Share this article
Latest news
With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low
Copilot in Outlook will generate personalized themes for you to customize the app
Microsoft will raise the price of its 365 Suite to include AI capabilities
Death Stranding Director’s Cut is now Xbox X|S at a huge discount
Outlook will let users create custom account icons so they can tell their accounts apart easier
Microsoft’s October 2024 Patch Tuesday Fixes 5 Zero-Days, 118 Flaws in total
Install the updates ASAP.
9 min. read
Published onOctober 9, 2024
published onOctober 9, 2024
Share this article
Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more
Microsoft’s October 2024 Patch Tuesday updates address 118 security vulnerabilities, including five zero-day flaws.
All of these vulnerabilities happen across different platforms, including Microsoft Office, Microsoft Edge, Visual Studio, Azure CLI, Microsoft Defender for Endpoint, Windows Storage, Windows Remote Desktop, DeepSpeed, and various components of Windows 10, 11, and Windows Server
The three critical flaws are all remote code execution vulnerabilities, which, if exploited, could allow an attacker to run arbitrary code on your device. They include remote code execution bugs, elevation of privilege flaws, denial of service issues, spoofing vulnerabilities, and security feature bypass bugs. Thus, installing the October 2024 Patch Tuesday updates becomes essential, and it should be done ASAP.
Microsoft also fixed a critical zero-day RCE vulnerability in the Microsoft Management Console (MSC), a Windows component used to create, save, and open administrative tools called consoles, such as the Device Manager or the Event Viewer. The zero-day, tracked as CVE-2024-43572, could be exploited by an attacker to execute code on your device by convincing you to open a specially crafted malicious MSC file. The Redmond-based tech giant confirmed it had been exploited in the wild.
Another actively exploited zero-day is a Windows MSHTML platform spoofing vulnerability identified as CVE-2024-43573.
The MSHTML platform is part of Microsoft’s Trident engine, previously used by Internet Explorer and the old version of Microsoft Edge.Although Microsoft has retired both browsers, the company continues to support some of its components in the new Edge.
Other zero-days addressed by Microsoft in the October 2024 Patch Tuesday updates include:
To install the October 2024 Patch Tuesday security updates, visitSettings > Update & Security > Windows Updateand click theCheck for updates button.
Take a look at the complete list of security flaws addressed with October 2024 Patch Tuesday updates:
In other news, the October 2024 Patch Tuesday updates are alsothe first released to Windows 11 24H2, which still doesn’t fix the ongoing Roblox issue. Windows 10 has also received them,although some versions of this operating systemare no longer eligible for Patch Tuesday updates.
More about the topics:microsoft,patch tuesday,Windows Update
Flavius Floare
Tech Journalist
Flavius is a writer and a media content producer with a particular interest in technology, gaming, media, film and storytelling.
He’s always curious and ready to take on everything new in the tech world, covering Microsoft’s products on a daily basis. The passion for gaming and hardware feeds his journalistic approach, making him a great researcher and news writer that’s always ready to bring you the bleeding edge!
User forum
0 messages
Sort by:LatestOldestMost Votes
Comment*
Name*
Email*
Commenting as.Not you?
Save information for future comments
Comment
Δ
Flavius Floare
Tech Journalist
Flavius is a writer and a media content producer with a particular interest in technology, gaming, media, film and storytelling.
