At this time is Microsoft’s September 2024 Patch Tuesday, which incorporates security updates for 79 flaws, together with 4 actively exploited and one publicly disclosed zero-days.
This Patch Tuesday mounted seven important vulnerabilities, which have been both distant code execution or elevation of privileges flaws.
The variety of bugs in every vulnerability class is listed beneath:
- 30 Elevation of Privilege Vulnerabilities
- 4 Safety Characteristic Bypass Vulnerabilities
- 23 Distant Code Execution Vulnerabilities
- 11 Info Disclosure Vulnerabilities
- 8 Denial of Service Vulnerabilities
- 3 Spoofing Vulnerabilities
To study extra concerning the non-security updates launched at present, you possibly can assessment our devoted articles on the brand new Home windows 11 KB5043076 cumulative replace and Home windows 10 KB5043064 replace.
4 zero-days disclosed
This month’s Patch Tuesday fixes 4 actively exploited, one in every of which was publicly disclosed.
Microsoft classifies a zero-day flaw as one that’s publicly disclosed or actively exploited whereas no official repair is on the market.
The 4 actively exploited zero-day vulnerabilities in at present’s updates are:
CVE-2024-38014 – Home windows Installer Elevation of Privilege Vulnerability
This vulnerability permits assaults to achieve SYSTEM privileges on Home windows programs.
Microsoft has not shared any particulars on the way it was exploited in assaults.
The flaw was found by Michael Baer with SEC Seek the advice of Vulnerability Lab.
CVE-2024-38217 – Home windows Mark of the Internet Safety Characteristic Bypass Vulnerability
This flaw was publicly disclosed final month by Joe Desimone of Elastic Safety and is believed to have been actively exploited since 2018.
Within the report, Desimone outlined a way known as LNK stomping that permits specifically crafted LNK recordsdata with non-standard goal paths or inner constructions to trigger the file to be opened whereas bypassing Good App Management and the Mark of the Internet security warnings.
“An attacker can craft a malicious file that will evade Mark of the Internet (MOTW) defenses, leading to a restricted lack of integrity and availability of security options resembling SmartScreen Utility Repute security verify and/or the legacy Home windows Attachment Companies security immediate,” explains Microsoft’s advisory.
When exploited, it causes the command within the LNK file to be executed with no warning, as demonstrated on this video.
CVE-2024-38226 – Microsoft Writer Safety Characteristic Bypass Vulnerability
Microsoft mounted a Microsoft Writer flaw that bypasses the security protections towards embedded macros in downloaded paperwork.
“An attacker who efficiently exploited this vulnerability may bypass Workplace macro insurance policies used to dam untrusted or malicious recordsdata,” explains Microsoft’s advisory.
Microsoft has not shared who disclosed the flaw and the way it was exploited.
CVE-2024-43491 – Microsoft Home windows Replace Distant Code Execution Vulnerability
Microsoft mounted a servicing stack flaw that permits distant code execution.
“Microsoft is conscious of a vulnerability in Servicing Stack that has rolled again the fixes for some vulnerabilities affecting Elective Parts on Home windows 10, model 1507 (preliminary model launched July 2015),” explains Microsoft’s advisory.
“Which means that an attacker may exploit these beforehand mitigated vulnerabilities on Home windows 10, model 1507 (Home windows 10 Enterprise 2015 LTSB and Home windows 10 IoT Enterprise 2015 LTSB) programs which have put in the Home windows security replace launched on March 12, 2024—KB5035858 (OS Construct 10240.20526) or different updates launched till August 2024. All later variations of Home windows 10 are usually not impacted by this vulnerability.”
“This servicing stack vulnerability is addressed by putting in the September 2024 Servicing stack replace (SSU KB5043936) AND the September 2024 Home windows security replace (KB5043083), in that order.”
This flaw solely impacts Home windows 10, model 1507, which reached the tip of life in 2017. Nevertheless, it additionally impacts Home windows 10 Enterprise 2015 LTSB and Home windows 10 IoT Enterprise 2015 LTSB editions, that are nonetheless below assist.
This flaw is attention-grabbing as a result of it prompted Elective Parts, resembling Energetic Listing Light-weight Listing Companies, XPS Viewer, Web Explorer 11, LPD Print Service, IIS, and Home windows Media Participant to roll again to their authentic RTM variations.
This prompted any earlier CVE to be reintroduced into this system, which may then be exploited.
Extra particulars concerning the flaw and the entire record of affected elements can present in Microsoft’s advisory.
Microsoft has not shared who disclosed the flaw and the way it was exploited.
Latest updates from different corporations
Different distributors who launched updates or advisories in September 2024 embrace:
The September 2024 Patch Tuesday Safety Updates
Under is the entire record of resolved vulnerabilities within the September 2024 Patch Tuesday updates.
To entry the total description of every vulnerability and the programs it impacts, you possibly can view the full report right here.
