Microsoft Release October 2024 Patch Tuesday Updates for Windows 11 and Windows 10

Microsoft's October 2024 Patch Tuesday update addresses 117 vulnerabilities, including critical security flaws.

Last Update: Nov 19, 2024 | Published: Oct 09, 2024

Windows 11 2022 Update

SHARE ARTICLE

Key Takeaways:

  • Microsoft addressed 117 vulnerabilities in the October 2024 Patch Tuesday update, including three rated critical and two actively exploited security flaws.
  • Notable fixes include a zero-day Windows MSHTML spoofing vulnerability (CVE-2024-43573) and a Winlogon elevation of privilege flaw (CVE-2024-43583).
  • Quality updates introduced new features for Windows 11, such as redesigned media controls.

Microsoft released yesterday the October 2024 Patch Tuesday updates for Windows 11 and Windows 10. This month, the company released 117 patches to fix vulnerabilities in Windows, Office, and other components.

Microsoft is reminding customers that several versions of Windows 11 have reached the end of support this month. These include Windows 11 version 22H2 for Home and Pro editions, as well as version 21H2 for Enterprise, Education, and IoT Enterprise editions. PCs running these versions will no longer receive security updates or bug fixes, and users should upgrade to Windows 11 versions 23H2 or 24H2 to protect against security threats.

117 vulnerabilities fixed in the October 2024 Patch Tuesday updates

In October, Microsoft addressed fixed a total of 117 vulnerabilities. Three of them are rated critical and there are also two security flaws that are actively being exploited in the wild. Here’s the full list of CVEs released by Microsoft with the October 2024 Patch Tuesday updates:

  • CVE-2024-43573: This is a zero-day Windows MSHTML platform spoofing vulnerability with a CVSS rating of 6.5. MSHTML is the rendering engine that powers applications such as Internet Explorer. This security flaw affects all versions of Windows except Windows Server 2008, Windows Server 2008 R2 and Windows Server 2012.
  • CVE-2024-43572: This is a critical vulnerability that affects the Microsoft Management Console. It could allow an unauthorized hacker to run code on a machine with untrusted Microsoft Saved Console (MSC) files. However, it would require an attacker to convince the victim to install the file locally.
  • CVE-2024-43583: This is a Winlogon elevation of privileges vulnerability that could enable threat actors to gain full system level privileges on the device. It’s rated important with a CVSS score of 7.8.
  • CVE-2024-6197: This is a remote code execution flaw that affects the open source cURL command line tool. Curl is used to send data using various protocols like HTTP, HTTPS or FTP.
  • CVE-2024-20659: This is a Windows Hyper-V security feature bypass vulnerability with a CVSS score of 7.1. It could enable cybercriminals to bypass a Unified Extensible Firmware Interface (UEFI) host machine in order to target the virtual machine.
  • CVE-2024-43468: This is critical vulnerability in Microsoft Configuration Manager that allows remote code execution via SQL. It could enable an unauthenticated hacker to gain full admin credentials.
  • CVE-2024-43488: This security flaw exists in the Visual Studio Code extension for Arduino Remote.

You can find below the full list of CVEs released by Microsoft with the October 2024 Patch Tuesday updates:

