |
| Windows 10 for x64-based Systems | CVE-2024-43572, CVE-2024-43573 | 5044286 |
| Windows 10 for 32-bit Systems | CVE-2024-43572, CVE-2024-43573 | 5044286 |
| Microsoft Configuration Manager 2403 | CVE-2024-43468 | KB29166583 |
| Microsoft Configuration Manager 2309 | CVE-2024-43468 | KB29166583 |
| Microsoft Configuration Manager 2303 | CVE-2024-43468 | KB29166583 |
Please follow your organization’s patching and testing guidelines to minimize potential operational impact.
References
Stay up to date with the latest security incidents and trends from Arctic Wolf Labs.
Explore the latest global threats with the 2024 Arctic Wolf Labs Threats Report.
