Article

Alert: Microsoft Security Updates – October 2024

Microsoft has released security updates to address vulnerabilities in its software products, including, but not limited to:

Windows OS: 10 and 11.
Windows Server: 2016, 2019, 2022.
Microsoft SQL Server: 2019, 2022.
Microsoft Office: 2016, 2019, Microsoft 365.

The released security updates fix multiple vulnerabilities, which include five zero-day vulnerabilities:

Security Risks

Successful exploitation of unpatched vulnerabilities in Microsoft products may empower authenticated attackers to remotely take control of vulnerable systems, executing malicious code with elevated privileges.

For the full list of security patches released by Microsoft, please refer to Microsoft Security Update Guide. and apply the necessary updates.

Recommended Actions

The National Cyber Security Authority (NCSA) recommends users and administrators:

1. Apply the latest security patches, as soon as possible, to prevent unauthorized control over unpatched systems.

2. Upgrade immediately to the latest supported version of installed Microsoft software in order to continue receiving technical support and security patches.

The following Microsoft software products reached their end-of-life and need to be upgraded immediately:

Windows Vista, XP, 8 and 7
Windows Server 2003, 2003 RE, 2008, 2008 RE, 2008 SP2, 2012 and 2012 R2
Exchange Server 2003, 2007, 2010, 2013
Microsoft SQL Server 2005, 2008, 2012
Microsoft Office 2013

3. Before any updating task, ensure you have a current tested backup of your data.

For further information and support, please contact the National Cyber Security Authority (NCSA) by emailing rwcsirt@ncsa.gov.rw or calling us on 9009.

References
Release Note - October 2024.

11 October 2024

More updates

15 November 2024

Alert: Fortinet Security Updates – November 2024

Fortinet has released a security update to fix multiple vulnerabilities in Fortinet products

13 November 2024

Alert: Microsoft Security Updates – November 2024

Microsoft has released security updates to address vulnerabilities in its software products

11 November 2024

Alert: Cisco Security Updates – November 2024

Cisco has released security updates to address vulnerabilities in multiple Cisco products

31 October 2024

Alert: Compiled Apple Security Updates – October 2024

Apple has released urgent security updates to address a vulnerability affecting multiple products.

Microsoft has released security updates to address vulnerabilities in its software products, including, but not limited to:

Windows OS: 10 and 11.

Windows Server: 2016, 2019, 2022.

Microsoft SQL Server: 2019, 2022.

Microsoft Office: 2016, 2019, Microsoft 365.

The released security updates fix multiple vulnerabilities, which include five zero-day vulnerabilities:

CVE-2024-43573

CVE-2024-43572

CVE-2024-6197

CVE-2024-20659

CVE-2024-43583

Security Risks

Successful exploitation of unpatched vulnerabilities in Microsoft products may empower authenticated attackers to remotely take control of vulnerable systems, executing malicious code with elevated privileges.

For the full list of security patches released by Microsoft, please refer to Microsoft Security Update Guide. and apply the necessary updates.

Recommended Actions

The National Cyber Security Authority (NCSA) recommends users and administrators:

1. Apply the latest security patches, as soon as possible, to prevent unauthorized control over unpatched systems.

2. Upgrade immediately to the latest supported version of installed Microsoft software in order to continue receiving technical support and security patches.

The following Microsoft software products reached their end-of-life and need to be upgraded immediately:

Windows Vista, XP, 8 and 7

Windows Server 2003, 2003 RE, 2008, 2008 RE, 2008 SP2, 2012 and 2012 R2

Exchange Server 2003, 2007, 2010, 2013

Microsoft SQL Server 2005, 2008, 2012

Microsoft Office 2013

3. Before any updating task, ensure you have a current tested backup of your data.

For further information and support, please contact the National Cyber Security Authority (NCSA) by emailing rwcsirt@ncsa.gov.rw or calling us on 9009.

References
Release Note - October 2024.

	info@ncsa.gov.rw
	9009 / 0781813310
	‎+250 791 445 224

Microsoft has released security updates to address vulnerabilities in its software products, including, but not limited to:

Windows OS: 10 and 11.

Windows Server: 2016, 2019, 2022.

Microsoft SQL Server: 2019, 2022.

Microsoft Office: 2016, 2019, Microsoft 365.

The released security updates fix multiple vulnerabilities, which include five zero-day vulnerabilities:

CVE-2024-43573

CVE-2024-43572

CVE-2024-6197

CVE-2024-20659

CVE-2024-43583

Security Risks

Successful exploitation of unpatched vulnerabilities in Microsoft products may empower authenticated attackers to remotely take control of vulnerable systems, executing malicious code with elevated privileges.

For the full list of security patches released by Microsoft, please refer to Microsoft Security Update Guide. and apply the necessary updates.

Recommended Actions

The National Cyber Security Authority (NCSA) recommends users and administrators:

1. Apply the latest security patches, as soon as possible, to prevent unauthorized control over unpatched systems.

2. Upgrade immediately to the latest supported version of installed Microsoft software in order to continue receiving technical support and security patches.

The following Microsoft software products reached their end-of-life and need to be upgraded immediately:

Windows Vista, XP, 8 and 7

Windows Server 2003, 2003 RE, 2008, 2008 RE, 2008 SP2, 2012 and 2012 R2

Exchange Server 2003, 2007, 2010, 2013

Microsoft SQL Server 2005, 2008, 2012

Microsoft Office 2013

3. Before any updating task, ensure you have a current tested backup of your data.

For further information and support, please contact the National Cyber Security Authority (NCSA) by emailing rwcsirt@ncsa.gov.rw or calling us on 9009.

References Release Note - October 2024.

References
Release Note - October 2024.