This month’s Patch Tuesday drop includes a total of 65 CVEs – 61 issues by Microsoft, 3 issued by Chrome, and 1 issued by Intel. For those worried about the Intel update, which requires you apply both an Intel microcode update and a Microsoft update, it only applies to Atom processors.
One of the more interesting notes that I made this month is that there are 5 CVEs impacting mobile software including Outlook, Teams, and Edge for Android as well as the Intune Company Portal for Android and Microsoft Authenticator. While Microsoft has rated the Authenticator vulnerability (CVE-2024-21390) as ‘Exploitation Less Likely’ and indicated that an attacker would need a local presence via malware or a malicious application, this is an interesting vulnerability. Successful exploitation of the vulnerability could allow the attacker to gain access to the users MFA codes. Microsoft has rated this with a CVSS score of 7.1 and indicated that user interaction is required as the victim would need to close and then reopen the application. Since, it is pretty standard to open and close applications, I wonder if it might be more realistic to say that user interaction is None, bumping the score to a 7.7. Either way, this was the vulnerability that I found most intriguing this month as we regularly remind end users to implement MFA and rely on a second authentication method. Your MFA tools are like your password managers, they are tools that you cannot risk your user base losing confidence in because they are critical to a modern, secure enterprise.
A vulnerability that may standout to people this month is the Software for Open Networking in the Cloud (SONiC) Elevation of Privilege vulnerability (CVE-2024-21418). For many reviewing the bulletins, this might be the first time that they have heard about this software before. There is a pretty complete FAQ available on the SONiC GitHub for those interested in reading it. SONiC was previously known as Azure Cloud Switch and is deployed in Microsoft production data centers. The software provides all the features required to have a fully functional layer 3 device and can run on a number of devices. This vulnerability could allow an unprivileged read-only attacker to gain root access within the Border Gateway Protocol (BGP) container and then perform a container escape.
The most important vulnerability this month is likely the Open Management Infrastructure (OMI) Remote Code Execution vulnerability (CVE-2024-21334), which has a CVSS score of 9.8 and could allow a remote unauthenticated attacker to exploit a use-after-free vulnerability in the OMI instance and execute code. Microsoft recommends disabling OMI listening ports if they are not needed, which is good advice for all software and updates are available for OMI on GitHub as well as the 2019 and 2022 versions of System Center Operations Manager (SCOM) which utilize OMI. If you have SCOM in your environment, this is an update that you should deploy as soon as possible.
Click here for more Patch Tuesday analysis.
Request a Fortra® Demo
From reconnaissance through achieving objectives, Fortra® interrupts attackers at every step of the attack chain.
