October’s Patch Tuesday contains fixes for 104 vulnerabilities, including 3 zero-days

This month was the 20th anniversary of Patch Tuesday from Microsoft. The occasion was celebrated with a release of an impressive 104 security patches, twelve of them ranked as critical, 43% related to remote code execution risks, and three addressing zero-day vulnerabilities, meaning attackers were actively targeting the vulnerability prior to patch availability.

Patching of the vulnerabilities, exploited or not, should be a priority for all organizations. To ensure you detect missing patches or systems where automatic patching is failing, auditing and control is key. Authenticated scanning using either Outscan NX, HIAB, or the use of the Agent option will give you excellent coverage for all issues addressed in the Patch Tuesday.

HTTP/2 Rapid Reset Attack (CVE-2023-44487)

Amongst the most critical issues was the zero-day vulnerability in the HTTP/2.0 protocol (CVE-2023-44487) that can be exploited to carry out DDoS attacks. The attacks are based on a flaw in the implementation of HTTP/2.0, and means that a relatively small set of bots can cause large-scale attacks.

Several web-server vendors and projects have released patches to mitigate the flaw. As the flaw is foundational to how HTTP/2.0 as a protocol has been designed. It was a universal issue, which affected most, if not all modern webservers.

Addressing the risks of CVE-2023-44487 starts with finding the systems affected by the risk. For Outpost24 customers, detections are released and available in the HIAB and Outscan NX platforms for F5 BIG-IP, Nginx, FreeBSD, Debian and several Microsoft solutions. More detections are released as vendors provide patches for mitigation.

About the Author

Martin Jartelius
Martin Jartelius CISO, Outpost24

Martin is the esteemed Outpost24 group CISO, bringing with him a wealth of experience in penetration testing and forensics. With more than a decade of dedicated work in the vulnerability management field, Martin not only oversees but also provides support to the teams engaged in researching threat actors, malware, and vulnerabilities.