www.n-able.com
Open in
urlscan Pro
2606:4700:4400::6812:2971
Public Scan
URL:
https://www.n-able.com/blog/patch-tuesday-october-2024-counting-down-to-windows-10-eos-while-internet-explorer-lives
Submission: On October 30 via api from IN — Scanned from US
Submission: On October 30 via api from IN — Scanned from US
Form analysis 2 forms found in the DOM
<form id="mktoForm_5033" novalidate="novalidate" class="mktoForm mktoHasWidth mktoLayoutLeft" style="font-size: 13px; color: rgb(51, 51, 51); width: 1601px;">
<div class="message">
<p>Loading form....</p>
<!-- Fallback user sees when form doesn't load as expected. Ideally, this text is an editable theme option -->
<div class="inner-message" style="display: block;">
<p>If the form does not load in a few seconds, it is probably because your browser is using Tracking Protection. This is either an Ad Blocker plug-in or your browser is in private mode. Please allow tracking on this page to request a trial.</p>
<p>If this issue persists, please visit our <a href="/contact" target="_blank" class="text-electric-indigo line--added" rel="noopener noreferrer"><span class="linkline">Contact Sales</span></a> page for local phone numbers.</p>
<p>Note: Firefox users may see a shield icon to the left of the URL in the address bar. Click on this to disable tracking protection for this session/site</p>
</div>
</div>
<style type="text/css"></style>
<div class="mktoFormRow" data-sw-label="Email">
<div class="mktoFieldDescriptor mktoFormCol" style="margin-bottom: 5px;">
<div class="mktoOffset" style="width: 5px;"></div>
<div class="mktoFieldWrap mktoRequiredField"><label for="Email" id="LblEmail" class="mktoLabel mktoHasWidth" style="width: 0px;">
<div class="mktoAsterix">*</div>
</label>
<div class="mktoGutter mktoHasWidth" style="width: 5px;"></div><input id="Email" name="Email" placeholder="Email Address" maxlength="255" aria-labelledby="LblEmail InstructEmail" type="email"
class="mktoField mktoEmailField mktoHasWidth mktoRequired" aria-required="true" style="width: 150px;"><span id="InstructEmail" tabindex="-1" class="mktoInstruction"></span>
<div class="mktoClear"></div>
</div>
<div class="mktoClear"></div>
</div>
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow" data-sw-label="Country"><input type="hidden" name="Country" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow" data-sw-label="utm_campaign"><input type="hidden" name="utm_campaign" class="mktoField mktoFieldDescriptor mktoFormCol" value="Multi-GLBL-LT-DGD-DEFATT_WebDir-2019-01-01" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow" data-sw-label="utmsource"><input type="hidden" name="utmsource" class="mktoField mktoFieldDescriptor mktoFormCol" value="direct" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow" data-sw-label="utmmedium"><input type="hidden" name="utmmedium" class="mktoField mktoFieldDescriptor mktoFormCol" value="website" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow" data-sw-label="utmcontent"><input type="hidden" name="utmcontent" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow" data-sw-label="utmterm"><input type="hidden" name="utmterm" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow" data-sw-label="formURL"><input type="hidden" name="formURL" class="mktoField mktoFieldDescriptor mktoFormCol"
value="https://www.n-able.com/blog/patch-tuesday-october-2024-counting-down-to-windows-10-eos-while-internet-explorer-lives" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow" data-sw-label="gaClientId__c"><input type="hidden" name="gaClientId__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow" data-sw-label="referrerCode"><input type="hidden" name="referrerCode" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow" data-sw-label="GCLID__c"><input type="hidden" name="GCLID__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow" data-sw-label="formViewIdentifier"><input type="hidden" name="formViewIdentifier" class="mktoField mktoFieldDescriptor mktoFormCol" value="1730279197473.0001985" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow" data-sw-label="referrerString"><input type="hidden" name="referrerString" class="mktoField mktoFieldDescriptor mktoFormCol" value="false false " style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow" data-sw-label="globalFormID"><input type="hidden" name="globalFormID" class="mktoField mktoFieldDescriptor mktoFormCol" value="356-UVH-403" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow" data-sw-label="optMail">
<div class="mktoFieldDescriptor mktoFormCol" style="margin-bottom: 5px;">
<div class="mktoOffset" style="width: 5px;"></div>
<div class="mktoFieldWrap"><label for="optMail" id="LbloptMail" class="mktoLabel mktoHasWidth" style="width: 100px;">
<div class="mktoAsterix">*</div>Yes, I would like to receive product and marketing-related communications from N-able. I can unsubscribe at any time.
