The scheduled Patch Tuesday updates for September 2024 have arrived for all Microsoft merchandise. The tech big addressed some severe safety points with this replace, notably 4 zero-day vulnerabilities. Customers should replace their gadgets promptly to keep away from potential threats.
A number of Zero-Day Vulnerabilities Fastened With Newest Updates
September Patch Tuesday’s most important safety fixes addressed 5 noteworthy vulnerabilities affecting completely different Microsoft merchandise. Under, we rapidly record them.
- CVE-2024-38217 (CVSS 5.4): An vital severity vulnerability that may not be as extreme a menace because it grew to become because of public disclosure earlier than a repair. Microsoft described it as a safety characteristic bypass impacting the Home windows Mark of the Internet performance. An attacker may exploit the flaw by tricking the goal person into opening a maliciously crafted file hosted on an attacker-controlled server.
- CVE-2024-43491 (CVSS 9.8): That is the one important severity vulnerability amongst all zero-days addressed this month. The tech big recognized it as a distant code execution vulnerability affecting Home windows Replace. In response to Microsoft, the vulnerability was actively exploited within the wild to roll again beforehand patched methods for some vulnerabilities. The agency urged customers to put in the servicing stack replace (KB5043936) and the safety replace (KB5043083) launched with September Patch Tuesday to re-patch their methods.
- CVE-2024-38226 (CVSS 7.3): An vital severity safety characteristic bypass affecting Microsoft Writer. Exploiting this vulnerability requires the attacker to have native authenticated entry to the goal system. An attacker may obtain this requirement by tricking the sufferer person into opening a maliciously crafted file.
- CVE-2024-38014 (CVSS 7.8): An vital severity privilege escalation subject affecting Home windows Installer. Exploiting the flaw may enable SYSTEM privileges to an attacker.
- CVE-2024-43461 (CVSS 8.8): An vital severity spoofing vulnerability within the Home windows MSHTML platform. In response to ZDI, this vulnerability resembled a beforehand patched flaw, CVE-2024-38112, that Microsoft addressed with July Patch Tuesday. This vulnerability has a disputed exploitation standing since Microsoft confirmed detecting no lively exploits for the flaw, whereas ZDI confirmed reporting its lively exploitation to Microsoft earlier.
Different Essential Patch Tuesday September Updates From Microsoft
Alongside the 5 essential vulnerabilities described above, Microsoft additionally patched 74 different vulnerabilities, releasing a complete of 79 safety fixes.
These embrace six important severity vulnerabilities affecting Azure Stack Hub (privilege escalation vulnerabilities – CVE-2024-38216, CVE-2024-38220), Azure Internet Apps (privilege escalation flaw – CVE-2024-38194), Microsoft SharePoint Server (distant code execution – CVE-2024-38018, CVE-2024-43464), and Home windows Community Deal with Translation (NAT) (distant code execution – CVE-2024-38119). The remaining embrace 67 vital severity points and a single reasonable severity flaw, CVE-2024-43487 – a Home windows Mark of the Internet safety characteristic bypass.
Tell us your ideas within the feedback.