Security 10809 Published by

Microsoft has released 117 CVEs for October 2024, covering various aspects of Windows systems. These include Windows Hyper-V, Windows EFI Partition, Windows Kernel, OpenSSH for Windows, Azure Monitor, Windows Netlogon, Windows Kerberos, BranchCache, Azure Stack, Windows Routing and Remote Access Service (RRAS),.NET and Visual Studio, Windows Remote Desktop Licensing Service, Windows Remote Desktop Services, Microsoft Configuration Manager, Service Fabric, Power BI,.NET,.NET Framework, Visual Studio, Visual Studio Code, DeepSpeed, Windows Resilient File System (ReFS), Windows Common Log File System Driver, Windows Kernel, Microsoft Office SharePoint, Microsoft Office Excel, Microsoft Office Visio, BranchCache, Microsoft Graphics Component, Windows Kernel, Windows Standards-Based Storage Management Service, Windows BitLocker, Windows NTFS, Internet Small Computer Systems Interface (iSCSI), Windows Secure Kernel Mode, Microsoft ActiveX, Windows Telephony Server, Microsoft WDAC OLE DB provider for SQL, Windows Kernel, Windows Hyper-V, and Windows Local Security Authority.





October 2024 Security Updates

This release consists of the following 117 Microsoft CVEs:

TagCVEBase ScoreFAQs?Workarounds?Mitigations?
Role: Windows Hyper-V CVE-2024-206597.1YesNoNo
Windows Hyper-V CVE-2024-300928.0YesNoNo
Windows EFI Partition CVE-2024-379766.7YesNoNo
Windows Kernel CVE-2024-379796.7YesNoNo
Windows EFI Partition CVE-2024-379826.7YesNoNo
Windows EFI Partition CVE-2024-379836.7YesNoNo
OpenSSH for Windows CVE-2024-380297.5YesNoNo
Azure Monitor CVE-2024-380977.1YesNoNo
Windows Netlogon CVE-2024-381249.0YesNoYes
Windows Kerberos CVE-2024-381297.5YesNoNo
BranchCache CVE-2024-381497.5NoNoNo
Azure Stack CVE-2024-381798.8NoNoNo
Windows Routing and Remote Access Service (RRAS) CVE-2024-382128.8YesNoNo
.NET and Visual Studio CVE-2024-382298.1YesNoNo
Windows Routing and Remote Access Service (RRAS) CVE-2024-382617.8YesNoNo
Windows Remote Desktop Licensing Service CVE-2024-382627.5YesNoNo
Windows Routing and Remote Access Service (RRAS) CVE-2024-382658.8YesNoNo
Windows Routing and Remote Access Service (RRAS) CVE-2024-434538.8YesNoNo
Windows Remote Desktop Services CVE-2024-434564.8YesNoNo
Microsoft Configuration Manager CVE-2024-434689.8YesYesNo
Service Fabric CVE-2024-434806.6YesNoNo
Power BI CVE-2024-434816.5YesNoNo
.NET, .NET Framework, Visual Studio CVE-2024-434837.5NoNoNo
.NET, .NET Framework, Visual Studio CVE-2024-434847.5NoNoNo
.NET and Visual Studio CVE-2024-434857.5NoNoNo
Visual Studio Code CVE-2024-434888.8YesNoNo
DeepSpeed CVE-2024-434978.4YesNoNo
Windows Resilient File System (ReFS) CVE-2024-435005.5YesNoNo
Windows Common Log File System Driver CVE-2024-435017.8YesNoNo
Windows Kernel CVE-2024-435027.1YesNoNo
Microsoft Office SharePoint CVE-2024-435037.8YesNoNo
Microsoft Office Excel CVE-2024-435047.8YesNoNo
Microsoft Office Visio CVE-2024-435057.8YesNoNo
BranchCache CVE-2024-435067.5NoNoNo
Microsoft Graphics Component CVE-2024-435085.5YesNoNo
Microsoft Graphics Component CVE-2024-435097.8YesNoNo
Windows Kernel CVE-2024-435117.0YesNoNo
Windows Standards-Based Storage Management Service CVE-2024-435126.5NoNoNo
Windows BitLocker CVE-2024-435136.4YesNoNo
Windows NTFS CVE-2024-435147.8YesNoNo
Internet Small Computer Systems Interface (iSCSI) CVE-2024-435157.5NoNoNo
Windows Secure Kernel Mode CVE-2024-435167.8YesNoNo
Microsoft ActiveX CVE-2024-435178.8YesNoNo
Windows Telephony Server CVE-2024-435188.8YesNoNo
Microsoft WDAC OLE DB provider for SQL CVE-2024-435198.8YesNoNo
Windows Kernel CVE-2024-435205.0YesNoNo
Role: Windows Hyper-V CVE-2024-435217.5NoNoNo
Windows Local Security Authority (LSA) CVE-2024-435227.0YesNoNo
Windows Mobile Broadband CVE-2024-435236.8YesNoNo
Windows Mobile Broadband CVE-2024-435246.8YesNoNo
Windows Mobile Broadband CVE-2024-435256.8YesNoNo
Windows Mobile Broadband CVE-2024-435266.8YesNoNo
Windows Kernel CVE-2024-435277.8YesNoNo
Windows Secure Kernel Mode CVE-2024-435287.8YesNoNo
Windows Print Spooler Components CVE-2024-435297.3YesNoNo
RPC Endpoint Mapper Service CVE-2024-435328.8YesNoNo
Remote Desktop Client CVE-2024-435338.8YesNoYes
Microsoft Graphics Component CVE-2024-435346.5YesNoNo
Windows Kernel-Mode Drivers CVE-2024-435357.0YesNoNo
Windows Mobile Broadband CVE-2024-435366.8YesNoNo
Windows Mobile Broadband CVE-2024-435376.5YesNoNo
Windows Mobile Broadband CVE-2024-435386.5YesNoNo
Windows Mobile Broadband CVE-2024-435406.5YesNoNo
Microsoft Simple Certificate Enrollment Protocol CVE-2024-435417.5NoNoNo
Windows Mobile Broadband CVE-2024-435426.5YesNoNo
Windows Mobile Broadband CVE-2024-435436.8YesNoNo
Microsoft Simple Certificate Enrollment Protocol CVE-2024-435447.5NoNoNo
Windows Online Certificate Status Protocol (OCSP) CVE-2024-435457.5NoNoNo
Windows Cryptographic Services CVE-2024-435465.6YesNoNo
Windows Kerberos CVE-2024-435476.5YesNoNo
Windows Routing and Remote Access Service (RRAS) CVE-2024-435498.8YesNoNo
Windows Secure Channel CVE-2024-435507.4YesNoNo
Windows Storage CVE-2024-435517.8YesNoNo
Windows Shell CVE-2024-435527.3YesNoNo
Windows NT OS Kernel CVE-2024-435537.4YesNoNo
Windows Kernel-Mode Drivers CVE-2024-435545.5YesNoNo
Windows Mobile Broadband CVE-2024-435556.5YesNoNo
Microsoft Graphics Component CVE-2024-435567.8YesNoNo
Windows Mobile Broadband CVE-2024-435576.5YesNoNo
Windows Mobile Broadband CVE-2024-435586.5YesNoNo
Windows Mobile Broadband CVE-2024-435596.5YesNoNo
Windows Storage Port Driver CVE-2024-435607.8YesNoNo
Windows Mobile Broadband CVE-2024-435616.5YesNoNo
Windows Network Address Translation (NAT) CVE-2024-435627.5NoNoNo
Windows Ancillary Function Driver for WinSock CVE-2024-435637.8YesNoNo
Windows Routing and Remote Access Service (RRAS) CVE-2024-435648.8YesNoNo
Windows Network Address Translation (NAT) CVE-2024-435657.5NoNoNo
Role: Windows Hyper-V CVE-2024-435677.5NoNoNo
Windows Kernel CVE-2024-435706.4YesNoNo
Sudo for Windows CVE-2024-435715.6YesNoYes
Microsoft Management Console CVE-2024-435727.8YesNoNo
Windows MSHTML Platform CVE-2024-435736.5YesNoNo
Microsoft Windows Speech CVE-2024-435748.3YesNoNo
Role: Windows Hyper-V CVE-2024-435757.5NoNoNo
Microsoft Office CVE-2024-435767.8YesNoYes
OpenSSH for Windows CVE-2024-435817.1YesNoNo
Windows Remote Desktop CVE-2024-435828.1YesNoNo
Winlogon CVE-2024-435837.8YesNoNo
Windows Scripting CVE-2024-435847.7YesNoNo
Code Integrity Guard CVE-2024-435855.5YesNoYes
Windows Routing and Remote Access Service (RRAS) CVE-2024-435898.8NoNoNo
Visual C++ Redistributable Installer CVE-2024-435907.8YesNoNo
Azure CLI CVE-2024-435918.7YesNoNo
Windows Routing and Remote Access Service (RRAS) CVE-2024-435928.8YesNoNo
Windows Routing and Remote Access Service (RRAS) CVE-2024-435938.8YesNoNo
Remote Desktop Client CVE-2024-435998.8YesNoNo
Visual Studio Code CVE-2024-436017.1YesNoNo
Visual Studio CVE-2024-436035.5NoNoNo
Outlook for Android CVE-2024-436045.7YesNoNo
Windows Routing and Remote Access Service (RRAS) CVE-2024-436078.8YesNoNo
Windows Routing and Remote Access Service (RRAS) CVE-2024-436088.8YesNoNo
Microsoft Office CVE-2024-436096.5YesNoYes
Windows Routing and Remote Access Service (RRAS) CVE-2024-436118.8YesNoNo
Power BI CVE-2024-436126.9YesNoNo
Microsoft Defender for Endpoint CVE-2024-436145.5NoNoNo
OpenSSH for Windows CVE-2024-436157.1YesNoNo
Microsoft Office CVE-2024-436167.8YesNoNo

