Headline
Microsoft September 2024 Patch Tuesday Fixes 79 Flaws, Including 4 Zero-Days
Microsoft’s September 2024 Patch Tuesday is here. Make sure you’ve applied the necessary patches!
Microsoft September 2024 Patch Tuesday addresses 79 security vulnerabilities, including four actively exploited zero-days. It covers critical flaws in Windows Installer, MoTW, Publisher, and Windows Update.
Microsoft’s September 2024 Patch Tuesday is packed with critical updates, addressing a total of 79 vulnerabilities, including four actively exploited flaws and one publicly disclosed zero-day. Seven of these vulnerabilities were rated as critical, most of which were either remote code execution (RCE) or elevation of privileges (EoP) flaws.
****Highlighting Critical Vulnerabilities********1. Actively Exploited Vulnerabilities:****
Among the most urgent updates were four vulnerabilities that were being actively exploited by malicious actors. These vulnerabilities represent a major risk to users and organizations that have yet to apply the patches, as they were being used in real-world attacks before the patches were available.
****CVE-2024-38217 – Windows Mark of the Web (MoTW) Security Feature Bypass Vulnerability:****
This critical vulnerability allows attackers to bypass security warnings meant to protect users from opening files from untrusted sources. Attackers can manipulate these security features to deceive users into executing malicious files without triggering the standard MoTW prompts. This vulnerability has previously been linked to ransomware attacks, making it a high-priority fix.
****CVE-2024-43461 – Windows MSHTML Platform Spoofing Vulnerability:****
This vulnerability enables attackers to spoof legitimate web content, which can be leveraged for phishing attacks and unauthorized data theft. This flaw shares similarities with CVE-2024-38112, which was used by advanced persistent threat (APT) groups in zero-day attacks. Given the active exploitation of related vulnerabilities, CVE-2024-43461 has a high likelihood of being used in future attacks.
****2. Zero-Day Vulnerabilities:********CVE-2024-43491 — Remote Code Execution in Windows Update:****
This critical vulnerability could allow attackers to remotely execute code by exploiting weaknesses in the Windows Update process, gaining control of affected systems.
****CVE-2024-38014 — Elevation of Privilege in Windows Installer:****
This vulnerability allows attackers to gain elevated privileges by exploiting flaws in the Windows Installer, providing them with administrative-level access to compromised systems.
****CVE-2024-38217 — Windows Mark of the Web (MoTW) Bypass Vulnerability:****
Attackers can bypass the security mechanisms of MoTW, which are designed to alert users about harmful files downloaded from the internet, leading to unauthorized code execution.
****CVE-2024-38226 — Microsoft Publisher Security Bypass:****
This flaw allows attackers to exploit the security features in Microsoft Publisher, enabling them to execute malicious code by bypassing standard file protections.
****Critical Vulnerabilities Fixed****
Seven vulnerabilities were marked as critical, primarily involving remote code execution (RCE) or elevation of privilege. These vulnerabilities include:
- CVE-2024-43455 – Windows Remote Desktop Protocol (RDP) RCE vulnerability, which could allow attackers to remotely execute code on a compromised system, gaining full control of the machine.
- CVE-2024-43456 – Windows Kernel EoP vulnerability, allowing attackers to escalate their privileges on a targeted system, gaining administrative rights.
- CVE-2024-43469 – A high-severity remote code execution vulnerability in Azure CycleCloud, allowing attackers to execute arbitrary code with limited privileges. It has a CVSS score of 8.8, making patching critical to prevent exploitation
****Recommendations and Mitigation****
Given the critical nature of many of these vulnerabilities, especially the actively exploited and publicly disclosed flaws, Microsoft strongly recommends that organizations prioritize patch deployment.
Patch Management: Enterprises should accelerate their patch management processes to mitigate risks associated with vulnerabilities like CVE-2024-38217 and CVE-2024-43461. These flaws are being actively exploited in the wild, posing substantial risks to unpatched systems.
