Microsoft’s September 2024 Patch Tuesday Update
In the September 2024 edition of Patch Tuesday, Microsoft has rolled out critical updates that address a total of 79 security flaws, including four zero-day vulnerabilities that are currently being exploited. This release also targets seven critical issues, primarily involving remote code execution and privilege escalation.
Detailed Breakdown of Vulnerabilities:
• 30 Elevation of Privilege Vulnerabilities
• 4 Security Feature Bypass Vulnerabilities
• 23 Remote Code Execution Vulnerabilities
• 11 Information Disclosure Vulnerabilities
• 8 Denial of Service Vulnerabilities
• 3 Spoofing Vulnerabilities
For those interested in non-security updates, our dedicated articles cover the new Windows 11 KB5043076 cumulative update and the Windows 10 KB5043064 update.
Addressing Four Critical Zero-Days:
This month's security updates tackle four zero-day vulnerabilities. A zero-day flaw is one that is publicly disclosed or actively exploited before a formal fix is available. Here's a closer look at these vulnerabilities:
CVE-2024-38014 - Windows Installer Elevation of Privilege Vulnerability
Impact: This vulnerability allows attackers to gain SYSTEM privileges on affected Windows systems.
Discovery: Reported by Michael Baer from SEC Consult Vulnerability Lab. Microsoft has not disclosed specifics on exploitation methods.
CVE-2024-38217 - Windows Mark of the Web Security Feature Bypass Vulnerability
Impact: This flaw, publicly disclosed by Joe Desimone of Elastic Security last month, has been exploited since 2018. It allows attackers to bypass security warnings and execute commands without alerting users.
Details: The vulnerability is exploited through a technique known as LNK stomping, which evades Mark of the Web (MOTW) defences.
CVE-2024-38226 - Microsoft Publisher Security Feature Bypass Vulnerability
Impact: This flaw enables attackers to bypass macro security policies in Microsoft Publisher, potentially allowing malicious macros to run.
Discovery: Microsoft has not specified the details of the disclosure or exploitation.
CVE-2024-43491 - Microsoft Windows Update Remote Code Execution Vulnerability
Impact: This servicing stack vulnerability allows remote code execution and affects specific versions of Windows 10. It rolls back previous security fixes for Optional Components, potentially reintroducing vulnerabilities.
Details: To mitigate this issue, Microsoft advises installing both the September 2024 Servicing Stack Update (SSU KB5043936) and the September 2024 Windows Security Update (KB5043083).
Updates from Other Vendors:
September 2024 also saw several updates from other technology vendors:
• Apache addressed a critical remote code execution vulnerability in OFBiz.
• Cisco fixed multiple issues, including a backdoor admin account and a command injection vulnerability.
• Eucleak reported an attack extracting ECDSA secret keys from YubiKey FIDO devices.
• Fortinet released updates for flaws in FortiSandbox and FortiAnalyzer & FortiManager.
• Google backported a fix for an Android elevation of privileges flaw.
• Ivanti patched a critical authentication bypass vulnerability in vTM.
• LiteSpeed Cache for WordPress fixed an unauthenticated account takeover issue.
• SonicWall updated a previously fixed access control flaw, now exploited in ransomware attacks.
• Veeam addressed a critical remote code execution vulnerability in Backup & Replication software.
• Zyxel warned of a critical OS command injection flaw in its routers.
For a detailed description of each vulnerability and affected systems, access the full report here.