Microsoft's October 2024 Patch Tuesday update addresses 117 vulnerabilities, including critical security flaws.
Last Update: Nov 19, 2024 | Published: Oct 09, 2024
Key Takeaways:
Microsoft released yesterday the October 2024 Patch Tuesday updates for Windows 11 and Windows 10. This month, the company released 117 patches to fix vulnerabilities in Windows, Office, and other components.
Microsoft is reminding customers that several versions of Windows 11 have reached the end of support this month. These include Windows 11 version 22H2 for Home and Pro editions, as well as version 21H2 for Enterprise, Education, and IoT Enterprise editions. PCs running these versions will no longer receive security updates or bug fixes, and users should upgrade to Windows 11 versions 23H2 or 24H2 to protect against security threats.
In October, Microsoft addressed fixed a total of 117 vulnerabilities. Three of them are rated critical and there are also two security flaws that are actively being exploited in the wild. Here’s the full list of CVEs released by Microsoft with the October 2024 Patch Tuesday updates:
You can find below the full list of CVEs released by Microsoft with the October 2024 Patch Tuesday updates:
Impact | Max Severity | Article | Download | Build Number | Details |
Denial of Service | Important | 5044033 | Security Update | 4.8.109277.02 | CVE-2024-43484 |
Denial of Service | Important | 5044090 | Security Update | 4.8.1.09277.02 | CVE-2024-43484 |
Denial of Service | Important | 5044092 | Security Update | 4.8.1.09277.02 | CVE-2024-43484 |
Denial of Service | Important | 5044021 | Security Update | 4.8.04762.01 | CVE-2024-43483 |
Remote Code Execution | Critical | CVE-2024-43488 | |||
Remote Code Execution | Important | 5044343 | Monthly Rollup | 6.3.9600.22221 | CVE-2024-43611 |
Remote Code Execution | Important | 5044343 | Monthly Rollup | 6.3.9600.22221 | CVE-2024-43593 |
Remote Code Execution | Important | 5044342 | Monthly Rollup | 6.2.9200.25118 | CVE-2024-43593 |
Remote Code Execution | Important | 5044342 | Monthly Rollup | 6.2.9200.25118 | CVE-2024-43593 |
Remote Code Execution | Important | 5044356 | Monthly Rollup | 6.1.7601.27366 | CVE-2024-43593 |
Remote Code Execution | Important | 5044321 | Security Only | 6.1.7601.27366 | CVE-2024-43593 |
Remote Code Execution | Important | 5044356 | Monthly Rollup | 6.1.7601.27366 | CVE-2024-43593 |
Remote Code Execution | Important | 5044321 | Security Only | 6.1.7601.27366 | CVE-2024-43593 |
Remote Code Execution | Important | 5044320 | Monthly Rollup | 6.0.6003.22918 | CVE-2024-43593 |
Remote Code Execution | Important | 5044306 | Security Only | 6.0.6003.22918 | CVE-2024-43593 |
Remote Code Execution | Critical | 5044285 | Security Update | 10.0.22621.4317 | CVE-2024-43582 |
Remote Code Execution | Critical | 5044285 | Security Update | 10.0.22621.4317 | CVE-2024-43582 |
Remote Code Execution | Critical | 5044273 | Security Update | 10.0.19044.5011 | CVE-2024-43582 |
Remote Code Execution | Critical | 5044273 | Security Update | 10.0.19044.5011 | CVE-2024-43582 |
Remote Code Execution | Critical | 5044273 | Security Update | 10.0.19044.5011 | CVE-2024-43582 |
Elevation of Privilege | Important | 5044280 | Security Update | 10.0.22000.3260 | CVE-2024-43570 |
Elevation of Privilege | Important | 5044280 | Security Update | 10.0.22000.3260 | CVE-2024-43570 |
Denial of Service | Important | 5044293 | Security Update | 10.0.14393.7428 | CVE-2024-43562 |
Denial of Service | Important | 5044293 | Security Update | 10.0.14393.7428 | CVE-2024-43562 |
Denial of Service | Important | 5044293 | Security Update | 10.0.14393.7428 | CVE-2024-43562 |
Denial of Service | Important | 5044286 | Security Update | 10.0.10240.20796 | CVE-2024-43562 |
Denial of Service | Important | 5044286 | Security Update | 10.0.10240.20796 | CVE-2024-43562 |
