Patch Tuesday Commentray from Tenable

Security Awareness | Security Operations | Threat Intelligence

This month, Microsoft addresses 117 CVEs with three rated as critical and four zero-day vulnerabilities, two of which were exploited in the wild. Remote code execution (RCE) vulnerabilities accounted for 35.9% of the vulnerabilities patched this month, followed by elevation of privilege (EOP) vulnerabilities at 23.9%. Please find below a comment from Satnam Narang, sr. […]

Posted: Wednesday, Oct 09

KBI.Media
$
Patch Tuesday Commentray from Tenable

Patch Tuesday Commentray from Tenable

This month, Microsoft addresses 117 CVEs with three rated as critical and four zero-day vulnerabilities, two of which were exploited in the wild. Remote code execution (RCE) vulnerabilities accounted for 35.9% of the vulnerabilities patched this month, followed by elevation of privilege (EOP) vulnerabilities at 23.9%. Please find below a comment from Satnam Narang, sr. staff research engineer, Tenable along with a full analysis from Tenable here.

“This month, Microsoft patched two zero-day vulnerabilities that were exploited in the wild.

“CVE-2024-43573 is a spoofing bug in the Windows MSHTML platform. It’s the fourth zero-day vulnerability in MSHTML that was exploited in the wild in 2024 – preceded by CVE-2024-30040, CVE-2024-38112, and CVE-2024-43461.

“CVE-2024-38112, a spoofing bug in MSHTML, was exploited by an advanced persistent threat (APT) actor called Void Banshee. Last month, it was discovered that Void Banshee utilized CVE-2024-38112 and CVE-2024-43461 as part of an exploit chain.

“We have no details at this time regarding the in-the-wild exploitation of CVE-2024-43573, but it highlights a valuable attack path being leveraged by threat actors currently. User interaction is required to exploit all of these MSHTML flaws, which typically utilises some type of social engineering.

“CVE-2024-43572 is a code execution flaw in Microsoft Management Console (MMC) that was also exploited in the wild as a zero-day. While we don’t have any specific details about the in-the-wild exploitation of CVE-2024-43572, this patch arrived a few months after researchers disclosed an attack technique called GrimResource that leveraged an old cross-site scripting (XSS) vulnerability combined with a specially crafted Microsoft Saved Console (MSC) file to gain code execution privileges. Although Microsoft patched a different MMC vulnerability in September (CVE-2024-38259) that was neither exploited in the wild nor publicly disclosed. Since the discovery of CVE-2024-43572, Microsoft now prevents untrusted MSC files from being opened on a system.” – Satnam Narang, sr. staff research engineer, Tenable.

Independent Cyber News.

In Other News…

Elastic Announces AI Ecosystem to Accelerate GenAI Application Development

Check Point Unveils New AI-Powered Network Security Innovations to Raise the Bar on Threat Prevention

Trend Micro Platform Enables Partners to Double Impact and Revenue

Axis Introduces Next-Generation Imaging, AI-Powered Analytics, and Cybersecurity with ARTPEC-9 SoC

Recent Articles

How NetApp’s Government Relations are Shaping Secure Tech

Australian Federal Budget – What’s in the bag?

Recap on the ACCC 2023 Report: Industry Round Up

We’ve Grown Up To Be The Intelligence Data Infrastructure Company

Business News

Tech News

Global News

Our Podcasts

Partner With KBI

Content Production

Business News

Tech News

Global News

KBI.FM - The Cyber Podcast Network

Threats & Reports