User Education: Beyond technical protection, users must be made aware of the dangers of interacting with untrusted files and websites. This is important in mitigating the MoTW and spoofing vulnerabilities discussed earlier.
The complete list of vulnerabilities, along with guidance on mitigation strategies, can be found here on Microsoft’s official September 2024 Patch Tuesday update.
Saeed Abbasi, Manager of Vulnerability Research at Qualys Threat Research Unit, commented on Microsoft’s September 2024 Patch Tuesday, stressing the importance of applying the updates promptly to mitigate possible risks.
“CVE-2024-38217 vulnerability allows an attacker to manipulate the security warnings that typically inform users about the risks of opening files from unknown or untrusted sources and similar MoTW bypasses have historically been linked to ransomware attacks, where the stakes are high,” Saeed warned.
He further stressed “Given the exploit’s public disclosure and confirmed exploitation, it is a prime vector for cybercriminals to infiltrate corporate networks. Enterprises must prioritize patch management and educate users on the risks of downloading files from untrusted sources to mitigate the exploitation of such vulnerabilities.”
“The CVE-2024-43461 vulnerability mirrors the patterns of CVE-2024-38112 where the exploitation might be repurposed against CVE-2024-43461 due to the similar attack vectors involved. There exists a high likelihood of exploitation, as this vulnerability enables attackers to spoof legitimate web content, leading to unauthorized actions such as phishing and data theft,” he added.
“This risk is highlighted by past incidents where similar vulnerabilities were actively exploited in the wild, posing substantial security challenges to corporate networks. Given the critical nature of this vulnerability, we recommend fast-tracking patch management processes to mitigate potential impacts,” Saeed advised.
- Mailcow Patches XSS and File Overwrite Flaws – Update NOW
- Google Patches Flaws in Quick Share After Researchers’ Warning
- Broadcom: Urgent Patch for Severe VMware vCenter Server Flaws
- TellYouThePass Ransomware Exploits Critical PHP Flaw, Patch NOW
- PATCH NOW! Veeam Flaw Puts Thousands of Backup Servers at Risk
Related news
What is known about the Spoofing – Windows MSHTML Platform (CVE-2024-43573) vulnerability from the October Microsoft Patch Tuesday? In fact, just that it is being exploited in the wild. There are no write-ups or public exploits yet. The Acknowledgements section in the Microsoft bulletin is empty. It is not clear who reported it and from […]
September episode of “In The Trend of VM”: 7 CVEs, fake reCAPTCHA, lebanese pagers, VM and IT annual bonuses. Starting this month, we decided to slightly expand the topics of the videos and increase their duration. I cover not only the trending vulnerabilities of September, but also social engineering cases, real-world vulnerability exploitation, and practices […]
Palo Alto Networks GlobalProtect versions 5.1.x, 5.2.x, 6.0.x, 6.1.x, 6.3.x and versions less than 6.2.5 suffer from a local privilege escalation vulnerability.
Microsoft has released security updates to fix a total of 118 vulnerabilities across its software portfolio, two of which have come under active exploitation in the wild. Of the 118 flaws, three are rated Critical, 113 are rated Important, and two are rated Moderate in severity. The Patch Tuesday update doesn't include the 25 additional flaws that the tech giant addressed in its Chromium-based
Threat actors are actively exploiting two of the vulnerabilities, while three others are publicly known and ripe for attack.
The Nitro PDF Pro application uses a .msi installer file (embedded into an executable .exe installer file) for installation. The MSI installer uses custom actions in repair mode in an unsafe way. Attackers with low-privileged system access to a Windows system where Nitro PDF Pro is installed, can exploit the cached MSI installer's custom actions to effectively escalate privileges and get a command prompt running in context of NT AUTHORITY\SYSTEM. Versions prior to 14.26.1.0 and 13.70.8.82 and affected.