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| Azure CycleCloud | CVE-2024-43469 | Azure CycleCloud Distant Code Execution Vulnerability | Vital |
| Azure Community Watcher | CVE-2024-38188 | Azure Community Watcher VM Agent Elevation of Privilege Vulnerability | Vital |
| Azure Community Watcher | CVE-2024-43470 | Azure Community Watcher VM Agent Elevation of Privilege Vulnerability | Vital |
| Azure Stack | CVE-2024-38216 | Azure Stack Hub Elevation of Privilege Vulnerability | Vital |
| Azure Stack | CVE-2024-38220 | Azure Stack Hub Elevation of Privilege Vulnerability | Vital |
| Azure Internet Apps | CVE-2024-38194 | Azure Internet Apps Elevation of Privilege Vulnerability | Vital |
| Dynamics Enterprise Central | CVE-2024-38225 | Microsoft Dynamics 365 Enterprise Central Elevation of Privilege Vulnerability | Vital |
| Microsoft AutoUpdate (MAU) | CVE-2024-43492 | Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability | Vital |
| Microsoft Dynamics 365 (on-premises) | CVE-2024-43476 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Vital |
| Microsoft Graphics Element | CVE-2024-38247 | Home windows Graphics Element Elevation of Privilege Vulnerability | Vital |
| Microsoft Graphics Element | CVE-2024-38250 | Home windows Graphics Element Elevation of Privilege Vulnerability | Vital |
| Microsoft Graphics Element | CVE-2024-38249 | Home windows Graphics Element Elevation of Privilege Vulnerability | Vital |
| Microsoft Administration Console | CVE-2024-38259 | Microsoft Administration Console Distant Code Execution Vulnerability | Vital |
| Microsoft Workplace Excel | CVE-2024-43465 | Microsoft Excel Elevation of Privilege Vulnerability | Vital |
| Microsoft Workplace Writer | CVE-2024-38226 | Microsoft Writer Safety Characteristic Bypass Vulnerability | Vital |
| Microsoft Workplace SharePoint | CVE-2024-38227 | Microsoft SharePoint Server Distant Code Execution Vulnerability | Vital |
| Microsoft Workplace SharePoint | CVE-2024-43464 | Microsoft SharePoint Server Distant Code Execution Vulnerability | Vital |
| Microsoft Workplace SharePoint | CVE-2024-38018 | Microsoft SharePoint Server Distant Code Execution Vulnerability | Vital |
| Microsoft Workplace SharePoint | CVE-2024-38228 | Microsoft SharePoint Server Distant Code Execution Vulnerability | Vital |
| Microsoft Workplace SharePoint | CVE-2024-43466 | Microsoft SharePoint Server Denial of Service Vulnerability | Vital |
| Microsoft Workplace Visio | CVE-2024-43463 | Microsoft Workplace Visio Distant Code Execution Vulnerability | Vital |
| Microsoft Outlook for iOS | CVE-2024-43482 | Microsoft Outlook for iOS Info Disclosure Vulnerability | Vital |
| Microsoft Streaming Service | CVE-2024-38245 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability | Vital |
| Microsoft Streaming Service | CVE-2024-38241 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability | Vital |
| Microsoft Streaming Service | CVE-2024-38242 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability | Vital |
| Microsoft Streaming Service | CVE-2024-38244 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability | Vital |
| Microsoft Streaming Service | CVE-2024-38243 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability | Vital |
| Microsoft Streaming Service | CVE-2024-38237 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | Vital |
| Microsoft Streaming Service | CVE-2024-38238 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability | Vital |
| Energy Automate | CVE-2024-43479 | Microsoft Energy Automate Desktop Distant Code Execution Vulnerability | Vital |
| Function: Home windows Hyper-V | CVE-2024-38235 | Home windows Hyper-V Denial of Service Vulnerability | Vital |
| SQL Server | CVE-2024-37338 | Microsoft SQL Server Native Scoring Distant Code Execution Vulnerability | Vital |
| SQL Server | CVE-2024-37980 | Microsoft SQL Server Elevation of Privilege Vulnerability | Vital |
| SQL Server | CVE-2024-26191 | Microsoft SQL Server Native Scoring Distant Code Execution Vulnerability | Vital |
| SQL Server | CVE-2024-37339 | Microsoft SQL Server Native Scoring Distant Code Execution Vulnerability | Vital |
| SQL Server | CVE-2024-37337 | Microsoft SQL Server Native Scoring Info Disclosure Vulnerability | Vital |
| SQL Server | CVE-2024-26186 | Microsoft SQL Server Native Scoring Distant Code Execution Vulnerability | Vital |
| SQL Server | CVE-2024-37342 | Microsoft SQL Server Native Scoring Info Disclosure Vulnerability | Vital |
| SQL Server | CVE-2024-43474 | Microsoft SQL Server Info Disclosure Vulnerability | Vital |
| SQL Server | CVE-2024-37335 | Microsoft SQL Server Native Scoring Distant Code Execution Vulnerability | Vital |
| SQL Server | CVE-2024-37966 | Microsoft SQL Server Native Scoring Info Disclosure Vulnerability | Vital |
| SQL Server | CVE-2024-37340 | Microsoft SQL Server Native Scoring Distant Code Execution Vulnerability | Vital |
