Help Net Security: Microsoft patches two zero-days exploited in the wild

For October 2024 Patch Tuesday, Help Net Security included NetSPI Security Consultant, Will Bradle’s thoughts and recommendations on Microsoft’s patches this month. Read the preview below or view it online. 

+++

For October 2024 Patch Tuesday, Microsoft has released fixes for 117 security vulnerabilities, including two under active exploitation: CVE-2024-43573, a spoofing bug affecting the Windows MSHTML Platform, and CVE-2024-43572, a remote code execution flaw in the Microsoft Management Console (MMC).

“Microsoft recommends that customers use Arduino IDE software,” the company says. But Will Bradle, a security consultant at NetSPI, told Help Net Security that although the vulnerable extension is no longer available on the VS Code Marketplace, it can still be installed via GitHub, and existing installations remain vulnerable to unauthenticated RCE.

You can read the article here.

More insights from The NetSPI Agents

NetSPI Senior Security Consultant, V. Perry shared additional perspective:

“This month’s updates include several patches for RPC-related RCE vulnerabilities that would allow unauthenticated attackers to execute code on a victim’s RPC host with the same permissions as the RPC service. This is accomplished by sending malformed packets to the RPC host. Exploiting the vulnerabilities would be complex, since it would require attackers to win a race condition, but it is still important to apply the security updates to ensure that that particular avenue of attack is closed.

There are also a few patches for vulnerabilities in Configuration Manager that could lead to RCE by an unauthenticated attacker. Notably, patching these vulnerabilities requires an in-console update within Configuration Manager.”