</label>
<div class="mktoGutter mktoHasWidth" style="width: 5px;"></div>
<div title="Tell us if you want to receive communications from us" class="mktoLogicalField mktoCheckboxList mktoHasWidth" style="width: 150px;"><input name="optMail" id="optMail" type="checkbox" value="yes"
aria-labelledby="LbloptMail InstructoptMail" class="mktoField"><label for="optMail" id="LbloptMail"></label></div><span id="InstructoptMail" tabindex="-1" class="mktoInstruction">Tell us if you want to receive communications from
us</span>
<div class="mktoClear"></div>
</div>
<div class="mktoClear"></div>
</div>
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow" data-sw-label="terms">
<div class="mktoFormCol" style="margin-bottom: 5px;">
<div class="mktoOffset mktoHasWidth" style="width: 5px;"></div>
<div class="mktoFieldWrap">
<div class="mktoHtmlText mktoHasWidth" style="width: 255px;">
<div data-sw-name="terms" data-sw-element="true">By submitting this form, you consent to the processing by N-able of your personal data in accordance with our
<a href="https://www.n-able.com/legal/software-services-agreement" target="_blank" rel="noopener noreferrer" class="line--added"><span class="linkline">Terms of Service</span></a> and
<a href="https://www.n-able.com/legal/privacy" target="_blank" rel="noopener noreferrer" class="line--added"><span class="linkline">Privacy Notice</span></a>. N-able will use this data to communicate with you about your request and
related activity.</div>
</div>
<div class="mktoClear"></div>
</div>
<div class="mktoClear"></div>
</div>
<div class="mktoClear"></div>
</div>
<div class="mktoButtonRow"><span class="mktoButtonWrap mktoNative" style="margin-left: 110px;"><button type="submit" class="mktoButton">SUBSCRIBE NOW</button></span></div><input type="hidden" name="formid" class="mktoField mktoFieldDescriptor"
value="5033"><input type="hidden" name="munchkinId" class="mktoField mktoFieldDescriptor" value="356-UVH-403"><input type="hidden" name="oppOverride" class="mktoField mktoFieldDescriptor" value=" "><input type="hidden" name="dnbEmail"
class="mktoField mktoFieldDescriptor" value="">
</form><form novalidate="novalidate" class="mktoForm mktoHasWidth mktoLayoutLeft" style="font-size: 13px; color: rgb(51, 51, 51); visibility: hidden; position: absolute; top: -500px; left: -1000px; width: 1600px;"></form>Text Content
https://www.googletagmanager.com/ns.html?id=GTM-M897H7" height="0" width="0"
style="display:none;visibility:hidden">
* Products
* Solutions
* Resources
* Company
Solutions for MSPs and IT Teams
* en
PortuguêsItalianoFrançaisEspañolDeutsch
Login
Get started
Solutions for MSPs and IT Teams
* en
PortuguêsItalianoFrançaisEspañolDeutsch
* Products
* Solutions
* Resources
* Company
* Get started
* Login
All pages
Remote Monitoring & Management
N-central RMM
RMM for growing MSPs and IT teams managing complex networks.
N-sight RMM
All-in-one RMM for IT service providers seeking quick time to value
Cloud Management
Cloud Commander NEW
Multi-tenant solution to manage, secure, and automate Microsoft 365, Azure
resources, and Intune.
Data Protection
Cove Data Protection
Cloud-first backup and disaster recovery for servers, workstations, and
Microsoft 365.
Features
How it works
Resources
TCO Calculator
Security
Endpoint Security
Advanced, AI-based endpoint security solutions that protect proactively.
Managed Detection and
Response NEW
Leverage a team of experts to manage your entire security toolset.
DNS Filtering
Protect every click with advanced DNS security, powered by AI.
Mail Assure
Collective-intelligence-driven email security to stop inbox attacks.
Passportal
Password and documentation manager to help prevent credential theft.
Tools & Services
MSP Manager
Robust help desk offering ticketing, reporting, and billing management.
Take Control
Secure, fast remote access to help you quickly resolve technical issues.
N-hanced Services
Help you unlock the full potential of N‑able products quickly.
All products Product roadmaps Product Integrations Contact Us
All pages
By Product Type
Monitoring & Management
Take full control of your networks with our powerful RMM platforms.
Data Protection
Save time and keep backups safely out of the reach of ransomware.
Security
Stay ahead of IT threats with layered protection designed for ease of use.