ImpactMax SeverityArticleDownloadBuild NumberDetails
Denial of ServiceImportant5044033Security Update4.8.109277.02CVE-2024-43484
Denial of ServiceImportant5044090Security Update4.8.1.09277.02CVE-2024-43484
Denial of ServiceImportant5044092Security Update4.8.1.09277.02CVE-2024-43484
Denial of ServiceImportant5044021Security Update4.8.04762.01CVE-2024-43483
Remote Code ExecutionCriticalCVE-2024-43488
Remote Code ExecutionImportant5044343Monthly Rollup6.3.9600.22221CVE-2024-43611
Remote Code ExecutionImportant5044343Monthly Rollup6.3.9600.22221CVE-2024-43593
Remote Code ExecutionImportant5044342Monthly Rollup6.2.9200.25118CVE-2024-43593
Remote Code ExecutionImportant5044342Monthly Rollup6.2.9200.25118CVE-2024-43593
Remote Code ExecutionImportant5044356Monthly Rollup6.1.7601.27366CVE-2024-43593
Remote Code ExecutionImportant5044321Security Only6.1.7601.27366CVE-2024-43593
Remote Code ExecutionImportant5044356Monthly Rollup6.1.7601.27366CVE-2024-43593
Remote Code ExecutionImportant5044321Security Only6.1.7601.27366CVE-2024-43593
Remote Code ExecutionImportant5044320Monthly Rollup6.0.6003.22918CVE-2024-43593
Remote Code ExecutionImportant5044306Security Only6.0.6003.22918CVE-2024-43593
Remote Code ExecutionCritical5044285Security Update10.0.22621.4317CVE-2024-43582
Remote Code ExecutionCritical5044285Security Update10.0.22621.4317CVE-2024-43582
Remote Code ExecutionCritical5044273Security Update10.0.19044.5011CVE-2024-43582
Remote Code ExecutionCritical5044273Security Update10.0.19044.5011CVE-2024-43582
Remote Code ExecutionCritical5044273Security Update10.0.19044.5011CVE-2024-43582
Elevation of PrivilegeImportant5044280Security Update10.0.22000.3260CVE-2024-43570
Elevation of PrivilegeImportant5044280Security Update10.0.22000.3260CVE-2024-43570
Denial of ServiceImportant5044293Security Update10.0.14393.7428CVE-2024-43562
Denial of ServiceImportant5044293Security Update10.0.14393.7428CVE-2024-43562
Denial of ServiceImportant5044293Security Update10.0.14393.7428CVE-2024-43562
Denial of ServiceImportant5044286Security Update10.0.10240.20796CVE-2024-43562
Denial of ServiceImportant5044286Security Update10.0.10240.20796CVE-2024-43562
Denial of ServiceImportant5044284Security Update10.0.26100.2033CVE-2024-43562
Denial of ServiceImportant5044273Security Update10.0.19045.5011CVE-2024-43558
Denial of ServiceImportant5044273Security Update10.0.19045.5011CVE-2024-43558
Denial of ServiceImportant5044273Security Update10.0.19045.5011CVE-2024-43558
Remote Code ExecutionImportant5044288Security Update10.0.25398.1189CVE-2024-43549
Remote Code ExecutionImportant5044281Security Update10.0.20348..2762CVE-2024-43549
Remote Code ExecutionImportant5044281Security Update10.0.20348..2762CVE-2024-43549
Remote Code ExecutionImportant5044277Security Update10.0.17763.6414CVE-2024-43549
Remote Code ExecutionImportant5044277Security Update10.0.17763.6414CVE-2024-43549
Denial of ServiceImportant5044284Security Update10.0.26100.2033CVE-2024-43520
Remote Code ExecutionCriticalKB29166583Security Update5.00.9128CVE-2024-43468
Remote Code ExecutionCriticalKB29166583Security Update5.00.9122CVE-2024-43468
Remote Code ExecutionCriticalKB29166583Security Update5.00.9106CVE-2024-43468
Remote Code ExecutionImportantRelease NotesSecurity Update0.15.1CVE-2024-43497
Denial of ServiceImportant5045993Security Update8.0.10CVE-2024-43485
Denial of ServiceImportant5045998Security Update6.0.35CVE-2024-43485
SpoofingModerate5044285Security Update10.0.22631.4317CVE-2024-43573
Remote Code ExecutionImportant5044277Security Update10.0.17763.6414CVE-2024-43518
Remote Code ExecutionImportant5044277Security Update10.0.17763.6414CVE-2024-43518
Denial of ServiceImportant5044030Security Update4.8.1.09277.02CVE-2024-43484
Denial of ServiceImportant5044099Security Update4.8.04762.02CVE-2024-43484
Denial of ServiceImportant5044089Security Update4.8.04762.01CVE-2024-43484
Denial of ServiceImportant5044095Monthly Rollup4.8.04762.02CVE-2024-43484
Denial of ServiceImportant5044085Security Only4.8.04761.02CVE-2024-43484
Denial of ServiceImportant5044096Monthly Rollup4.8.04762.01CVE-2024-43484
Denial of ServiceImportant5044097Monthly Rollup4.8.04762.01CVE-2024-43484
Denial of ServiceImportant5044095Monthly Rollup3.5.1.30729.8974CVE-2024-43484
Denial of ServiceImportant5044085Security Only3.5.1.30729.8974CVE-2024-43484
Denial of ServiceImportant5044097Monthly Rollup4.7.04115.01CVE-2024-43484
Denial of ServiceImportant5044096Monthly Rollup3.5.30729.8974CVE-2024-43484
Denial of ServiceImportant5044098Monthly Rollup3.5.30729.8973CVE-2024-43484
Denial of ServiceImportant5044086Security Only3.5.30729.8972CVE-2024-43484
Denial of ServiceImportant5044098Monthly Rollup3.0.30729.8974CVE-2024-43484
Denial of ServiceImportant5044086Security Only3.0.30729.8974CVE-2024-43484
Denial of ServiceImportant5044098Monthly Rollup3.0.30729.8974CVE-2024-43484
Denial of ServiceImportant5044086Security Only3.0.30729.8974CVE-2024-43484
Denial of ServiceImportant5044286Security Update10.0.10240.20796CVE-2024-43484
Denial of ServiceImportant5044098Monthly Rollup4.7.04115.01CVE-2024-43484
