{"id":22789,"date":"2024-10-09T10:59:12","date_gmt":"2024-10-09T14:59:12","guid":{"rendered":"https:\/\/msftnewsnow.com\/?p=22789"},"modified":"2025-06-19T06:23:46","modified_gmt":"2025-06-19T13:23:46","slug":"microsoft-october-2024-patch-tuesday-update","status":"publish","type":"post","link":"https:\/\/msftnewsnow.com\/microsoft-october-2024-patch-tuesday-update\/","title":{"rendered":"Microsoft releases critical October 2024 Patch Tuesday update, patching 118 security flaws and 2 crucial zero-days"},"content":{"rendered":"<p><a href=\"https:\/\/www.microsoft.com\" target=\"_blank\" rel=\"noopener\">Microsoft<\/a> has unveiled its October 2024 <a href=\"https:\/\/msftnewsnow.com\/tag\/patch-tuesday\" target=\"_blank\" rel=\"noopener\">Patch Tuesday<\/a> update, addressing a significant number of security vulnerabilities across its product line. This month&#8217;s release is particularly crucial, as it tackles 118 security flaws, including five zero-day vulnerabilities, two of which are already being actively exploited by malicious actors.<\/p>\n<h2><strong>2 zero-day vulnerabilities in focus<\/strong><\/h2>\n<p>Among the five zero-day vulnerabilities patched, two stand out due to their active exploitation:<\/p>\n<ol class=\"marker:text-textOff list-decimal pl-8\">\n<li><strong>CVE-2024-43573<\/strong>: A Windows MSHTML Platform Spoofing Vulnerability<\/li>\n<li><strong>CVE-2024-43572<\/strong>: A Microsoft Management Console Remote Code Execution Vulnerability<\/li>\n<\/ol>\n<p>These actively exploited vulnerabilities pose immediate risks to unpatched systems, making it imperative for users and organizations to apply the updates as soon as possible.<\/p>\n<h2><strong>Breakdown of security fixes<\/strong><\/h2>\n<p>The October 2024 Patch Tuesday update addresses a wide range of security issues:<\/p>\n<ul class=\"marker:text-textOff list-disc pl-8\">\n<li>3 critical remote code execution flaws<\/li>\n<li>28 elevation of privilege vulnerabilities<\/li>\n<li>43 remote code execution vulnerabilities<\/li>\n<li>26 denial of service vulnerabilities<\/li>\n<\/ul>\n<p>This diverse set of patches underscores the complexity of modern software security and Microsoft&#8217;s commitment to addressing vulnerabilities across its ecosystem.<\/p>\n<h2><strong>Remote code execution threats<\/strong><\/h2>\n<p>Of particular concern are the 43 remote code execution vulnerabilities. These types of flaws can allow attackers to execute arbitrary code on a target system, potentially leading to full system compromise. The three critical remote code execution flaws likely pose the most severe risks and should be prioritized in patching schedules.<\/p>\n<h2><strong>Elevation of privilege concerns<\/strong><\/h2>\n<p>The 28 elevation of privilege vulnerabilities are also noteworthy. These flaws could allow attackers to gain higher-level permissions on compromised systems, potentially leading to more severe breaches or lateral movement within networks.<\/p>\n<h2><strong>Denial of service risks<\/strong><\/h2>\n<p>The 26 denial of service vulnerabilities, while generally considered less severe than code execution or privilege escalation flaws, can still pose significant risks to system availability and should not be overlooked.<\/p>\n<h2><strong>Microsoft&#8217;s recommendations<\/strong><\/h2>\n<p>In light of these vulnerabilities, especially the actively exploited zero-days, Microsoft strongly recommends that users and administrators apply these security updates promptly. Delaying patch implementation could leave systems exposed to potential attacks, particularly given the public disclosure of these vulnerabilities.<\/p>\n<h2><strong>Impact on businesses and consumers<\/strong><\/h2>\n<p><a href=\"https:\/\/e7drz69p964.exactdn.com\/wp-content\/uploads\/2024\/10\/yvqijh7ysqqm67va019l-e1728485928742.jpg?strip=all&lossy=1&quality=88&sharp=1&w=2560&ssl=1\"><img decoding=\"async\" data-attachment-id=\"22813\" data-permalink=\"https:\/\/msftnewsnow.com\/microsoft-october-2024-patch-tuesday-update\/yvqijh7ysqqm67va019l\/#main\" data-orig-file=\"https:\/\/e7drz69p964.exactdn.com\/wp-content\/uploads\/2024\/10\/yvqijh7ysqqm67va019l-e1728485928742.jpg?strip=all&lossy=1&quality=88&sharp=1&ssl=1\" data-orig-size=\"768,704\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"yvqijh7ysqqm67va019l\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/e7drz69p964.exactdn.com\/wp-content\/uploads\/2024\/10\/yvqijh7ysqqm67va019l-e1728485928742.jpg?strip=all&lossy=1&quality=88&sharp=1&ssl=1\" data-large-file=\"https:\/\/e7drz69p964.exactdn.com\/wp-content\/uploads\/2024\/10\/yvqijh7ysqqm67va019l-e1728485928742.jpg?strip=all&lossy=1&quality=88&sharp=1&ssl=1\" class=\"alignnone