Unified Endpoint Management
Manage more devices and remote users from anywhere.
By Business Type
Solutions for MSPs
Powerful software and services to help you build, scale, and support your
business.
Solutions for IT Departments
Corporate IT departments driving efficiency and security.
COVE NOW SUPPORTS CLOUD DISASTER RECOVERY IN AZURE
Cove's innovative cloud-first architecture offers IT professionals top-quality
disaster recovery with up to 60% lower cost than proprietary appliances.
See more
All pages
Learn
Resource Library
Daily Live Product Demos
Head Nerds
MarketBuilder
Customer Stories
Automation Cookbook
MSP Institute
The Studio
Connect
Blog
Events
On-Demand Webinars
N-ableMe Success Center
Security & Privacy
Contact Us
THE MSP HORIZONS REPORT – 2024
Set your sights on the future of the MSP industry with the first ever MSP
Horizons Report, jointly produced by N‑able and international MSP-focused
research firm, Canalys.
Get the report
All pages
Company
About Us
Contact Us
Our People
Customer Support
News & Press
Careers
Investors
Partner Programs
Partner Success
Technology Alliance Program
Reseller Program
Distributor Program
Elite Programs
AllStar Program
WINNER - BEST IN CLASS, MSP PLATFORMS
Ranking first in Product Innovation, Partnership and Managed & Cloud Services,
N‑able was awarded the 2023 CRN ARC Award for Best in Class, MSP Platforms.
Read more
Head Nerds
Patch Management
Security
PATCH TUESDAY OCTOBER 2024: COUNTING DOWN TO WINDOWS 10 EOS, WHILE INTERNET
EXPLORER LIVES
By Lewis Pope
Head Nerd
October 11th, 2024 10 mins
Content
Microsoft Vulnerabilities Windows Lifecycle Management Microsoft Patch Tuesday
Vulnerability Prioritization Summary
WANT TO STAY UP TO DATE?
Get the latest MSP tips, tricks, and ideas sent to your inbox each week.
Loading form....
If the form does not load in a few seconds, it is probably because your browser
is using Tracking Protection. This is either an Ad Blocker plug-in or your
browser is in private mode. Please allow tracking on this page to request a
trial.
If this issue persists, please visit our Contact Sales page for local phone
numbers.
Note: Firefox users may see a shield icon to the left of the URL in the address
bar. Click on this to disable tracking protection for this session/site
*
*
Yes, I would like to receive product and marketing-related communications from
N-able. I can unsubscribe at any time.
Tell us if you want to receive communications from us
By submitting this form, you consent to the processing by N-able of your
personal data in accordance with our Terms of Service and Privacy Notice. N-able
will use this data to communicate with you about your request and related
activity.
SUBSCRIBE NOW
The long tail of Internet Explorer reappears in this month’s Microsoft Patch
Tuesday release as we hit the one year mark for the impending Windows 10 end of
support. A multi-month issue with Remote Desktop Gateway services crashing on
Windows Servers since July’s security updates has also been addressed this
month, so any teams that have put in place deferments to preserve Remote Desktop
functionality should be quickly evaluating moving forward in light of this
month’s updates to close multiple vulnerabilities.
MICROSOFT VULNERABILITIES
A total of 119 new vulnerabilities were addressed with fixes for October’s Patch
Tuesday. Included in those are fixes for five zero-day vulnerabilities that were
marked as publicly disclosed—two of which are Under Active Exploitation. Also
buried in the release notes is an update for CVE-2024-38095. This was originally
announced and addressed with a security update in July 2024, and highlights that
sometimes just hitting go on your patch management solution of choice isn’t
always enough to secure an environment.
CVE-2024-38095 is a .NET and Visual Studio Denial of Service vulnerability that
affected multiple builds of Microsoft Visual Studio 2022, .NET 8.0, and
Powershell 7.2 and 7.4. Microsoft added .NET 6.0 to the list of affected
products, but did not and will not provide a fix to address the vulnerability.
From the release notes description: “In the Security Updates table, added .NET
6.0 as it is also affected by this vulnerability. Note that there is no security
update for .NET 6.0 to address this vulnerability. HTTP/3 support was only
experimental in .NET 6.0, so if you are using .NET 6 you must update your
application to .NET 8 to be protected.”
CVE-2024-43573 is a Windows MSHTML Platform spoofing vulnerability that affects
Windows systems potentially as far back as Windows 8. Microsoft has listed
Windows 10 as well as Windows Server 2012 R2 and forward as being affected by
the vulnerability, and has provided fixes for those supported Windows builds.