Denial of ServiceImportant5044086Security Only4.7.04115.03CVE-2024-43484
Denial of ServiceImportant5044028Security Update4.8.1.09277.02CVE-2024-43484
Denial of ServiceImportant5044091Security Update4.8.1.09277.02CVE-2024-43484
Denial of ServiceImportant5044099Security Update4.8.1.9277.03CVE-2024-43484
Denial of ServiceImportant5044097Monthly Rollup4.7.04115.01CVE-2024-43484
Denial of ServiceImportant5044090Security Update4.8.04762.01CVE-2024-43484
Denial of ServiceImportant5044091Security Update4.8.04762.01CVE-2024-43484
Denial of ServiceImportant5044096Monthly Rollup4.7.4115.01CVE-2024-43484
Denial of ServiceImportant5044293Security Update10.0.14393.7428CVE-2024-43484
Denial of ServiceImportant5044095Monthly Rollup4.7.04115.01CVE-2024-43484
Denial of ServiceImportant5044085Security Only4.7.04115.03CVE-2024-43484
Denial of ServiceImportant5044089Security Update3,5,04115.01CVE-2024-43484
Denial of ServiceImportant5044092Security Update4.8.04762.01CVE-2024-43484
Remote Code ExecutionImportant5044320Monthly Rollup6.0.6003.22918CVE-2024-43611
Remote Code ExecutionImportant5044306Security Only6.0.6003.22918CVE-2024-43611
Remote Code ExecutionImportant5044320Monthly Rollup6.0.6003.22918CVE-2024-43611
Remote Code ExecutionImportant5044306Security Only6.0.6003.22918CVE-2024-43611
Remote Code ExecutionImportant5044320Monthly Rollup6.0.6003.22918CVE-2024-43611
Remote Code ExecutionImportant5044306Security Only6.0.6003.22918CVE-2024-43611
Remote Code ExecutionImportant5044293Security Update10.0.14393.7428CVE-2024-43611
SpoofingImportantRelease NotesSecurity Update101.24052.0002CVE-2024-43614
Elevation of PrivilegeImportant5044285Security Update10.0.22631.4317CVE-2024-43583
Denial of ServiceImportant5045536Security Update14.0.27561.00CVE-2024-43603
Denial of ServiceImportantRelease NotesSecurity Update17.10.8CVE-2024-43603
Denial of ServiceImportantRelease NotesSecurity Update17.8.15CVE-2024-43603
Denial of ServiceImportantRelease NotesSecurity Update17.6.20CVE-2024-43603
Denial of ServiceImportantRelease NotesSecurity Update16.11.41CVE-2024-43603
Denial of ServiceImportantRelease NotesSecurity Update15.9.67CVE-2024-43603
Denial of ServiceImportantRelease NotesSecurity Update17.11.5CVE-2024-43603
Elevation of PrivilegeImportantRelease NotesSecurity Update2.65.0CVE-2024-43591
Elevation of PrivilegeImportantRelease NotesSecurity Update2.65.0CVE-2024-43591
Elevation of PrivilegeImportantRelease NotesSecurity Update14.40.33816CVE-2024-43590
Denial of ServiceImportant5045993Security Update8.0.10CVE-2024-43485
Denial of ServiceImportant5045998Security Update6.0.35CVE-2024-43485
Denial of ServiceImportant5045998Security Update6.0.35CVE-2024-43485
Denial of ServiceImportant5045993Security Update8.0.10CVE-2024-43485
Remote Code ExecutionImportantClick to RunSecurity Updatehttps://aka.ms/OfficeSecurityReleasesCVE-2024-43616
Remote Code ExecutionImportantClick to RunSecurity Updatehttps://aka.ms/OfficeSecurityReleasesCVE-2024-43616
Remote Code ExecutionImportantClick to RunSecurity Updatehttps://aka.ms/OfficeSecurityReleasesCVE-2024-43616
Remote Code ExecutionImportantClick to RunSecurity Updatehttps://aka.ms/OfficeSecurityReleasesCVE-2024-43616
Remote Code ExecutionImportantClick to RunSecurity Updatehttps://aka.ms/OfficeSecurityReleasesCVE-2024-43616
Remote Code ExecutionImportantClick to RunSecurity Updatehttps://aka.ms/OfficeSecurityReleasesCVE-2024-43616
Remote Code ExecutionImportantClick to RunSecurity Updatehttps://aka.ms/OfficeSecurityReleasesCVE-2024-43616
Remote Code ExecutionImportantClick to RunSecurity Updatehttps://aka.ms/OfficeSecurityReleasesCVE-2024-43616
SpoofingImportantXXXXXXXSecurity Update15.0.1116.121CVE-2024-43612
SpoofingImportant5002635Security Update16.0.5469.1001CVE-2024-43609
SpoofingImportant5002635Security Update16.0.5469.1001CVE-2024-43609
Elevation of PrivilegeImportantRelease NotesSecurity Update4.2435.2CVE-2024-43604
Remote Code ExecutionImportantRelease NotesSecurity Update1.94.1CVE-2024-43601
curlCBL-Mariner8.8.0-2CVE-2024-6197
curlCBL-Mariner8.8.0-2CVE-2024-6197
Remote Code ExecutionImportantRelease NotesSecurity Update1.2.5709.0CVE-2024-43533
Remote Code ExecutionImportant5002643Security Update16.0.5469.1000CVE-2024-43504
Remote Code ExecutionImportant5002643Security Update16.0.5469.1000CVE-2024-43504
Elevation of PrivilegeImportant5002649Security Update16.0.17928.20162CVE-2024-43503
Elevation of PrivilegeImportant5002647Security Update16.0.10415.20001CVE-2024-43503
Elevation of PrivilegeImportant5002645Security Update16.0.5469.1000CVE-2024-43503
Remote Code ExecutionImportantRelease NotesSecurity Update10.1.2308.1CVE-2024-43480
Remote Code ExecutionImportantRelease NotesSecurity Update10.0.2345.1CVE-2024-43480
Remote Code ExecutionImportantRelease NotesSecurity Update9.1.2498.1CVE-2024-43480
Elevation of PrivilegeImportantRelease NotesSecurity Update25398.1189CVE-2024-38179
Elevation of PrivilegeImportantRelease NotesSecurity Update20349.2762CVE-2024-38179
Elevation of PrivilegeImportantRelease NotesSecurity Update1.30.0CVE-2024-38097
Release NotesSecurity Update129.0.2792.79CVE-2024-9370