Denial of Service | Important | 5044284 | Security Update | 10.0.26100.2033 | CVE-2024-43562 |
Denial of Service | Important | 5044273 | Security Update | 10.0.19045.5011 | CVE-2024-43558 |
Denial of Service | Important | 5044273 | Security Update | 10.0.19045.5011 | CVE-2024-43558 |
Denial of Service | Important | 5044273 | Security Update | 10.0.19045.5011 | CVE-2024-43558 |
Remote Code Execution | Important | 5044288 | Security Update | 10.0.25398.1189 | CVE-2024-43549 |
Remote Code Execution | Important | 5044281 | Security Update | 10.0.20348..2762 | CVE-2024-43549 |
Remote Code Execution | Important | 5044281 | Security Update | 10.0.20348..2762 | CVE-2024-43549 |
Remote Code Execution | Important | 5044277 | Security Update | 10.0.17763.6414 | CVE-2024-43549 |
Remote Code Execution | Important | 5044277 | Security Update | 10.0.17763.6414 | CVE-2024-43549 |
Denial of Service | Important | 5044284 | Security Update | 10.0.26100.2033 | CVE-2024-43520 |
Remote Code Execution | Critical | KB29166583 | Security Update | 5.00.9128 | CVE-2024-43468 |
Remote Code Execution | Critical | KB29166583 | Security Update | 5.00.9122 | CVE-2024-43468 |
Remote Code Execution | Critical | KB29166583 | Security Update | 5.00.9106 | CVE-2024-43468 |
Remote Code Execution | Important | Release Notes | Security Update | 0.15.1 | CVE-2024-43497 |
Denial of Service | Important | 5045993 | Security Update | 8.0.10 | CVE-2024-43485 |
Denial of Service | Important | 5045998 | Security Update | 6.0.35 | CVE-2024-43485 |
Spoofing | Moderate | 5044285 | Security Update | 10.0.22631.4317 | CVE-2024-43573 |
Remote Code Execution | Important | 5044277 | Security Update | 10.0.17763.6414 | CVE-2024-43518 |
Remote Code Execution | Important | 5044277 | Security Update | 10.0.17763.6414 | CVE-2024-43518 |
Denial of Service | Important | 5044030 | Security Update | 4.8.1.09277.02 | CVE-2024-43484 |
Denial of Service | Important | 5044099 | Security Update | 4.8.04762.02 | CVE-2024-43484 |
Denial of Service | Important | 5044089 | Security Update | 4.8.04762.01 | CVE-2024-43484 |
Denial of Service | Important | 5044095 | Monthly Rollup | 4.8.04762.02 | CVE-2024-43484 |
Denial of Service | Important | 5044085 | Security Only | 4.8.04761.02 | CVE-2024-43484 |
Denial of Service | Important | 5044096 | Monthly Rollup | 4.8.04762.01 | CVE-2024-43484 |
Denial of Service | Important | 5044097 | Monthly Rollup | 4.8.04762.01 | CVE-2024-43484 |
Denial of Service | Important | 5044095 | Monthly Rollup | 3.5.1.30729.8974 | CVE-2024-43484 |
Denial of Service | Important | 5044085 | Security Only | 3.5.1.30729.8974 | CVE-2024-43484 |
Denial of Service | Important | 5044097 | Monthly Rollup | 4.7.04115.01 | CVE-2024-43484 |
Denial of Service | Important | 5044096 | Monthly Rollup | 3.5.30729.8974 | CVE-2024-43484 |
Denial of Service | Important | 5044098 | Monthly Rollup | 3.5.30729.8973 | CVE-2024-43484 |
Denial of Service | Important | 5044086 | Security Only | 3.5.30729.8972 | CVE-2024-43484 |
Denial of Service | Important | 5044098 | Monthly Rollup | 3.0.30729.8974 | CVE-2024-43484 |
Denial of Service | Important | 5044086 | Security Only | 3.0.30729.8974 | CVE-2024-43484 |
Denial of Service | Important | 5044098 | Monthly Rollup | 3.0.30729.8974 | CVE-2024-43484 |
Denial of Service | Important | 5044086 | Security Only | 3.0.30729.8974 | CVE-2024-43484 |
Denial of Service | Important | 5044286 | Security Update | 10.0.10240.20796 | CVE-2024-43484 |
Denial of Service | Important | 5044098 | Monthly Rollup | 4.7.04115.01 | CVE-2024-43484 |
Denial of Service | Important | 5044086 | Security Only | 4.7.04115.03 | CVE-2024-43484 |
Denial of Service | Important | 5044028 | Security Update | 4.8.1.09277.02 | CVE-2024-43484 |
Denial of Service | Important | 5044091 | Security Update | 4.8.1.09277.02 | CVE-2024-43484 |
Denial of Service | Important | 5044099 | Security Update | 4.8.1.9277.03 | CVE-2024-43484 |
