Although Microsoft’s monthly Patch Tuesday security update is now over, customers who have not acted quickly enough to defend their devices against a number of zero-day vulnerabilities may still be vulnerable to Exploit Wednesday.
Do I hear you ask how many? Out of the 117 security flaws that have been addressed this month, how does five catch you? However, a number of security experts have noticed that it is not a zero-day: CVE-2024-43468 has an update now warning associated and a critical severity level of 9.8/10.
How dangerous is CVE-2024-43468?
Despite not being identified as publicly reported or exploited in the wild, Microsoft themselves evaluated CVE-2024-43468 as a significant vulnerability, indicating that it is not a zero-day threat. It affects Microsoft’s Configuration Manager and has the ability to remotely execute code if properly exploited, which is why it is being treated with such seriousness.
In order to execute instructions on the server and/or underlying database, Microsoft cautioned that an unauthenticated attacker might take advantage of this vulnerability by sending specially designed requests to the target environment that are handled unsafely. According to one security expert, CVE-2024-43468 has low complexity and no interaction—the worst qualities you could look for in a vulnerability like this.
Mitigating CVE-2024-43468 is not at all straightforward
According to Rapid7’s principal software developer Adam Barnett, who provided this description, the update is everything but simple. According to Barnett, “the appropriate update is installed via the Configuration Manager interface and needs certain administrator tasks as detailed in a general series of publications from Microsoft.”
The update procedure for this vulnerability is more complicated than just applying a patch, according to Tyler Reguly, an associate director of security research and development at Fortra.
“The existence of susceptible environments within the organization” can be generated since it necessitates an in-console update that requires the user to confirm which updates to install, according to Reguly, and it does not update secondary sites unless administrators carry out another manual procedure.
In fact, the necessary procedures are described in detail in Microsoft Knowledge Base article KB29166583, which was initially released on September 4. According to Barnett, this was “subsequently unpublished and reposted on Sept. 18″ with no reference to CVE-2024-43468.” Defendants should thoroughly review the relevant documentation, Barnett says, “and probably read it again for good measure.”
So, you know what to do: update as soon as feasible if you use the Microsoft Configuration Manager. “Successful exploitation of this vulnerability can allow for lateral movement throughout a network and offers the potential to deploy malicious configurations to other systems,” Cody Dietz, team lead of security engineering at Automox, said, advising immediate action as well as recommending the use of “an alternate service account in place of the computer account to mitigate risk.”