However, the vulnerability may also exist in older versions of Windows as the
MSHTML Platform and other components were integral to Internet Explorer 11,
which was released on Windows 8 in 2013.
CVE-2024-6197 is one of the publicly disclosed zero-days that has not been seen
being exploited in the wild yet. It’s been marked as Exploitation Less Likely,
but combining it with other TTPs or vulnerabilities could result in easier
exploitation of the vulnerability. An attacker who can successfully get a client
to connect to a malicious server with a curl command could potentially reach
remote code execution on the victim system, at the moment that would result in
only a crash of the system.
WINDOWS LIFECYCLE MANAGEMENT
With only one year remaining until Windows 10 reaches the end of support from
Microsoft on October 14, 2025, now is the time to start planning hardware
migrations and necessary updates to keep systems on supported Windows builds.
While Windows 10 has provided over a decade of reliable service—and many
end-users have known only this operating system—it is important for Managed
Service Providers (MSPs) to have prepared and led their clients through the
required end-user training and project work before support ends. Planning a
significant transition like this ahead of time is always easier than trying to
convince end-users to give up an out-of-support system that still allows them to
perform their daily tasks.
MICROSOFT PATCH TUESDAY VULNERABILITY PRIORITIZATION
Addressing vulnerabilities effectively requires a mix of adhering to established
best practices and leveraging informed judgment. While it’s a natural instinct
to rank vulnerabilities with critical severity ratings higher on the list of
things that need to be addressed, relying on severity ratings alone can be
limiting. An often-overlooked component is temporal metrics, which provide a
measure of the window of vulnerability—the time from initial vulnerability
discovery to the availability and application of the patch. This is essential as
the longer a vulnerability exists without a fix, the greater the potential for
exploitation. By integrating temporal metrics into the risk evaluation process,
organizations can gain a more comprehensive understanding of the threat
landscape and potential attack vectors, ensuring that they don’t leave
themselves open to unnecessary risks.
Table Key: Severity: C = Critical, I = Important, M = Moderate, R =
Re-issue; Status: EML = Exploitation More Likely, ELL = Exploitation Less
Likely, ED = Exploitation Detected, EU = Exploitation Unlikely, N/A = Not
Available
CVE Number
CVE Title
Severity
Status
CVE-2024-43572 Microsoft Management Console Remote Code Execution
Vulnerability
I
ED
CVE-2024-43573 Windows MSHTML Platform Spoofing Vulnerability
M
ED
CVE-2024-43488 Visual Studio Code extension for Arduino Remote Code Execution
Vulnerability
C
ELL
CVE-2024-43582 Remote Desktop Protocol Server Remote Code Execution
Vulnerability
C
ELL
CVE-2024-43468 Microsoft Configuration Manager Remote Code Execution
Vulnerability
C
ELL
CVE-2024-43610 Copilot Studio Information Disclosure Vulnerability
C
EML
CVE-2024-43583 Winlogon Elevation of Privilege Vulnerability
I
EML
CVE-2024-43560 Microsoft Windows Storage Port Driver Elevation of Privilege
Vulnerability
I
EML
CVE-2024-43556 Windows Graphics Component Elevation of Privilege Vulnerability
I
EML
CVE-2024-43509 Windows Graphics Component Elevation of Privilege Vulnerability
I
EML
CVE-2024-43615 Microsoft OpenSSH for Windows Remote Code Execution Vulnerability
I
EML
CVE-2024-43609 Microsoft Office Spoofing Vulnerability
I
EML
CVE-2024-43581 Microsoft OpenSSH for Windows Remote Code Execution Vulnerability
I
EML
CVE-2024-43502 Windows Kernel Elevation of Privilege Vulnerability
I
EML
SUMMARY
As always make sure you have established patching processes for evaluation,
testing and pushing into production. If you have traditionally only dealt with
patches by applying them based on their severity consider including
prioritization of patches for Zero-Days, Exploitation Detected and Exploitation
More Likely vulnerabilities in your Patch Management routines.
Looking for more blogs on patching, or looking for previous Microsoft Patch
Tuesday Reviews, then check out the Patch Management section of our blog.
Lewis Pope is the Head Security Nerd at N‑able. You can follow him on
Twitter: @cybersec_nerd
LinkedIn: thesecuritypope
Twitch: cybersec_nerd
© 2024 N‑able Solutions ULC and N‑able Technologies Ltd. All rights reserved.