size-full wp-image-22813\" src=\"https:\/\/e7drz69p964.exactdn.com\/wp-content\/uploads\/2024\/10\/yvqijh7ysqqm67va019l-e1728485928742.jpg?strip=all&lossy=1&quality=88&sharp=1&ssl=1\" alt=\"Microsoft releases critical October 2024 Patch Tuesday update, patching 118 security flaws and 2 crucial zero-days\" width=\"768\" height=\"704\" srcset=\"https:\/\/e7drz69p964.exactdn.com\/wp-content\/uploads\/2024\/10\/yvqijh7ysqqm67va019l-e1728485928742.jpg?strip=all&amp;lossy=1&amp;quality=88&amp;sharp=1&amp;ssl=1 768w, https:\/\/e7drz69p964.exactdn.com\/wp-content\/uploads\/2024\/10\/yvqijh7ysqqm67va019l-e1728485928742-150x138.jpg?strip=all&amp;lossy=1&amp;quality=88&amp;sharp=1&amp;ssl=1 150w, https:\/\/e7drz69p964.exactdn.com\/wp-content\/uploads\/2024\/10\/yvqijh7ysqqm67va019l-e1728485928742.jpg?strip=all&amp;lossy=1&amp;quality=88&amp;sharp=1&amp;w=307&amp;ssl=1 307w, https:\/\/e7drz69p964.exactdn.com\/wp-content\/uploads\/2024\/10\/yvqijh7ysqqm67va019l-e1728485928742.jpg?strip=all&amp;lossy=1&amp;quality=88&amp;sharp=1&amp;w=460&amp;ssl=1 460w, https:\/\/e7drz69p964.exactdn.com\/wp-content\/uploads\/2024\/10\/yvqijh7ysqqm67va019l-e1728485928742.jpg?strip=all&amp;lossy=1&amp;quality=88&amp;sharp=1&amp;w=614&amp;ssl=1 614w\" sizes=\"(max-width: 768px) 100vw, 768px\" \/><\/a><\/p>\n<p>This <a href=\"https:\/\/msftnewsnow.com\/tag\/patch-tuesday\" target=\"_blank\" rel=\"noopener\">Patch Tuesday<\/a> release affects a wide range of Microsoft products and services, impacting both business and consumer users. Enterprise IT departments will need to carefully plan and execute their patching strategies to minimize potential disruptions while ensuring timely protection against these vulnerabilities.<\/p>\n<p>The October 2024 Patch Tuesday release highlights the ongoing challenges in software security and the importance of regular patching. With 118 vulnerabilities addressed, including critical zero-day flaws, it&#8217;s clear that cybersecurity remains a top priority for Microsoft and should be for its users as well.<\/p>\n<p>As cyber threats continue to evolve, staying up-to-date with the latest security patches is crucial for maintaining the integrity and security of computer systems. Users and organizations are advised to review the full list of patched vulnerabilities and implement the updates as part of their regular security maintenance routines.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft has unveiled its October 2024 Patch Tuesday update, addressing a significant number of security vulnerabilities across its product line. This month&#8217;s release is particularly crucial, as it tackles 118 security flaws, including five zero-day vulnerabilities, two of which are already being actively exploited by malicious actors.<\/p>\n","protected":false},"author":208461344,"featured_media":22814,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"enabled":false},"version":2}},"categories":[24,2540],"tags":[1271,778,32,1083,275],"class_list":["post-22789","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","category-security","tag-cybersecurity","tag-microsoft","tag-patch-tuesday","tag-security","tag-windows"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/msftnewsnow.com\/wp-content\/uploads\/2024\/10\/odgyugr7wfqrk8a5w5yy.jpg","jetpack_shortlink":"https:\/\/wp.me\/pfgCZY-5Vz","jetpack-related-posts":[{"id":18938,"url":"https:\/\/msftnewsnow.com\/july-2024-patch-tuesday-update-142-vulnerabilities\/","url_meta":{"origin":22789,"position":0},"title":"Microsoft releases critical July 2024 Patch Tuesday updates, addressing 142 vulnerabilities","author":"Dave W. Shanahan","date":"July 9, 2024","format":false,"excerpt":"The July 2024 Patch Tuesday underscores the ongoing importance of regular security updates in the face of evolving cyber threats. With 142 vulnerabilities addressed, including critical and actively exploited flaws, it's crucial for users and administrators to apply these updates as soon as possible to maintain the security of their\u2026","rel":"","context":"In &quot;News&quot;","block_context":{"text":"News","link":"https:\/\/msftnewsnow.com\/news\/"},"img":{"alt_text":"Microsoft releases critical July 2024 Patch Tuesday updates, addressing 142 vulnerabilities","src":"https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/07\/un2ya4gejp8770e67u7p.