2024 Patch Tuesday comes with fixes for 72 vulnerabilities, including 1 zero-day

• System Center Operations Manager

• Microsoft Office

• Microsoft Edge (Chromium-based)

• Microsoft Defender for Endpoint

• Microsoft Office SharePoint

• GitHub

• Microsoft Office Word

• Microsoft Office Excel

• Windows Task Scheduler

• Windows Mobile Broadband

• Windows Kernel-Mode Drivers

• Windows Remote Desktop Services

• Windows Virtualization-Based Security (VBS) Enclave

• Microsoft Office Publisher

• Windows IP Routing Management Snapin

• Windows Wireless Wide Area Network Service

• Windows File Explorer

• Windows Kernel

• Windows Routing and Remote Access Service (RRAS)

• Windows Common Log File System Driver

• Role: DNS Server

• Windows Resilient File System (ReFS)

• Windows PrintWorkflowUserSvc

• Windows Message Queuing

• Remote Desktop Client

• WmsRepair Service

• Windows LDAP – Lightweight Directory Access Protocol

• Windows Cloud Files Mini Filter Driver

• Role: Windows Hyper-V

• Windows Local Security Authority Subsystem Service (LSASS)

• Windows Remote Desktop

• Microsoft Office Access

Learn more in the MSRC’s release notes.

Details of the zero-day vulnerability

• CVE-2024-49138

Vulnerable component: Windows Common Log File System Driver

Impact: Elevation of privilege

CVSS 3.1: 7.8

As per Microsoft, this vulnerability has been publicly disclosed and is being actively exploited. Microsoft has also stated that the vulnerability can be exploited to gain SYSTEM privileges. So far, no further information has been reported.

Republished CVE IDs

Besides the vulnerabilities fixed in this month’s Patch Tuesday, Microsoft has also republished four CVE IDs. These are as follows:

• CVE-2024-12053

Some third-party vendors such as Adobe, Cisco, SAP, and Veeam have also released updates this October.

Best practices to handle patch management in a hybrid work environment

Most organizations have opted to embrace remote work even after they have been cleared to return to the office. This decision poses various challenges to IT admins, especially in terms of managing and securing distributed endpoints.

Here are a few pointers to simplify the process of remote patching:

• Disable automatic updates because one faulty patch could bring down the whole system. IT admins can educate end users on how to disable automatic updates on their machines. Patch Manager Plus and Endpoint Central also have a dedicated patch, 105427, that can be deployed to endpoints to ensure that automatic updates are disabled.

• Create a restore point—a backup or image that captures the state of the machines—before deploying big updates like those from Patch Tuesday.

• Establish a patching schedule and keep end users informed about it. It is recommended to set up a time for deploying patches and rebooting systems. Let end users know what needs to be done on their end for trouble-free patching.

• Test the patches on a pilot group of systems before deploying them to the production environment. This will ensure that the patches do not interfere with the workings of other applications.

• Since many users are working from home, they all might be working different hours; in this case, you can allow end users to skip deployment and scheduled reboots. This will give them the liberty to install updates at their convenience and avoid disrupting their work. Our patch management products come with options for user-defined deployment and reboot.

• Most organizations are deploying patches using a VPN. To stop patch tasks from eating up your VPN bandwidth, install Critical patches and security updates first. You might want to hold off on deploying feature packs and cumulative updates since they are bulky updates and consume a lot of bandwidth.

• Schedule the non-security updates and security updates that are not rated Critical to be deployed after Patch Tuesday, such as during the third or fourth week of the month. You can also choose to decline certain updates if you feel they are not required in your environment.

• Run patch reports to get a detailed view of the health status of your endpoints.

For machines belonging to users returning to the office after working remotely, check if they are compliant with your security policies. If not, quarantine them. Install the latest updates and feature packs before deeming your back-to-office machines fit for production. Take inventory of and remove apps that are now obsolete for your back-to-office machines, like remote collaboration software.

With Endpoint Central, Patch Manager Plus, or Vulnerability Manager Plus, you can fully automate the entire patch management process, from testing patches to deploying them. You can also tailor the patch tasks to fit your current needs.

Want hands-on experience with one of these products? Try a free 30-day trial and keep thousands of applications patched and secure.