Denial of Service | Important | 5044097 | Monthly Rollup | 4.7.04115.01 | CVE-2024-43484 |
Denial of Service | Important | 5044090 | Security Update | 4.8.04762.01 | CVE-2024-43484 |
Denial of Service | Important | 5044091 | Security Update | 4.8.04762.01 | CVE-2024-43484 |
Denial of Service | Important | 5044096 | Monthly Rollup | 4.7.4115.01 | CVE-2024-43484 |
Denial of Service | Important | 5044293 | Security Update | 10.0.14393.7428 | CVE-2024-43484 |
Denial of Service | Important | 5044095 | Monthly Rollup | 4.7.04115.01 | CVE-2024-43484 |
Denial of Service | Important | 5044085 | Security Only | 4.7.04115.03 | CVE-2024-43484 |
Denial of Service | Important | 5044089 | Security Update | 3,5,04115.01 | CVE-2024-43484 |
Denial of Service | Important | 5044092 | Security Update | 4.8.04762.01 | CVE-2024-43484 |
Remote Code Execution | Important | 5044320 | Monthly Rollup | 6.0.6003.22918 | CVE-2024-43611 |
Remote Code Execution | Important | 5044306 | Security Only | 6.0.6003.22918 | CVE-2024-43611 |
Remote Code Execution | Important | 5044320 | Monthly Rollup | 6.0.6003.22918 | CVE-2024-43611 |
Remote Code Execution | Important | 5044306 | Security Only | 6.0.6003.22918 | CVE-2024-43611 |
Remote Code Execution | Important | 5044320 | Monthly Rollup | 6.0.6003.22918 | CVE-2024-43611 |
Remote Code Execution | Important | 5044306 | Security Only | 6.0.6003.22918 | CVE-2024-43611 |
Remote Code Execution | Important | 5044293 | Security Update | 10.0.14393.7428 | CVE-2024-43611 |
Spoofing | Important | Release Notes | Security Update | 101.24052.0002 | CVE-2024-43614 |
Elevation of Privilege | Important | 5044285 | Security Update | 10.0.22631.4317 | CVE-2024-43583 |
Denial of Service | Important | 5045536 | Security Update | 14.0.27561.00 | CVE-2024-43603 |
Denial of Service | Important | Release Notes | Security Update | 17.10.8 | CVE-2024-43603 |
Denial of Service | Important | Release Notes | Security Update | 17.8.15 | CVE-2024-43603 |
Denial of Service | Important | Release Notes | Security Update | 17.6.20 | CVE-2024-43603 |
Denial of Service | Important | Release Notes | Security Update | 16.11.41 | CVE-2024-43603 |
Denial of Service | Important | Release Notes | Security Update | 15.9.67 | CVE-2024-43603 |
Denial of Service | Important | Release Notes | Security Update | 17.11.5 | CVE-2024-43603 |
Elevation of Privilege | Important | Release Notes | Security Update | 2.65.0 | CVE-2024-43591 |
Elevation of Privilege | Important | Release Notes | Security Update | 2.65.0 | CVE-2024-43591 |
Elevation of Privilege | Important | Release Notes | Security Update | 14.40.33816 | CVE-2024-43590 |
Denial of Service | Important | 5045993 | Security Update | 8.0.10 | CVE-2024-43485 |
Denial of Service | Important | 5045998 | Security Update | 6.0.35 | CVE-2024-43485 |
Denial of Service | Important | 5045998 | Security Update | 6.0.35 | CVE-2024-43485 |
Denial of Service | Important | 5045993 | Security Update | 8.0.10 | CVE-2024-43485 |
Remote Code Execution | Important | Click to Run | Security Update | https://aka.ms/OfficeSecurityReleases | CVE-2024-43616 |
Remote Code Execution | Important | Click to Run | Security Update | https://aka.ms/OfficeSecurityReleases | CVE-2024-43616 |
Remote Code Execution | Important | Click to Run | Security Update | https://aka.ms/OfficeSecurityReleases | CVE-2024-43616 |
Remote Code Execution | Important | Click to Run | Security Update | https://aka.ms/OfficeSecurityReleases | CVE-2024-43616 |
Remote Code Execution | Important | Click to Run | Security Update | https://aka.ms/OfficeSecurityReleases | CVE-2024-43616 |
Remote Code Execution | Important | Click to Run | Security Update | https://aka.ms/OfficeSecurityReleases | CVE-2024-43616 |
Remote Code Execution | Important | Click to Run | Security Update | https://aka.ms/OfficeSecurityReleases | CVE-2024-43616 |
