Demo
Log In
Support

We help you save time, money and improve your IT security

Integrate Third-Party Patch Management in Microsoft ConfigMgr and Intune

Patch Tuesday Support Group October Webinar

Webinar Summary

Jordan Benzing goes over the latest update releases including CVE-2024-43468 focusing on CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’). Bryan Dam then reviews hot topic articles over the last month including Win+R Weaponized for Captcha, U.S. Wiretap Systems targeted in China-Linked Hack, the Internet Archive is under attack, and Important changes to the Windows enrollment experience coming soon.

Watch the Webinar Recording

Webinar Hosts

Bryan Dam

Bryan Dam

Patch My PC
Software Engineer

Jordan Benzing Patch My PC Team Photo

Jordan Benzing

Patch My PC
Security Engineer Lead

Patch Tuesday Support Group Webinar Recap

Patch Tuesday October News

Security Updates

Win+R Weaponized For Captcha: Captcha saves vulnerable URL to clipboard and tells user to run the cmd — x.com

How North Korea Infiltrated the Crypto Industry — coindesk.com

U.S. Wiretap Systems Targeted in China-Linked Hack — wsj.com, eff.org

D-Link fixes critical RCEs, hardcoded password flaws in WiFi 6 routers — dlink.com

Attacking UNIX Systems via Common Unix Printing System (CUPS): Remotely executable without user interaction: CVSS base score of 9 affects many/most Linux Distros, Chromium/ChromeOS, Solaris — evilsocket.net, github.com, bleepingcomputer.com

Ivanti Continues to have a good time — bleepingcomputer.com – ivanti fixes rce bug, bleepingcomputer.com – ivanti warns of critical csa flaw, bleepingcomputer.com – critical ivanti vtm auth bypass bug, bleepingcomputer.com – ivanti warns three more csa zero days exploits

Mind the (air) gap: GoldenJackal gooses government guardrails — welivesecurity.com

Kaspersky Exits U.S., Automatically Replaces Software With UltraAV, Raising Concerns — thehackernews.com

WP Engine sues WordPress co-creator Mullenweg and Automattic, alleging abuse of power — techcrunch.com

The Internet Archive is under attack, with a breach revealing info for 31 million accounts — theverge.com

What’s new at Microsoft

Windows 11 Insider Preview Build 27718 includes ‘Administrator Protection’ — blogs.windows.com, patchmypc.com

Important changes to the Windows enrollment experience coming soon — techcommunity.microsoft.com

Update on Recall security and privacy architecture — blogs.windows.com

Windows 11, version 24H2: What’s new for IT pros — techcommunity.microsoft.com

KB29166583 – Management point security update for Configuration Manager 2403 — learn.microsoft.com, msrc.microsoft.com

What’s new in Microsoft Intune? — learn.microsoft.com

Get Off My Lawn

Intune missing capabilities for the ConfigMgr administrator — potentengineer.com

Windows Server Update Services (WSUS) deprecation — techcommunity.microsoft.com, patchmypc.com, patchmypc.com

Microsoft Patches of Note

View the full list of Patch Tuesday release notes at Patch Tuesday Blog Home Page – Patch Tuesday Blog

Total Patches Release: 102
Patch Severity Number of
Critical 42
Important 60
Moderate 0
N/A 0

Third Party Updates from Patch My PC

Total updates: 3305
Update Severity Number of
Critical 69
Important 479
Moderate 2422
Low 9
N/A 326

Browser Wars

Browser Specific updates
Browser Number of
Google Chrome 15
Firefox 10
Edge 15
Opera 9

Insight into CVEs

This month there were a total of 121 vulnerabilities addressed.

CVE Impact
Classification Number of
Critical 3
Important 114
Moderate 1
N/A 3
CVE Breakdown
CVE Type Number of
Denial of service 26
Elevation of Privilege 28
Information Disclosure 6
Remote Code Execution 43
Security Feature Bypass 7
Spoofing 7
Tampering 1