Zero Day Initiative | Blog
Follow
The October 2024 Security Update Review
Adobe and Microsoft have released their latest security patches for October 2024. Adobe released nine patches addressing 52 CVEs in various products, including Adobe Commerce, Dimension, Animate, and FrameMaker. Two of the bugs were submitted through the ZDI program, and none of the bugs fixed by Adobe this month are listed as publicly known or under active attack.Microsoft released 117 new CVEs in Windows and Windows Components, Office and Office Components, Azure, .NET and Visual Studio, and other products. One of the vulnerabilities was reported through the ZDI program, and five CVEs are listed as publicly known, with two of them listed as under active attack.Some of the notable vulnerabilities include a Windows MSHTML Platform Spoofing Vulnerability, a Microsoft Management Console Remote Code Execution Vulnerability, and a Microsoft Configuration Manager Remote Code Execution Vulnerability. These vulnerabilities are rated as Moderate or Critical and could allow remote, unauthenticated attackers to execute arbitrary code or gain elevated privileges.Microsoft also released patches for various other products, including Azure, .NET, and Visual Studio, addressing vulnerabilities such as remote code execution, denial of service, and elevation of privilege. The patches also include fixes for third-party CVEs, bringing the total number of CVEs addressed to 121.It is essential to apply these patches as soon as possible to prevent potential attacks and exploits. Users should prioritize testing and deploying the updates quickly, especially for the vulnerabilities listed as under active attack.