Patch Tuesday Commentray from Tenable

Security Awareness | Security Operations | Threat Intelligence

This month, Microsoft addresses 117 CVEs with three rated as critical and four zero-day vulnerabilities, two of which were exploited in the wild. Remote code execution (RCE) vulnerabilities accounted for 35.9% of the vulnerabilities patched this month, followed by elevation of privilege (EOP) vulnerabilities at 23.9%. Please find below a comment from Satnam Narang, sr. […]

Posted: Wednesday, Oct 09

KBI.Media
$
Patch Tuesday Commentray from Tenable

Patch Tuesday Commentray from Tenable

This month, Microsoft addresses 117 CVEs with three rated as critical and four zero-day vulnerabilities, two of which were exploited in the wild. Remote code execution (RCE) vulnerabilities accounted for 35.9% of the vulnerabilities patched this month, followed by elevation of privilege (EOP) vulnerabilities at 23.9%. Please find below a comment from Satnam Narang, sr. staff research engineer, Tenable along with a full analysis from Tenable here.

“This month, Microsoft patched two zero-day vulnerabilities that were exploited in the wild.

“CVE-2024-43573 is a spoofing bug in the Windows MSHTML platform. It’s the fourth zero-day vulnerability in MSHTML that was exploited in the wild in 2024 – preceded by CVE-2024-30040, CVE-2024-38112, and CVE-2024-43461.

“CVE-2024-38112, a spoofing bug in MSHTML, was exploited by an advanced persistent threat (APT) actor called Void Banshee. Last month, it was discovered that Void Banshee utilized CVE-2024-38112 and CVE-2024-43461 as part of an exploit chain.

“We have no details at this time regarding the in-the-wild exploitation of CVE-2024-43573, but it highlights a valuable attack path being leveraged by threat actors currently. User interaction is required to exploit all of these MSHTML flaws, which typically utilises some type of social engineering.

“CVE-2024-43572 is a code execution flaw in Microsoft Management Console (MMC) that was also exploited in the wild as a zero-day. While we don’t have any specific details about the in-the-wild exploitation of CVE-2024-43572, this patch arrived a few months after researchers disclosed an attack technique called GrimResource that leveraged an old cross-site scripting (XSS) vulnerability combined with a specially crafted Microsoft Saved Console (MSC) file to gain code execution privileges. Although Microsoft patched a different MMC vulnerability in September (CVE-2024-38259) that was neither exploited in the wild nor publicly disclosed. Since the discovery of CVE-2024-43572, Microsoft now prevents untrusted MSC files from being opened on a system.” – Satnam Narang, sr. staff research engineer, Tenable.

Independent Cyber News.

In Other News…

AI-driven Attacks Targeting Retailers Ahead Of The Holiday Shopping Season

Trustwave Expands Partnership With Dicker Data To Resell Complete Suite Of Security Services

Sophos to Acquire Secureworks to Accelerate Cybersecurity Services and Technology for Organisations Worldwide

Camelot Secure Wins APT Solution Provider of the Year, Leading the Charge in Proactive Cybersecurity Defense

Recent Articles

NetApp’s Innovation Unveiled. Key Areas Driving the Future of Data Management – Security is a Priority.

Balancing Privacy and Safety: A Complex Necessity

Advancing Security and Resilience: Insights from AWS Summit in Sydney

Exclusive: Oracle Global CIO Discusses Cloud Innovation and Security

Business News

Tech News

Global News

Our Podcasts

Partner With KBI

Content Production

Business News

Tech News

Global News

KBI.FM - The Cyber Podcast Network

Threats & Reports