Security
Headlines
HeadlinesLatestCVEs

Headline

Four zero-days included in group of 79 vulnerabilities Microsoft discloses, including one with 9.8 severity score

September’s monthly round of patches from Microsoft included 79 vulnerabilities, seven of which are considered critical.

TALOS
#vulnerability#web#mac#windows#microsoft#cisco#rce#auth#zero_day

Tuesday, September 10, 2024 15:30

Microsoft disclosed four vulnerabilities that are actively being exploited in the wild as part of its regular Patch Tuesday security update this week in what’s become a regular occurrence for the company’s patches in 2024.

Two of the zero-day vulnerabilities, CVE-2024-38226 and CVE-2024-38014, exist in the Microsoft Publisher software and Windows Installer, respectively. Last month, Microsoft disclosed six vulnerabilities in its Patch Tuesday that were already being exploited in the wild.

In all, September’s monthly round of patches from Microsoft included 79 vulnerabilities, seven of which are considered critical. In addition to the zero-days disclosed Tuesday, Microsoft also fixed a security issue that had already been publicly disclosed: CVE-2024-38217, a vulnerability in Windows Mark of the Web that could allow an adversary to bypass usual MOTW detection techniques.

Cisco Talos’ Vulnerability Research team also discovered an information disclosure vulnerability in the AllJoyn API that could allow an adversary to access uninitialized memory. CVE-2024-38257 is considered “less likely” to be exploited, though it does not require any user interaction or user privileges.

The most serious of the issues included in September’s Patch Tuesday is CVE-2024-43491, which has a severity score of 9.8 out of 10. CVE-2024-43491, a remote code execution issue in Windows Update, is considered “more likely” to be exploited, though Microsoft disclosed few details about the nature of this vulnerability.

There are also four remote code execution vulnerabilities in SharePoint Server that are also considered “more likely” to be exploited: CVE-2024-38018, CVE-2024-38227, CVE-2024-38228 and CVE-2024-43464.

In the case of the latter three vulnerabilities, an authenticated attacker with Site Owner permissions can inject arbitrary code and execute code in the context of SharePoint Server. However, an attacker only needs to have Site Member permissions to exploit CVE-2024-38018.

CVE-2024-38226, one of the zero-days disclosed this week, is a security feature bypass vulnerability in Microsoft Publisher that could allow an attacker to bypass the default Microsoft Office macro policies used to block untrusted or malicious files. An adversary could exploit this vulnerability by tricking a user into opening a specially crafted, malicious file in Microsoft Publisher, which could lead to a local attack on the victim’s machine. Macros have been blocked by default on Office software to prevent attackers from hiding malicious code in them.

Another vulnerability being actively exploited in the wild, CVE-2024-38014, is an issue in Windows Installer that could allow an adversary to gain SYTEM-level privileges. This issue affects Windows 11, version 24H2, which is currently only available on certain Microsoft Copilot+ devices, among other older versions of Windows 10 and 11.

A complete list of all the other vulnerabilities Microsoft disclosed this month is available on its update page.

In response to these vulnerability disclosures, Talos is releasing a new Snort rule set that detects attempts to exploit some of them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Cisco Security Firewall customers should use the latest update to their ruleset by updating their SRU. Open-source Snort Subscriber Rule Set customers can stay up to date by downloading the latest rule pack available for purchase on Snort.org.

The rules included in this release that protect against the exploitation of many of these vulnerabilities are 63979 - 63984 and 63987 - 63994. There are also Snort 3 rules 301008 - 301013.

Related news

Palo Alto Networks GlobalProtect Local Privilege Escalation

Palo Alto Networks GlobalProtect versions 5.1.x, 5.2.x, 6.0.x, 6.1.x, 6.3.x and versions less than 6.2.5 suffer from a local privilege escalation vulnerability.

Nitro PDF Pro Local Privilege Escalation

The Nitro PDF Pro application uses a .msi installer file (embedded into an executable .exe installer file) for installation. The MSI installer uses custom actions in repair mode in an unsafe way. Attackers with low-privileged system access to a Windows system where Nitro PDF Pro is installed, can exploit the cached MSI installer's custom actions to effectively escalate privileges and get a command prompt running in context of NT AUTHORITY\SYSTEM. Versions prior to 14.26.1.0 and 13.70.8.82 and affected.

Talk of election security is good, but we still need more money to solve the problem

This year, Congress only allocated $55 million in federal grant dollars to states for security and other election improvements.

Microsoft Issues Patches for 79 Flaws, Including 3 Actively Exploited Windows Flaws

Microsoft on Tuesday disclosed that three new security flaws impacting the Windows platform have come under active exploitation as part of its Patch Tuesday update for September 2024. The monthly security release addresses a total of 79 vulnerabilities, of which seven are rated Critical, 71 are rated Important, and one is rated Moderate in severity. This is aside from 26 flaws that the tech

Bug Left Some Windows PCs Dangerously Unpatched

Microsoft Corp. today released updates to fix at least 79 security vulnerabilities in its Windows operating systems and related software, including multiple flaws that are already showing up in active attacks. Microsoft also corrected a critical bug that has caused some Windows 10 PCs to remain dangerously unpatched against actively exploited vulnerabilities for several months this year.

Microsoft Discloses 4 Zero-Days in September Update

This month's Patch Tuesday contains a total of 79 vulnerabilities — the fourth largest of the year.

TALOS: Latest News

NVIDIA shader out-of-bounds and eleven LevelOne router vulnerabilities