Security Alert: Urgent Microsoft Windows Patches
Date:
2024-10-09 13:25:00
Status:
Closed
Brief Description:
Zero-day vulnerabilities in the Microsoft Windows operating system under active exploitation may allow privilege escalation and code execution. Patch now.
Current Status:
N/A
Services Affected:
Certified Desktop
Subsites Affected:
Certified Desktop
Full Description:
Microsoft’s October 2024 updates, released on Tuesday, October 8, fix multiple zero-day vulnerabilities in Microsoft Windows desktop and server operating systems. Two zero-day vulnerabilities are under known active exploitation. Successful exploitation may allow escalation of privileges or arbitrary code execution. One actively exploited vulnerability, dubbed GrimResource and assigned CVE-2024-43572, requires only that a user opens a malicious .msc file and has been observed under exploitation since June 2024. Patch now.
Certified Desktop customers:
Updates will be made available today, Wednesday, October 9 with an installation deadline of 4:00 pm on Wednesday, October 16.
Users who do not have a managed computer should apply Windows updates as soon as possible. See “Microsoft – Update Windows” in the references below.
References:
Bleeping Computer: https://www.bleepingcomputer.com/news/microsoft/microsoft-october-2024-patch-tuesday-fixes-5-zero-days-118-flaws/
Microsoft – MSRC - CVE-2024-43572: https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-43572
Microsoft – MSRC - CVE-2024-43573: https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-43573
Elastic Security Labs – GrimResource: https://www.elastic.co/security-labs/grimresource
Microsoft – Update Windows: https://support.microsoft.com/en-us/windows/update-windows-3c5ae7fc-9fb6-9af1-1984-b5e0412c556a
Enter a full description of the incident. This will appear in the "see all information" view of this alert.
CIT TDX ID: