In the present day is Microsoft’s September 2024 Patch Tuesday, which incorporates safety updates for 79 flaws, together with three actively exploited and one publicly disclosed zero-days.
This Patch Tuesday fastened seven important vulnerabilities, which have been both distant code execution or elevation of privileges flaws.
The variety of bugs in every vulnerability class is listed under:
- 30 Elevation of Privilege Vulnerabilities
- 4 Safety Function Bypass Vulnerabilities
- 23 Distant Code Execution Vulnerabilities
- 11 Info Disclosure Vulnerabilities
- 8 Denial of Service Vulnerabilities
- 3 Spoofing Vulnerabilities
To be taught extra in regards to the non-security updates launched at the moment, you’ll be able to overview our devoted articles on the brand new Home windows 11 KB5043076 cumulative replace and Home windows 10 KB5043064 replace.
4 zero-days disclosed
This month’s Patch Tuesday fixes three actively exploited, certainly one of which was publicly disclosed, and one other that reintroduces outdated CVEs so is marked as exploited.
Microsoft classifies a zero-day flaw as one that’s publicly disclosed or actively exploited whereas no official repair is out there.
The three actively exploited zero-day vulnerabilities in at the moment’s updates are:
CVE-2024-38014 – Home windows Installer Elevation of Privilege Vulnerability
This vulnerability permits assaults to achieve SYSTEM privileges on Home windows techniques.
Microsoft has not shared any particulars on the way it was exploited in assaults.
The flaw was found by Michael Baer with SEC Seek the advice of Vulnerability Lab.
CVE-2024-38217 – Home windows Mark of the Net Safety Function Bypass Vulnerability
This flaw was publicly disclosed final month by Joe Desimone of Elastic Safety and is believed to have been actively exploited since 2018.
Within the report, Desimone outlined a method referred to as LNK stomping that permits specifically crafted LNK information with non-standard goal paths or inside constructions to trigger the file to be opened whereas bypassing Sensible App Management and the Mark of the Net safety warnings.
“An attacker can craft a malicious file that will evade Mark of the Net (MOTW) defenses, leading to a restricted lack of integrity and availability of safety features akin to SmartScreen Utility Fame safety examine and/or the legacy Home windows Attachment Companies safety immediate,” explains Microsoft’s advisory.
When exploited, it causes the command within the LNK file to be executed with out a warning, as demonstrated on this video.
CVE-2024-38226 – Microsoft Writer Safety Function Bypass Vulnerability
Microsoft fastened a Microsoft Writer flaw that bypasses the safety protections in opposition to embedded macros in downloaded paperwork.
“An attacker who efficiently exploited this vulnerability may bypass Workplace macro insurance policies used to dam untrusted or malicious information,” explains Microsoft’s advisory.
Microsoft has not shared who disclosed the flaw and the way it was exploited.
Microsoft additionally fastened a zero-day that’s marked as exploited, however was achieved in order it may possibly reintroduce older exploited flaws, as defined under.
CVE-2024-43491 – Microsoft Home windows Replace Distant Code Execution Vulnerability
Microsoft fastened a servicing stack flaw that’s marked as distant code execution, however truly reintroduces a wide range of vulnerabilities to beforehand patched applications.
“Microsoft is conscious of a vulnerability in Servicing Stack that has rolled again the fixes for some vulnerabilities affecting Non-obligatory Elements on Home windows 10, model 1507 (preliminary model launched July 2015),” explains Microsoft’s advisory.
“Because of this an attacker may exploit these beforehand mitigated vulnerabilities on Home windows 10, model 1507 (Home windows 10 Enterprise 2015 LTSB and Home windows 10 IoT Enterprise 2015 LTSB) techniques which have put in the Home windows safety replace launched on March 12, 2024—KB5035858 (OS Construct 10240.20526) or different updates launched till August 2024. All later variations of Home windows 10 are usually not impacted by this vulnerability.”
“This servicing stack vulnerability is addressed by putting in the September 2024 Servicing stack replace (SSU KB5043936) AND the September 2024 Home windows safety replace (KB5043083), in that order.”
This flaw solely impacts Home windows 10, model 1507, which reached the tip of life in 2017. Nevertheless, it additionally impacts Home windows 10 Enterprise 2015 LTSB and Home windows 10 IoT Enterprise 2015 LTSB editions, that are nonetheless underneath assist.
This flaw is fascinating as a result of it triggered Non-obligatory Elements, akin to Lively Listing Light-weight Listing Companies, XPS Viewer, Web Explorer 11, LPD Print Service, IIS, and Home windows Media Participant to roll again to their authentic RTM variations.
This triggered any earlier CVE to be reintroduced into this system, which may then be exploited.
Microsoft marked this flaw as exploited as a result of its reintroduced vulnerabilities which have been actively exploited up to now. Nevertheless, Microsoft says the flaw itself was found internally by Microsoft and it has seen no proof that it’s publicly recognized by others.
Extra particulars in regards to the flaw and the whole record of affected elements can present in Microsoft’s advisory.
Current updates from different firms
Different distributors who launched updates or advisories in September 2024 embody:
The September 2024 Patch Tuesday Safety Updates
Under is the whole record of resolved vulnerabilities within the September 2024 Patch Tuesday updates.
To entry the complete description of every vulnerability and the techniques it impacts, you’ll be able to view the full report right here.
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| Azure CycleCloud | CVE-2024-43469 | Azure CycleCloud Distant Code Execution Vulnerability | Vital |
| Azure Community Watcher | CVE-2024-38188 | Azure Community Watcher VM Agent Elevation of Privilege Vulnerability | Vital |
| Azure Community Watcher | CVE-2024-43470 | Azure Community Watcher VM Agent Elevation of Privilege Vulnerability | Vital |
| Azure Stack | CVE-2024-38216 | Azure Stack Hub Elevation of Privilege Vulnerability | Crucial |
| Azure Stack | CVE-2024-38220 | Azure Stack Hub Elevation of Privilege Vulnerability | Crucial |
| Azure Net Apps | CVE-2024-38194 | Azure Net Apps Elevation of Privilege Vulnerability | Crucial |
| Dynamics Enterprise Central | CVE-2024-38225 | Microsoft Dynamics 365 Enterprise Central Elevation of Privilege Vulnerability | Vital |
| Microsoft AutoUpdate (MAU) | CVE-2024-43492 | Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability | Vital |
| Microsoft Dynamics 365 (on-premises) | CVE-2024-43476 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Vital |
| Microsoft Graphics Part | CVE-2024-38247 | Home windows Graphics Part Elevation of Privilege Vulnerability | Vital |
| Microsoft Graphics Part | CVE-2024-38250 | Home windows Graphics Part Elevation of Privilege Vulnerability | Vital |
| Microsoft Graphics Part | CVE-2024-38249 | Home windows Graphics Part Elevation of Privilege Vulnerability | Vital |
| Microsoft Administration Console | CVE-2024-38259 | Microsoft Administration Console Distant Code Execution Vulnerability | Vital |
| Microsoft Workplace Excel | CVE-2024-43465 | Microsoft Excel Elevation of Privilege Vulnerability | Vital |
| Microsoft Workplace Writer | CVE-2024-38226 | Microsoft Writer Safety Function Bypass Vulnerability | Vital |
| Microsoft Workplace SharePoint | CVE-2024-38227 | Microsoft SharePoint Server Distant Code Execution Vulnerability | Vital |
| Microsoft Workplace SharePoint | CVE-2024-43464 | Microsoft SharePoint Server Distant Code Execution Vulnerability | Crucial |
| Microsoft Workplace SharePoint | CVE-2024-38018 | Microsoft SharePoint Server Distant Code Execution Vulnerability | Crucial |
| Microsoft Workplace SharePoint | CVE-2024-38228 | Microsoft SharePoint Server Distant Code Execution Vulnerability | Vital |
| Microsoft Workplace SharePoint | CVE-2024-43466 | Microsoft SharePoint Server Denial of Service Vulnerability | Vital |
| Microsoft Workplace Visio | CVE-2024-43463 | Microsoft Workplace Visio Distant Code Execution Vulnerability | Vital |
| Microsoft Outlook for iOS | CVE-2024-43482 | Microsoft Outlook for iOS Info Disclosure Vulnerability | Vital |
| Microsoft Streaming Service | CVE-2024-38245 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability | Vital |
| Microsoft Streaming Service | CVE-2024-38241 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability | Vital |
| Microsoft Streaming Service | CVE-2024-38242 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability | Vital |
| Microsoft Streaming Service | CVE-2024-38244 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability | Vital |
| Microsoft Streaming Service | CVE-2024-38243 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability | Vital |
| Microsoft Streaming Service | CVE-2024-38237 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | Vital |
| Microsoft Streaming Service | CVE-2024-38238 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability | Vital |
| Energy Automate | CVE-2024-43479 | Microsoft Energy Automate Desktop Distant Code Execution Vulnerability | Vital |
| Function: Home windows Hyper-V | CVE-2024-38235 | Home windows Hyper-V Denial of Service Vulnerability | Vital |
| SQL Server | CVE-2024-37338 | Microsoft SQL Server Native Scoring Distant Code Execution Vulnerability | Vital |
| SQL Server | CVE-2024-37980 | Microsoft SQL Server Elevation of Privilege Vulnerability | Vital |
| SQL Server | CVE-2024-26191 | Microsoft SQL Server Native Scoring Distant Code Execution Vulnerability | Vital |
| SQL Server | CVE-2024-37339 | Microsoft SQL Server Native Scoring Distant Code Execution Vulnerability | Vital |
| SQL Server | CVE-2024-37337 | Microsoft SQL Server Native Scoring Info Disclosure Vulnerability | Vital |
| SQL Server | CVE-2024-26186 | Microsoft SQL Server Native Scoring Distant Code Execution Vulnerability | Vital |
| SQL Server | CVE-2024-37342 | Microsoft SQL Server Native Scoring Info Disclosure Vulnerability | Vital |
| SQL Server | CVE-2024-43474 | Microsoft SQL Server Info Disclosure Vulnerability | Vital |
| SQL Server | CVE-2024-37335 | Microsoft SQL Server Native Scoring Distant Code Execution Vulnerability | Vital |
| SQL Server | CVE-2024-37966 | Microsoft SQL Server Native Scoring Info Disclosure Vulnerability | Vital |
| SQL Server | CVE-2024-37340 | Microsoft SQL Server Native Scoring Distant Code Execution Vulnerability | Vital |
| SQL Server | CVE-2024-37965 | Microsoft SQL Server Elevation of Privilege Vulnerability | Vital |
| SQL Server | CVE-2024-37341 | Microsoft SQL Server Elevation of Privilege Vulnerability | Vital |
| Home windows Admin Middle | CVE-2024-43475 | Microsoft Home windows Admin Middle Info Disclosure Vulnerability | Vital |
| Home windows AllJoyn API | CVE-2024-38257 | Microsoft AllJoyn API Info Disclosure Vulnerability | Vital |
| Home windows Authentication Strategies | CVE-2024-38254 | Home windows Authentication Info Disclosure Vulnerability | Vital |
| Home windows DHCP Server | CVE-2024-38236 | DHCP Server Service Denial of Service Vulnerability | Vital |
| Home windows Installer | CVE-2024-38014 | Home windows Installer Elevation of Privilege Vulnerability | Vital |
| Home windows Kerberos | CVE-2024-38239 | Home windows Kerberos Elevation of Privilege Vulnerability | Vital |
| Home windows Kernel-Mode Drivers | CVE-2024-38256 | Home windows Kernel-Mode Driver Info Disclosure Vulnerability | Vital |
| Home windows Libarchive | CVE-2024-43495 | Home windows libarchive Distant Code Execution Vulnerability | Vital |