We are republishing 4 non-Microsoft CVEs:

CNATagCVEFAQs?Workarounds?Mitigations?
HackeroneWindows cURL Implementation CVE-2024-6197YesNoNo
ChromeMicrosoft Edge (Chromium-based) CVE-2024-7025YesNoNo
ChromeMicrosoft Edge (Chromium-based) CVE-2024-9369YesNoNo
ChromeMicrosoft Edge (Chromium-based) CVE-2024-9370YesNoNo

Security Update Guide Blog Posts

DateBlog Post
June 27, 2024 Toward greater transparency: Unveiling Cloud Service CVEs
April 9, 2024 Toward greater transparency: Security Update Guide now shares CWEs for CVEs
January 6, 2023 Publishing CBL-Mariner CVEs on the Security Update Guide CVRF API
January 11, 2022 Coming Soon: New Security Update Guide Notification System
February 9, 2021 Continuing to Listen: Good News about the Security Update Guide API
January 13, 2021 Security Update Guide Supports CVEs Assigned by Industry Partners
December 8, 2020 Security Update Guide: Let’s keep the conversation going
November 9, 2020 Vulnerability Descriptions in the New Version of the Security Update Guide

Relevant Resources

  • The new Hotpatching feature is now generally available. Please see  Hotpatching feature for Windows Server Azure Edition virtual machines (VMs) for more information.
  • Windows 10 and Windows 11 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10 and Windows 11, in addition to non-security updates. The updates are available via the  Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 and Windows 11 operating systems, please see  Windows Lifecycle Facts Sheet.
  • Microsoft is improving Windows Release Notes. For more information, please see  What's next for Windows release notes.
  • A list of the latest servicing stack updates for each operating system can be found in  ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
  • In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
  • Customers running Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See  4522133 for more information.

Known Issues

You can see these in more detail from the Deployments tab by selecting Known Issues column in the Edit Columns panel.

For more information about Windows Known Issues, please see  Windows message center (links to currently-supported versions of Windows are in the left pane).

KB ArticleApplies To
5044273Windows 10, version 21H2, Windows 10, version 22H2
5044280Windows 11, version 21H2
5044281Windows Server 2022
5044284Windows 11 version 24H2
5044306Windows Server 2008 (Security-only update)
5044320Windows Server 2008 (Monthly Rollup)
5044342Windows Server 2012 (Monthly Rollup)
5044343Windows Server 2012 R2 (Monthly Rollup)

Win10

Security Update Guide - Microsoft Security Response Center