Summary
October 2024 Patch Tuesday brought a long list of RCEs, and the standouts share a theme of attacks turning back on the attacker. CVE-2024-38124 is a Windows Netlogon flaw that lets an attacker with LAN access impersonate a domain controller and reach domain admin. CVE-2024-43468 is an unauthenticated Config Manager RCE that points to memory-safety issues. They flip the usual RDP story with CVE-2024-43533, a Remote Desktop Client RCE that enables back-hacks against scanners. The team closes on the CUPS print-daemon exposure on Linux and the macOS Sequoia 15.0 update that broke several security tools.
)
)
)
)
)