| Home windows Mark of the Net (MOTW) | CVE-2024-38217 | Home windows Mark of the Net Safety Function Bypass Vulnerability | Vital |
| Home windows Mark of the Net (MOTW) | CVE-2024-43487 | Home windows Mark of the Net Safety Function Bypass Vulnerability | Reasonable |
| Home windows MSHTML Platform | CVE-2024-43461 | Home windows MSHTML Platform Spoofing Vulnerability | Vital |
| Home windows Community Tackle Translation (NAT) | CVE-2024-38119 | Home windows Community Tackle Translation (NAT) Distant Code Execution Vulnerability | Crucial |
| Home windows Community Virtualization | CVE-2024-38232 | Home windows Networking Denial of Service Vulnerability | Vital |
| Home windows Community Virtualization | CVE-2024-38233 | Home windows Networking Denial of Service Vulnerability | Vital |
| Home windows Community Virtualization | CVE-2024-38234 | Home windows Networking Denial of Service Vulnerability | Vital |
| Home windows Community Virtualization | CVE-2024-43458 | Home windows Networking Info Disclosure Vulnerability | Vital |
| Home windows PowerShell | CVE-2024-38046 | PowerShell Elevation of Privilege Vulnerability | Vital |
| Home windows Distant Entry Connection Supervisor | CVE-2024-38240 | Home windows Distant Entry Connection Supervisor Elevation of Privilege Vulnerability | Vital |
| Home windows Distant Desktop Licensing Service | CVE-2024-38231 | Home windows Distant Desktop Licensing Service Denial of Service Vulnerability | Vital |
| Home windows Distant Desktop Licensing Service | CVE-2024-38258 | Home windows Distant Desktop Licensing Service Info Disclosure Vulnerability | Vital |
| Home windows Distant Desktop Licensing Service | CVE-2024-43467 | Home windows Distant Desktop Licensing Service Distant Code Execution Vulnerability | Vital |
| Home windows Distant Desktop Licensing Service | CVE-2024-43454 | Home windows Distant Desktop Licensing Service Distant Code Execution Vulnerability | Vital |
| Home windows Distant Desktop Licensing Service | CVE-2024-38263 | Home windows Distant Desktop Licensing Service Distant Code Execution Vulnerability | Vital |
| Home windows Distant Desktop Licensing Service | CVE-2024-38260 | Home windows Distant Desktop Licensing Service Distant Code Execution Vulnerability | Vital |
| Home windows Distant Desktop Licensing Service | CVE-2024-43455 | Home windows Distant Desktop Licensing Service Spoofing Vulnerability | Vital |
| Home windows Safety Zone Mapping | CVE-2024-30073 | Home windows Safety Zone Mapping Safety Function Bypass Vulnerability | Vital |
| Home windows Setup and Deployment | CVE-2024-43457 | Home windows Setup and Deployment Elevation of Privilege Vulnerability | Vital |
| Home windows Requirements-Based mostly Storage Administration Service | CVE-2024-38230 | Home windows Requirements-Based mostly Storage Administration Service Denial of Service Vulnerability | Vital |
| Home windows Storage | CVE-2024-38248 | Home windows Storage Elevation of Privilege Vulnerability | Vital |
| Home windows TCP/IP | CVE-2024-21416 | Home windows TCP/IP Distant Code Execution Vulnerability | Vital |
| Home windows TCP/IP | CVE-2024-38045 | Home windows TCP/IP Distant Code Execution Vulnerability | Vital |
| Home windows Replace | CVE-2024-43491 | Microsoft Home windows Replace Distant Code Execution Vulnerability | Crucial |
| Home windows Win32K – GRFX | CVE-2024-38246 | Win32k Elevation of Privilege Vulnerability | Vital |
| Home windows Win32K – ICOMP | CVE-2024-38252 | Home windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | Vital |
| Home windows Win32K – ICOMP | CVE-2024-38253 | Home windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | Vital |
Replace 9/11/24: Up to date to clarify that solely three flaws have been actively exploited and why CVE-2024-43491 was marked as exploited.