Remote Code Execution | Important | Click to Run | Security Update | https://aka.ms/OfficeSecurityReleases | CVE-2024-43616 |
Spoofing | Important | XXXXXXX | Security Update | 15.0.1116.121 | CVE-2024-43612 |
Spoofing | Important | 5002635 | Security Update | 16.0.5469.1001 | CVE-2024-43609 |
Spoofing | Important | 5002635 | Security Update | 16.0.5469.1001 | CVE-2024-43609 |
Elevation of Privilege | Important | Release Notes | Security Update | 4.2435.2 | CVE-2024-43604 |
Remote Code Execution | Important | Release Notes | Security Update | 1.94.1 | CVE-2024-43601 |
curl | CBL-Mariner | 8.8.0-2 | CVE-2024-6197 | ||
curl | CBL-Mariner | 8.8.0-2 | CVE-2024-6197 | ||
Remote Code Execution | Important | Release Notes | Security Update | 1.2.5709.0 | CVE-2024-43533 |
Remote Code Execution | Important | 5002643 | Security Update | 16.0.5469.1000 | CVE-2024-43504 |
Remote Code Execution | Important | 5002643 | Security Update | 16.0.5469.1000 | CVE-2024-43504 |
Elevation of Privilege | Important | 5002649 | Security Update | 16.0.17928.20162 | CVE-2024-43503 |
Elevation of Privilege | Important | 5002647 | Security Update | 16.0.10415.20001 | CVE-2024-43503 |
Elevation of Privilege | Important | 5002645 | Security Update | 16.0.5469.1000 | CVE-2024-43503 |
Remote Code Execution | Important | Release Notes | Security Update | 10.1.2308.1 | CVE-2024-43480 |
Remote Code Execution | Important | Release Notes | Security Update | 10.0.2345.1 | CVE-2024-43480 |
Remote Code Execution | Important | Release Notes | Security Update | 9.1.2498.1 | CVE-2024-43480 |
Elevation of Privilege | Important | Release Notes | Security Update | 25398.1189 | CVE-2024-38179 |
Elevation of Privilege | Important | Release Notes | Security Update | 20349.2762 | CVE-2024-38179 |
Elevation of Privilege | Important | Release Notes | Security Update | 1.30.0 | CVE-2024-38097 |
Release Notes | Security Update | 129.0.2792.79 | CVE-2024-9370 |
For PCs running Windows 11 version 24H2, the KB5044284 update brings a couple of notable features, including redesigned media controls on the lock screen. Users will also see a new “Sign out” option on the account manager in the Start menu. Additionally, Microsoft has introduced the ability to share local files directly from the Windows Search results box. The latest update addresses a bug that was previously causing the Remote Desktop Gateway Service to stop responding.
Microsoft has rolled out the KB5044285 patch for users running Windows 11 23H2 and 22H2. This update includes almost all the features included in the KB5044284 update along with some other changes. Microsoft has released a new design for the Delivery Optimization page in Windows Settings to better align with the Windows 11 design language. The final KB5044280 patch also brings a couple of security improvements for Windows 11 version 21H2.
Lastly, Microsoft has rolled out the KB5044273 update that moves users’ profile pictures to a new position on Windows 10 version 22H2. This release also brings a darker background color for the left pane of the Start menu.
Organizations looking to deploy this month’s patches should conduct thorough testing before deploying them widely on production systems. That said, applying the patches widely shouldn’t be delayed longer than necessary as hackers start to work out how to weaponize newly reported vulnerabilities.
A best practice is to make sure you have backed up systems before applying updates. Every month, users experience issues with Windows updates that lead to systems not booting, application and hardware compatibility issues, or even data loss in extreme cases.
There are backup tools built into Windows and Windows Server that you can use to restore systems in the event a patch causes a problem. The backup features in Windows can be used to restore an entire system, or files and folders on a granular basis.