This document is provided for informational purposes only and should not be
relied upon as legal advice. N‑able makes no warranty, express or implied, or
assumes any legal liability or responsibility for the accuracy, completeness, or
usefulness of any information contained herein.
The N-ABLE, N-CENTRAL, and other N‑able trademarks and logos are the exclusive
property of N‑able Solutions ULC and N‑able Technologies Ltd. and may be common
law marks, are registered, or are pending registration with the U.S. Patent and
Trademark Office and with other countries. All other trademarks mentioned herein
are used for identification purposes only and are trademarks (and may be
registered trademarks) of their respective companies.
RECOMMENDED
October 29th, 2024 6 min read
UNDERSTANDING SWAGGER OPERATIONS: A GUIDE TO RESTFUL API INTERACTIONS
Read more
October 24th, 2024 9 min read
NOVEMBER 2024: HEAD NERD BOOTCAMP AND OFFICE HOURS AGENDA
Read more
October 17th, 2024 4 min read
PODCAST: BEYOND THE HORIZON—MSP GUIDE TO GETTING STARTED WITH COMPLIANCE AS AS
SERVICE (CAAS)
Read more
* Facebook
* Linked-In
* Twitter
* You Tube
* Products
* Remote Monitoring & Management
* N-central RMM
* N-sight RMM
* Cloud Management
* Cloud Commander
* Cove Data Protection
* Backup
* Disaster Recovery
* Data Retention
* Microsoft 365 Backup
* Security
* EDR
* Threat Hunting
* Managed EDR
* DNS Filtering
* Mail Assure
* Passportal
* Tools & Services
* MSP Manager
* Take Control
* N-hanced Services
* Integrations
* Features
* Glossary
* Solutions
* Solutions for MSPs
* Solutions for IT Departments
* Resources
* Resource Library
* Events
* The Studio
* Blog
* Company
* Partnerships
* Careers
* Investors
* Partner Success
* Security & Privacy
* Contact
* English
PortuguêsItalianoFrançaisEspañolDeutsch
* Legal
* Terms of use
* Privacy Notice
* Sitemap
* Cookies Settings
© 2024 N‑able Solutions ULC and N‑able Technologies Ltd.
All rights reserved.
This Website uses first and third-party cookies to better understand your
preferences, optimize our Website and Services, enhance user experiences,
personalize content and ads, and provide social media and other third-party
features.
Cookies Settings
PRIVACY PREFERENCE CENTER
* YOUR PRIVACY
* STRICTLY NECESSARY COOKIES
* PERFORMANCE COOKIES
* FUNCTIONAL COOKIES
* TARGETING COOKIES
YOUR PRIVACY
When you visit any website, it may store or retrieve information on your
browser, mostly in the form of cookies. This information might be about you,
your preferences or your device and is mostly used to make the site work as you
expect it to. The information does not usually directly identify you, but it can
give you a more personalized web experience. Because we respect your right to
privacy, you can choose not to allow some types of cookies. Click on the
different category headings to find out more and change our default settings.
However, blocking some types of cookies may impact your experience of the site
and the services we are able to offer.
More information
STRICTLY NECESSARY COOKIES
Always Active
These cookies are necessary for the website to function and cannot be switched
off in our systems. They are usually only set in response to actions made by you
which amount to a request for services, such as setting your privacy
preferences, logging in or filling in forms. You can set your browser to block
or alert you about these cookies, but some parts of the site will not then work.
These cookies do not store any personally identifiable information.
PERFORMANCE COOKIES
Performance Cookies
These cookies allow us to count visits and traffic sources so we can measure and
improve the performance of our site. They help us to know which pages are the
most and least popular and see how visitors move around the site. All
information these cookies collect is aggregated and therefore anonymous. If you
do not allow these cookies we will not know when you have visited our site, and
will not be able to monitor its performance.
FUNCTIONAL COOKIES
Functional Cookies
These cookies enable the website to provide enhanced functionality and
personalisation. They may be set by us or by third party providers whose
services we have added to our pages. If you do not allow these cookies then some
or all of these services may not function properly.
TARGETING COOKIES
Targeting Cookies
These cookies may be set through our site by our advertising partners. They may
be used by those companies to build a profile of your interests and show you
relevant adverts on other sites. They do not store directly personal
information, but are based on uniquely identifying your browser and internet
device. If you do not allow these cookies, you will experience less targeted
advertising.
Back Button
COOKIE LIST
Filter Button
Consent Leg.Interest
checkbox label label
checkbox label label
checkbox label label
Clear
checkbox label label
Apply Cancel
Confirm My Choices
Allow All