Microsoft Security Update

Microsoft Security Updates – October 2024

Overview: Microsoft has released security updates to address vulnerabilities in various software products, including:

• Windows OS: 10 and 11
• Windows Server: 2016, 2019, 2022
• Microsoft SQL Server: 2019, 2022
• Microsoft Office: 2016, 2019, Microsoft 365

These updates fix multiple vulnerabilities, including five zero-day vulnerabilities

• CVE-2024-43573
• CVE-2024-43572
• CVE-2024-6197
• CVE-2024-20659
• CVE-2024-43583

Security Risks: Exploitation of these vulnerabilities could allow authenticated attackers to remotely take control of systems, executing malicious code with elevated privileges.

Recommended Actions: The National Computer and Cybercrimes Coordination Committee (NC4) advises users and administrators to:

1. Apply Security Patches: Implement the latest security updates immediately to prevent unauthorized control over systems.

1. Upgrade Software: Ensure all installed Microsoft software is updated to the latest supported version for ongoing support and security patches. Immediate upgrades are required for:

• Windows OS: Vista, XP, 7, 8
• Windows Server: 2003, 2003 RE, 2008, 2008 RE, 2008 SP2, 2012, 2012 R2
• Exchange Server: 2003, 2007, 2010, 2013
• Microsoft SQL Server: 2005, 2008, 2012
• Microsoft Office: 2013

1. Backup Data: Ensure a current and tested backup of your data is available before performing any updates.

For the full list of security patches, refer to the Microsoft Security Update Guide.