Attackers have been using the Windows MSHTML Platform spoofing vulnerability in conjunction with another zero-day flaw.
Microsoft on Tuesday disclosed that three new security flaws impacting the Windows platform have come under active exploitation as part of its Patch Tuesday update for September 2024. The monthly security release addresses a total of 79 vulnerabilities, of which seven are rated Critical, 71 are rated Important, and one is rated Moderate in severity. This is aside from 26 flaws that the tech
Microsoft on Tuesday disclosed that three new security flaws impacting the Windows platform have come under active exploitation as part of its Patch Tuesday update for September 2024. The monthly security release addresses a total of 79 vulnerabilities, of which seven are rated Critical, 71 are rated Important, and one is rated Moderate in severity. This is aside from 26 flaws that the tech
Microsoft on Tuesday disclosed that three new security flaws impacting the Windows platform have come under active exploitation as part of its Patch Tuesday update for September 2024. The monthly security release addresses a total of 79 vulnerabilities, of which seven are rated Critical, 71 are rated Important, and one is rated Moderate in severity. This is aside from 26 flaws that the tech
Microsoft on Tuesday disclosed that three new security flaws impacting the Windows platform have come under active exploitation as part of its Patch Tuesday update for September 2024. The monthly security release addresses a total of 79 vulnerabilities, of which seven are rated Critical, 71 are rated Important, and one is rated Moderate in severity. This is aside from 26 flaws that the tech
Microsoft Corp. today released updates to fix at least 79 security vulnerabilities in its Windows operating systems and related software, including multiple flaws that are already showing up in active attacks. Microsoft also corrected a critical bug that has caused some Windows 10 PCs to remain dangerously unpatched against actively exploited vulnerabilities for several months this year.
This month's Patch Tuesday contains a total of 79 vulnerabilities — the fourth largest of the year.
This month's Patch Tuesday contains a total of 79 vulnerabilities — the fourth largest of the year.
This month's Patch Tuesday contains a total of 79 vulnerabilities — the fourth largest of the year.
This month's Patch Tuesday contains a total of 79 vulnerabilities — the fourth largest of the year.
This month's Patch Tuesday contains a total of 79 vulnerabilities — the fourth largest of the year.
This month's Patch Tuesday contains a total of 79 vulnerabilities — the fourth largest of the year.
September’s monthly round of patches from Microsoft included 79 vulnerabilities, seven of which are considered critical.
September’s monthly round of patches from Microsoft included 79 vulnerabilities, seven of which are considered critical.
September’s monthly round of patches from Microsoft included 79 vulnerabilities, seven of which are considered critical.
September’s monthly round of patches from Microsoft included 79 vulnerabilities, seven of which are considered critical.
Though IE was officially retired in June 2022, the vulnerability ramped up in January 2023 and has been going strong since.
Telecommunications provider AT&T disclosed earlier this month that adversaries stole a cache of data that contained the phone numbers and call records of “nearly all” of its customers.
The threat group used CVE-2024-38112 and a "zombie" version of IE to spread Atlantida Stealer through purported PDF versions of reference books.
An advanced persistent threat (APT) group called Void Banshee has been observed exploiting a recently disclosed security flaw in the Microsoft MHTML browser engine as a zero-day to deliver an information stealer called Atlantida. Cybersecurity firm Trend Micro, which observed the activity in mid-May 2024, the vulnerability – tracked as CVE-2024-38112 – was used as part of a multi-stage attack
Microsoft has released patches to address a total of 143 security flaws as part of its monthly security updates, two of which have come under active exploitation in the wild. Five out of the 143 flaws are rated Critical, 136 are rated Important, and four are rated Moderate in severity. The fixes are in addition to 33 vulnerabilities that have been addressed in the Chromium-based Edge browser
Microsoft Corp. today issued software updates to plug 139 security holes in various flavors of Windows and other Microsoft products. Redmond says attackers are already exploiting at least two of the vulnerabilities in active attacks against Windows users.