{"id":112073,"date":"2024-10-09T07:31:46","date_gmt":"2024-10-09T00:31:46","guid":{"rendered":"https:\/\/hotvideos24.online\/?p=112073"},"modified":"2024-10-09T07:31:46","modified_gmt":"2024-10-09T00:31:46","slug":"patch-tuesday-october-2024-edition-krebs-on-security","status":"publish","type":"post","link":"https:\/\/hotvideos24.online\/?p=112073","title":{"rendered":"Patch Tuesday, October 2024 Edition \u2013 Krebs on Security"},"content":{"rendered":"<p> <script async src=\"https:\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-3711241968723425\"\r\n     crossorigin=\"anonymous\"><\/script>\r\n<ins class=\"adsbygoogle\"\r\n     style=\"display:block\"\r\n     data-ad-format=\"fluid\"\r\n     data-ad-layout-key=\"-fb+5w+4e-db+86\"\r\n     data-ad-client=\"ca-pub-3711241968723425\"\r\n     data-ad-slot=\"7910942971\"><\/ins>\r\n<script>\r\n     (adsbygoogle = window.adsbygoogle || []).push({});\r\n<\/script><br \/>\n<\/p>\n<div>\n<p><strong>Microsoft<\/strong> today released security updates to fix at least 117 security holes in <strong>Windows<\/strong> computers and other software, including two vulnerabilities that are already seeing active attacks. Also, <strong>Adobe<\/strong> plugged 52 security holes across a range of products, and <strong>Apple<\/strong> has addressed a bug in its new <strong>macOS 15<\/strong> \u201c<strong>Sequoia<\/strong>\u201d update that broke many cybersecurity tools.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-52647\" src=\"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2020\/08\/windowsec.png\" alt=\"\" width=\"702\" height=\"515\"\/><\/p>\n<p>One of the zero-day flaws \u2014 <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2024-43573\" target=\"_blank\" rel=\"noopener\">CVE-2024-43573<\/a> \u2014 stems from a security weakness in <strong>MSHTML<\/strong>, the proprietary engine of Microsoft\u2019s <strong>Internet Explorer<\/strong> web browser. If that sounds familiar it\u2019s because this is the fourth MSHTML vulnerability found to be exploited in the wild so far in 2024.<\/p>\n<p><strong>Nikolas Cemerikic<\/strong>, a cybersecurity engineer at <strong>Immersive Labs<\/strong>, said the vulnerability allows an attacker to trick users into viewing malicious web content, which could appear legitimate thanks to the way Windows handles certain web elements.<\/p>\n<p>\u201cOnce a user is deceived into interacting with this content (typically through phishing attacks), the attacker can potentially gain unauthorized access to sensitive information or manipulate web-based services,\u201d he said.<\/p>\n<p>Cemerikic noted that while Internet Explorer is being retired on many platforms, its underlying MSHTML technology remains active and vulnerable.<\/p>\n<p>\u201cThis creates a risk for employees using these older systems as part of their everyday work, especially if they are accessing sensitive data or performing financial transactions online,\u201d he said.<\/p>\n<p>Probably the more serious zero-day this month is <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2024-43572\" target=\"_blank\" rel=\"noopener\">CVE-2024-43572<\/a>, a code execution bug in the <a href=\"https:\/\/en.wikipedia.org\/wiki\/Microsoft_Management_Console\" target=\"_blank\" rel=\"noopener\">Microsoft Management Console<\/a>, a component of Windows that gives system administrators a way to configure and monitor the system.<\/p>\n<p><strong>Satnam Narang<\/strong>, senior staff research engineer at <strong>Tenable<\/strong>, observed that the patch for CVE-2024-43572 arrived a few months after researchers at <strong>Elastic Security Labs<\/strong> disclosed an attack technique called <a href=\"https:\/\/www.elastic.co\/security-labs\/grimresource\" target=\"_blank\" rel=\"noopener\">GrimResource<\/a> that leveraged an old cross-site scripting (XSS) vulnerability combined with a specially crafted Microsoft Saved Console (MSC) file to gain code execution privileges.<span id=\"more-69126\"\/><\/p>\n<p>\u201cAlthough Microsoft patched a different MMC vulnerability in September (CVE-2024-38259) that was neither exploited in the wild nor publicly disclosed,\u201d Narang said. \u201cSince the discovery of CVE-2024-43572, Microsoft now prevents untrusted MSC files from being opened on a system.