Quality and experience updates

For PCs running Windows 11 version 24H2, the KB5044284 update brings a couple of notable features, including redesigned media controls on the lock screen. Users will also see a new “Sign out” option on the account manager in the Start menu. Additionally, Microsoft has introduced the ability to share local files directly from the Windows Search results box. The latest update addresses a bug that was previously causing the Remote Desktop Gateway Service to stop responding.

Microsoft has rolled out the KB5044285 patch for users running Windows 11 23H2 and 22H2. This update includes almost all the features included in the KB5044284 update along with some other changes. Microsoft has released a new design for the Delivery Optimization page in Windows Settings to better align with the Windows 11 design language. The final KB5044280 patch also brings a couple of security improvements for Windows 11 version 21H2.

Lastly, Microsoft has rolled out the KB5044273 update that moves users’ profile pictures to a new position on Windows 10 version 22H2. This release also brings a darker background color for the left pane of the Start menu.

Windows Update testing and best practices

Organizations looking to deploy this month’s patches should conduct thorough testing before deploying them widely on production systems. That said, applying the patches widely shouldn’t be delayed longer than necessary as hackers start to work out how to weaponize newly reported vulnerabilities.

A best practice is to make sure you have backed up systems before applying updates. Every month, users experience issues with Windows updates that lead to systems not booting, application and hardware compatibility issues, or even data loss in extreme cases.

There are backup tools built into Windows and Windows Server that you can use to restore systems in the event a patch causes a problem. The backup features in Windows can be used to restore an entire system, or files and folders on a granular basis.

SHARE ARTICLE