| SQL Server | CVE-2024-37965 | Microsoft SQL Server Elevation of Privilege Vulnerability | Vital |
| SQL Server | CVE-2024-37341 | Microsoft SQL Server Elevation of Privilege Vulnerability | Vital |
| Home windows Admin Middle | CVE-2024-43475 | Microsoft Home windows Admin Middle Info Disclosure Vulnerability | Vital |
| Home windows AllJoyn API | CVE-2024-38257 | Microsoft AllJoyn API Info Disclosure Vulnerability | Vital |
| Home windows Authentication Strategies | CVE-2024-38254 | Home windows Authentication Info Disclosure Vulnerability | Vital |
| Home windows DHCP Server | CVE-2024-38236 | DHCP Server Service Denial of Service Vulnerability | Vital |
| Home windows Installer | CVE-2024-38014 | Home windows Installer Elevation of Privilege Vulnerability | Vital |
| Home windows Kerberos | CVE-2024-38239 | Home windows Kerberos Elevation of Privilege Vulnerability | Vital |
| Home windows Kernel-Mode Drivers | CVE-2024-38256 | Home windows Kernel-Mode Driver Info Disclosure Vulnerability | Vital |
| Home windows Libarchive | CVE-2024-43495 | Home windows libarchive Distant Code Execution Vulnerability | Vital |
| Home windows Mark of the Internet (MOTW) | CVE-2024-38217 | Home windows Mark of the Internet Safety Characteristic Bypass Vulnerability | Vital |
| Home windows Mark of the Internet (MOTW) | CVE-2024-43487 | Home windows Mark of the Internet Safety Characteristic Bypass Vulnerability | Average |
| Home windows MSHTML Platform | CVE-2024-43461 | Home windows MSHTML Platform Spoofing Vulnerability | Vital |
| Home windows Community Handle Translation (NAT) | CVE-2024-38119 | Home windows Community Handle Translation (NAT) Distant Code Execution Vulnerability | Vital |
| Home windows Community Virtualization | CVE-2024-38232 | Home windows Networking Denial of Service Vulnerability | Vital |
| Home windows Community Virtualization | CVE-2024-38233 | Home windows Networking Denial of Service Vulnerability | Vital |
| Home windows Community Virtualization | CVE-2024-38234 | Home windows Networking Denial of Service Vulnerability | Vital |
| Home windows Community Virtualization | CVE-2024-43458 | Home windows Networking Info Disclosure Vulnerability | Vital |
| Home windows PowerShell | CVE-2024-38046 | PowerShell Elevation of Privilege Vulnerability | Vital |
| Home windows Distant Entry Connection Supervisor | CVE-2024-38240 | Home windows Distant Entry Connection Supervisor Elevation of Privilege Vulnerability | Vital |
| Home windows Distant Desktop Licensing Service | CVE-2024-38231 | Home windows Distant Desktop Licensing Service Denial of Service Vulnerability | Vital |
| Home windows Distant Desktop Licensing Service | CVE-2024-38258 | Home windows Distant Desktop Licensing Service Info Disclosure Vulnerability | Vital |
| Home windows Distant Desktop Licensing Service | CVE-2024-43467 | Home windows Distant Desktop Licensing Service Distant Code Execution Vulnerability | Vital |
| Home windows Distant Desktop Licensing Service | CVE-2024-43454 | Home windows Distant Desktop Licensing Service Distant Code Execution Vulnerability | Vital |
| Home windows Distant Desktop Licensing Service | CVE-2024-38263 | Home windows Distant Desktop Licensing Service Distant Code Execution Vulnerability | Vital |
| Home windows Distant Desktop Licensing Service | CVE-2024-38260 | Home windows Distant Desktop Licensing Service Distant Code Execution Vulnerability | Vital |
| Home windows Distant Desktop Licensing Service | CVE-2024-43455 | Home windows Distant Desktop Licensing Service Spoofing Vulnerability | Vital |
| Home windows Safety Zone Mapping | CVE-2024-30073 | Home windows Safety Zone Mapping Safety Characteristic Bypass Vulnerability | Vital |
| Home windows Setup and Deployment | CVE-2024-43457 | Home windows Setup and Deployment Elevation of Privilege Vulnerability | Vital |
| Home windows Requirements-Primarily based Storage Administration Service | CVE-2024-38230 | Home windows Requirements-Primarily based Storage Administration Service Denial of Service Vulnerability | Vital |
| Home windows Storage | CVE-2024-38248 | Home windows Storage Elevation of Privilege Vulnerability | Vital |
| Home windows TCP/IP | CVE-2024-21416 | Home windows TCP/IP Distant Code Execution Vulnerability | Vital |
| Home windows TCP/IP | CVE-2024-38045 | Home windows TCP/IP Distant Code Execution Vulnerability | Vital |
| Home windows Replace | CVE-2024-43491 | Microsoft Home windows Replace Distant Code Execution Vulnerability | Vital |
| Home windows Win32K – GRFX | CVE-2024-38246 | Win32k Elevation of Privilege Vulnerability | Vital |
| Home windows Win32K – ICOMP | CVE-2024-38252 | Home windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | Vital |
| Home windows Win32K – ICOMP | CVE-2024-38253 | Home windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | Vital |