\u201d<\/p>\n<p>Microsoft also patched <strong>Office,<\/strong>\u00a0<strong>Azure<\/strong>, <strong>.NET<\/strong>, <strong>OpenSSH for Windows<\/strong>; <strong>Power BI<\/strong>; <strong>Windows Hyper-V<\/strong>; <strong>Windows Mobile Broadband<\/strong>, and <strong>Visual Studio<\/strong>. As usual, the <strong>SANS Internet Storm Center<\/strong> has <a href=\"https:\/\/isc.sans.edu\/diary\/Microsoft%20Patch%20Tuesday%20-%20October%202024\/31336\" target=\"_blank\" rel=\"noopener\">a list of all Microsoft patches released today<\/a>, indexed by severity and exploitability.<\/p>\n<p>Late last month, Apple rolled out macOS 15, an operating system update called Sequoia that broke the functionality of security tools made by a number of vendors, including CrowdStrike, SentinelOne and Microsoft. On Oct. 7, <a href=\"https:\/\/techcrunch.com\/2024\/10\/07\/apple-fixes-bugs-in-macos-sequoia-that-broke-some-cybersecurity-tools\/\" target=\"_blank\" rel=\"noopener\">Apple pushed an update to Sequoia users<\/a> that addresses these compatibility issues.<\/p>\n<p>Finally, Adobe has released security updates to plug a total of 52 vulnerabilities in a range of software, including <strong>Adobe Substance 3D Painter<\/strong>, <strong>Commerce<\/strong>, <strong>Dimension<\/strong>, <strong>Animate<\/strong>, <strong>Lightroom<\/strong>, <strong>InCopy<\/strong>, <strong>InDesign<\/strong>, <strong>Substance 3D Stager<\/strong>, and <strong>Adobe FrameMaker<\/strong>.<\/p>\n<p>Please consider backing up important data before applying any updates. Zero-days aside, there\u2019s generally little harm in waiting a few days to apply any pending patches, because not infrequently a security update introduces stability or compatibility issues. <strong>AskWoody.com<\/strong> usually has the skinny on any problematic patches.<\/p>\n<p>And as always, if you run into any glitches after installing patches, leave a note in the comments; chances are someone else is stuck with the same issue and may have even found a solution.<\/p>\n<\/p><\/div>\n<p><script async src=\"https:\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-3711241968723425\"\r\n     crossorigin=\"anonymous\"><\/script>\r\n<ins class=\"adsbygoogle\"\r\n     style=\"display:block\"\r\n     data-ad-format=\"fluid\"\r\n     data-ad-layout-key=\"-fb+5w+4e-db+86\"\r\n     data-ad-client=\"ca-pub-3711241968723425\"\r\n     data-ad-slot=\"7910942971\"><\/ins>\r\n<script>\r\n     (adsbygoogle = window.adsbygoogle || []).push({});\r\n<\/script><br \/>\n<br \/><div data-type=\"_mgwidget\" data-widget-id=\"1660802\">\r\n<\/div>\r\n<script>(function(w,q){w[q]=w[q]||[];w[q].push([\"_mgc.load\"])})(window,\"_mgq\");\r\n<\/script>\r\n<br \/>\n<br \/><a href=\"https:\/\/krebsonsecurity.com\/2024\/10\/patch-tuesday-october-2024-edition\/\">Source link <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft today released security updates to fix at least 117 security holes in Windows computers and other software, including two vulnerabilities that are already seeing active attacks. Also, Adobe plugged &hellip; <a href=\"https:\/\/hotvideos24.online\/?p=112073\" class=\"more-link\">Read More<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8630],"tags":[],"class_list":["post-112073","post","type-post","status-publish","format-standard","hentry","category-technology","entry"],"_links":{"self":[{"href":"https:\/\/hotvideos24.online\/index.php?rest_route=\/wp\/v2\/posts\/112073","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hotvideos24.online\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hotvideos24.online\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hotvideos24.online\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/hotvideos24.online\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=112073"}],"version-history":[{"count":0,"href":"https:\/\/hotvideos24.online\/index.php?rest_route=\/wp\/v2\/posts\/112073\/revisions"}],"wp:attachment":[{"href":"https:\/\/hotvideos24.online\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=112073"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hotvideos24.online\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=112073"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hotvideos24.online\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=112073"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}