Headline
Microsoft Issues Patches for 79 Flaws, Including 3 Actively Exploited Windows Flaws
Microsoft on Tuesday disclosed that three new security flaws impacting the Windows platform have come under active exploitation as part of its Patch Tuesday update for September 2024. The monthly security release addresses a total of 79 vulnerabilities, of which seven are rated Critical, 71 are rated Important, and one is rated Moderate in severity. This is aside from 26 flaws that the tech
Windows Security / Vulnerability
Microsoft on Tuesday disclosed that three new security flaws impacting the Windows platform have come under active exploitation as part of its Patch Tuesday update for September 2024.
The monthly security release addresses a total of 79 vulnerabilities, of which seven are rated Critical, 71 are rated Important, and one is rated Moderate in severity. This is aside from 26 flaws that the tech giant resolved in its Chromium-based Edge browser since last month’s Patch Tuesday release.
The three vulnerabilities that have been weaponized in a malicious context are listed below, alongside a bug that Microsoft is treating as exploited -
- CVE-2024-38014 (CVSS score: 7.8) - Windows Installer Elevation of Privilege Vulnerability
- CVE-2024-38217 (CVSS score: 5.4) - Windows Mark-of-the-Web (MotW) Security Feature Bypass Vulnerability
- CVE-2024-38226 (CVSS score: 7.3) - Microsoft Publisher Security Feature Bypass Vulnerability
- CVE-2024-43491 (CVSS score: 9.8) - Microsoft Windows Update Remote Code Execution Vulnerability
“Exploitation of both CVE-2024-38226 and CVE-2024-38217 can lead to the bypass of important security features that block Microsoft Office macros from running,” Satnam Narang, senior staff research engineer at Tenable, said in a statement.
“In both cases, the target needs to be convinced to open a specially crafted file from an attacker-controlled server. Where they differ is that an attacker would need to be authenticated to the system and have local access to it to exploit CVE-2024-38226.”
As disclosed by Elastic Security Labs last month, CVE-2024-38217 – also referred to as LNK Stomping – is said to have been abused in the wild as far back as February 2018.
CVE-2024-43491, on the other hand, is notable for the fact that it’s similar to the downgrade attack that cybersecurity company SafeBreach detailed early last month.
“Microsoft is aware of a vulnerability in Servicing Stack that has rolled back the fixes for some vulnerabilities affecting Optional Components on Windows 10, version 1507 (initial version released July 2015),” Redmond noted.
“This means that an attacker could exploit these previously mitigated vulnerabilities on Windows 10, version 1507 (Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB) systems that have installed the Windows security update released on March 12, 2024 — KB5035858 (OS Build 10240.20526) or other updates released until August 2024.”
The Windows maker further said it can be resolved by installing the September 2024 Servicing stack update (SSU KB5043936) and the September 2024 Windows security update (KB5043083), in that order.
It’s also worth pointing out that Microsoft’s “Exploitation Detected” assessment for CVE-2024-43491 stems from the rollback of fixes that addressed vulnerabilities impacting some Optional Components for Windows 10 (version 1507) that have been previously exploited.
“No exploitation of CVE-2024-43491 itself has been detected,” the company said. “In addition, the Windows product team at Microsoft discovered this issue, and we have seen no evidence that it is publicly known.”
Software Patches from Other Vendors
In addition to Microsoft, security updates have also been released by other vendors over the past few weeks to rectify several vulnerabilities, including —
- Adobe
- Arm
- Bosch
- Broadcom (including VMware)
- Cisco
- Citrix
- CODESYS
- D-Link
- Dell
- Drupal
- F5
- Fortinet
- Fortra
- GitLab
- Google Android and Pixel
- Google Chrome
- Google Cloud
- Google Wear OS
- Hitachi Energy
- HP
- HP Enterprise (including Aruba Networks)
- IBM
- Intel
- Ivanti
- Lenovo
- Linux distributions Amazon Linux, Debian, Oracle Linux, Red Hat, Rocky Linux, SUSE, and Ubuntu
- MediaTek
- Mitsubishi Electric
- MongoDB
- Mozilla Firefox, Firefox ESR, Focus and Thunderbird
- NVIDIA
- ownCloud
- Palo Alto Networks
- Progress Software
- QNAP
- Qualcomm
- Rockwell Automation
- Samsung
- SAP
- Schneider Electric
- Siemens
- SolarWinds
- SonicWall
- Spring Framework
- Synology
- Veeam
- Zimbra
- Zoho ManageEngine ServiceDesk Plus, SupportCenter Plus, and ServiceDesk Plus MSP
- Zoom, and
- Zyxel
Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
Related news
September episode of “In The Trend of VM”: 7 CVEs, fake reCAPTCHA, lebanese pagers, VM and IT annual bonuses. Starting this month, we decided to slightly expand the topics of the videos and increase their duration. I cover not only the trending vulnerabilities of September, but also social engineering cases, real-world vulnerability exploitation, and practices […]
Palo Alto Networks GlobalProtect versions 5.1.x, 5.2.x, 6.0.x, 6.1.x, 6.3.x and versions less than 6.2.5 suffer from a local privilege escalation vulnerability.
The Nitro PDF Pro application uses a .msi installer file (embedded into an executable .exe installer file) for installation. The MSI installer uses custom actions in repair mode in an unsafe way. Attackers with low-privileged system access to a Windows system where Nitro PDF Pro is installed, can exploit the cached MSI installer's custom actions to effectively escalate privileges and get a command prompt running in context of NT AUTHORITY\SYSTEM. Versions prior to 14.26.1.0 and 13.70.8.82 and affected.
Microsoft's September 2024 Patch Tuesday is here. Make sure you’ve applied the necessary patches!
Microsoft Corp. today released updates to fix at least 79 security vulnerabilities in its Windows operating systems and related software, including multiple flaws that are already showing up in active attacks. Microsoft also corrected a critical bug that has caused some Windows 10 PCs to remain dangerously unpatched against actively exploited vulnerabilities for several months this year.
This month's Patch Tuesday contains a total of 79 vulnerabilities — the fourth largest of the year.
September’s monthly round of patches from Microsoft included 79 vulnerabilities, seven of which are considered critical.
September’s monthly round of patches from Microsoft included 79 vulnerabilities, seven of which are considered critical.
September’s monthly round of patches from Microsoft included 79 vulnerabilities, seven of which are considered critical.
September’s monthly round of patches from Microsoft included 79 vulnerabilities, seven of which are considered critical.