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/07\/un2ya4gejp8770e67u7p.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/07\/un2ya4gejp8770e67u7p.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/07\/un2ya4gejp8770e67u7p.jpg?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":328217,"url":"https:\/\/msftnewsnow.com\/microsoft-december-2024-security-update-zero-day\/","url_meta":{"origin":22789,"position":1},"title":"Microsoft issues critical December 2024 security update to address actively exploited zero-day vulnerability","author":"Dave W. Shanahan","date":"December 12, 2024","format":false,"excerpt":"Microsoft has released its final security patch of 2024, addressing a critical zero-day vulnerability (CVE-2024-49138) that attackers are actively exploiting in the wild. This significant security update, part of December's Patch Tuesday release, fixes 71 vulnerabilities, including 16 rated as critical. Critical zero-day details The actively exploited vulnerability exists in\u2026","rel":"","context":"In &quot;News&quot;","block_context":{"text":"News","link":"https:\/\/msftnewsnow.com\/news\/"},"img":{"alt_text":"Microsoft Issues Critical December 2024 Security Update to Address Actively Exploited Zero-Day Vulnerability","src":"https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/12\/m5wvgstkttly9mhk2ahm.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/12\/m5wvgstkttly9mhk2ahm.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/12\/m5wvgstkttly9mhk2ahm.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/12\/m5wvgstkttly9mhk2ahm.jpg?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":20674,"url":"https:\/\/msftnewsnow.com\/cve-2024-38063-zero-click-tcp-ip-rce-2024-38193\/","url_meta":{"origin":22789,"position":2},"title":"Microsoft patches critical zero-click TCP\/IP RCE flaw CVE-2024-38063, North Korea&#8217;s Lazarus Group exploits zero-day flaw, CVE-2024-38193","author":"Dave W. Shanahan","date":"August 19, 2024","format":false,"excerpt":"Microsoft has patched two critical security flaws in Windows, a zero-click TCP\/IP RCE flaw (CVE-2024-38063) and a zero-day flaw (CVE-2024-38193) exploited by North Korea's Lazarus Group. The zero-click flaw could allow unauthenticated remote code execution attacks on Windows systems with IPv6 enabled, while the zero-day flaw was used by the\u2026","rel":"","context":"In &quot;News&quot;","block_context":{"text":"News","link":"https:\/\/msftnewsnow.com\/news\/"},"img":{"alt_text":"Microsoft August 2024 Patch Tuesday updates; New fixes for 9 zero-days, 6 exploited vulnerabilities, Microsoft patches critical zero-click TCP\/IP RCE flaw CVE-2024-38063, North Korea's Lazarus Group exploits zero-day flaw, CVE-2024-38193","src":"https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/08\/shanabanana223_graphic_about_microsofts_patch_tuesday_updates_aa264a62-d51d-471b-b46d-340780a8b17e.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/08\/shanabanana223_graphic_about_microsofts_patch_tuesday_updates_aa264a62-d51d-471b-b46d-340780a8b17e.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/08\/shanabanana223_graphic_about_microsofts_patch_tuesday_updates_aa264a62-d51d-471b-b46d-340780a8b17e.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/08\/shanabanana223_graphic_about_microsofts_patch_tuesday_updates_aa264a62-d51d-471b-b46d-340780a8b17e.jpg?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":332492,"url":"https:\/\/msftnewsnow.com\/microsofts-march-2025-patch-tuesday-7-zero-days\/","url_meta":{"origin":22789,"position":3},"title":"Microsoft&#8217;s March 2025 Patch Tuesday Addresses 57 Vulnerabilities, Including 7 Critical Zero-Day Flaws","author":"Dave W. Shanahan","date":"March 12, 2025","format":false,"excerpt":"Microsoft has released its March 2025 Patch Tuesday updates, resolving a total of 57 security vulnerabilities affecting various products, including Windows, Office, Remote Desktop Services, and more. As reported by Bleeping Computer, among these vulnerabilities are seven critical zero-day flaws\u2014six of which were actively exploited in the wild prior to\u2026","rel":"","context":"In &quot;News&quot;","block_context":{"text":"News","link":"https:\/\/msftnewsnow.com\/news\/"},"img":{"alt_text":"Microsoft's March 2025 Patch Tuesday Addresses 57 Vulnerabilities, Including 7 Critical Zero-Day Flaws, CVE-2025-24983, CVE-2025-24991, CVE-2025-24984, CVE-2025-26630, CVE-2025-24985, CVE-2025-24993, CVE-2025-26633, CVE-2025-25001, CVE-2025-25002, CVE-2025-25003, CVE-2025-25004, CVE-2025-25005","src":"https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/03\/f573b6ca-d63d-40aa-b938-eca52a0cc389-1.