Division of Financial Services
Financial Information Services
<div>Microsoft’s October 2024 updates, released on Tuesday, October 8, fix multiple zero-day vulnerabilities in Microsoft Windows desktop and server operating systems. Two zero-day vulnerabilities are under known active exploitation. Successful exploitation may allow escalation of privileges or arbitrary code execution. One actively exploited vulnerability, dubbed GrimResource and assigned CVE-2024-43572, requires only that a user opens a malicious .msc file and has been observed under exploitation since June 2024. Patch now. </div><div> </div><div>Certified Desktop customers: </div><div>Updates will be made available today, Wednesday, October 9 with an installation deadline of 4:00 pm on Wednesday, October 16. </div><div> </div><div>Users who do not have a managed computer should apply Windows updates as soon as possible. See “Microsoft – Update Windows” in the references below. </div><div> </div><div>References: </div><div>Bleeping Computer: <a href=""""https://www.bleepingcomputer.com/news/microsoft/microsoft-october-2024-p... </div><div>Microsoft – MSRC - CVE-2024-43572: <a href=""""https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-43572&qu... </div><div>Microsoft – MSRC - CVE-2024-43573: <a href=""""https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-43573&qu... </div><div>Elastic Security Labs – GrimResource: <a href=""""https://www.elastic.co/security-labs/grimresource"""">htt... </div><div>Microsoft – Update Windows: <a href=""""https://support.microsoft.com/en-us/windows/update-windows-3c5ae7fc-9fb6...
