Patch Tuesday Commentray from Tenable
This month, Microsoft addresses 117 CVEs with three rated as critical and four zero-day vulnerabilities, two of which were exploited in the wild. Remote code execution (RCE) vulnerabilities accounted for 35.9% of the vulnerabilities patched this month, followed by elevation of privilege (EOP) vulnerabilities at 23.9%. Please find below a comment from Satnam Narang, sr. […]
Posted: Wednesday, Oct 09
Patch Tuesday Commentray from Tenable

This month, Microsoft addresses 117 CVEs with three rated as critical and four zero-day vulnerabilities, two of which were exploited in the wild. Remote code execution (RCE) vulnerabilities accounted for 35.9% of the vulnerabilities patched this month, followed by elevation of privilege (EOP) vulnerabilities at 23.9%. Please find below a comment from Satnam Narang, sr. staff research engineer, Tenable along with a full analysis from Tenable here.

โ€œThis month, Microsoft patched two zero-day vulnerabilities that were exploited in the wild.

โ€œCVE-2024-43573 is a spoofing bug in the Windows MSHTML platform. Itโ€™s the fourth zero-day vulnerability in MSHTML that was exploited in the wild in 2024 โ€“ preceded by CVE-2024-30040, CVE-2024-38112, and CVE-2024-43461.

โ€œCVE-2024-38112, a spoofing bug in MSHTML, was exploited by an advanced persistent threat (APT) actor called Void Banshee. Last month, it was discovered that Void Banshee utilized CVE-2024-38112 and CVE-2024-43461 as part of an exploit chain.

โ€œWe have no details at this time regarding the in-the-wild exploitation of CVE-2024-43573, but it highlights a valuable attack path being leveraged by threat actors currently. User interaction is required to exploit all of these MSHTML flaws, which typically utilises some type of social engineering.

โ€œCVE-2024-43572 is a code execution flaw in Microsoft Management Console (MMC) that was also exploited in the wild as a zero-day. While we donโ€™t have any specific details about the in-the-wild exploitation of CVE-2024-43572, this patch arrived a few months after researchers disclosed an attack technique called GrimResource that leveraged an old cross-site scripting (XSS) vulnerability combined with a specially crafted Microsoft Saved Console (MSC) file to gain code execution privileges. Although Microsoft patched a different MMC vulnerability in September (CVE-2024-38259) that was neither exploited in the wild nor publicly disclosed. Since the discovery of CVE-2024-43572, Microsoft now prevents untrusted MSC files from being opened on a system.โ€ โ€“ Satnam Narang, sr. staff research engineer, Tenable.

Share This