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/03\/f573b6ca-d63d-40aa-b938-eca52a0cc389-1.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/03\/f573b6ca-d63d-40aa-b938-eca52a0cc389-1.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/03\/f573b6ca-d63d-40aa-b938-eca52a0cc389-1.jpg?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":329309,"url":"https:\/\/msftnewsnow.com\/microsoft-issues-largest-security-update-in-years\/","url_meta":{"origin":22789,"position":4},"title":"Microsoft issues largest security update in years for Patch Tuesday January 2025, patches 3 critical zero-day vulnerabilities","author":"Dave W. Shanahan","date":"January 15, 2025","format":false,"excerpt":"Microsoft has released its first Patch Tuesday update of 2025, addressing a staggering 161 security vulnerabilities - the largest number of fixes in a single month since 2017. As reported by Bleeping Computer, the massive update includes security patches for three actively exploited zero-day flaws and multiple critical vulnerabilities that\u2026","rel":"","context":"In &quot;News&quot;","block_context":{"text":"News","link":"https:\/\/msftnewsnow.com\/news\/"},"img":{"alt_text":"Microsoft issues January 2025 largest security updates in years, patches 3 critical zero-day vulnerabilities for January 2025","src":"https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/01\/mvz7aywqxsgp9jdu7liv-e1736965366518.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/01\/mvz7aywqxsgp9jdu7liv-e1736965366518.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/01\/mvz7aywqxsgp9jdu7liv-e1736965366518.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/01\/mvz7aywqxsgp9jdu7liv-e1736965366518.jpg?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":19297,"url":"https:\/\/msftnewsnow.com\/microsoft-under-fire-cve-2024-38112-zero-day\/","url_meta":{"origin":22789,"position":5},"title":"Microsoft under fire for mishandling critical CVE-2024-38112 zero-day vulnerability disclosure by ZDI","author":"Dave W. Shanahan","date":"July 15, 2024","format":false,"excerpt":"Microsoft is facing criticism from security researchers over its handling of a recently patched zero-day vulnerability. The controversy centers around CVE-2024-38112, a flaw in the MSHTML (Trident) rendering engine that was actively exploited by threat actors before being patched in July 2024's Patch Tuesday update.","rel":"","context":"In &quot;News&quot;","block_context":{"text":"News","link":"https:\/\/msftnewsnow.com\/news\/"},"img":{"alt_text":"Microsoft under fire for mishandling CVE-2024-38112 zero-day vulnerability disclosure by ZDI","src":"https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/07\/ojqx0jvf9bovg4j4xbtn.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/07\/ojqx0jvf9bovg4j4xbtn.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/07\/ojqx0jvf9bovg4j4xbtn.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/07\/ojqx0jvf9bovg4j4xbtn.jpg?resize=700%2C400&ssl=1 2x"},"classes":[]}],"jetpack_likes_enabled":true,"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/msftnewsnow.com\/wp-json\/wp\/v2\/posts\/22789","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/msftnewsnow.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/msftnewsnow.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/msftnewsnow.com\/wp-json\/wp\/v2\/users\/208461344"}],"replies":[{"embeddable":true,"href":"https:\/\/msftnewsnow.com\/wp-json\/wp\/v2\/comments?post=22789"}],"version-history":[{"count":0,"href":"https:\/\/msftnewsnow.com\/wp-json\/wp\/v2\/posts\/22789\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/msftnewsnow.com\/wp-json\/wp\/v2\/media\/22814"}],"wp:attachment":[{"href":"https:\/\/msftnewsnow.com\/wp-json\/wp\/v2\/media?parent=22789"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/msftnewsnow.com\/wp-json\/wp\/v2\/categories?post=22789"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/msftnewsnow.com\/wp-json\/wp\/v2\/tags?post=22789"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}