Pierluigi Paganini September 11, 2024

Microsoft Patch Tuesday security updates for September 2024 addressed 79 flaws, including four actively exploited zero-day flaws.

Microsoft Patch Tuesday security updates for September 2024 addressed 79 vulnerabilities in Windows and Windows Components; Office and Office Components; Azure; Dynamics Business Central; SQL Server; Windows Hyper-V; Mark of the Web (MOTW); and the Remote Desktop Licensing Service.

Four of these vulnerabilities were actively exploited as zero-day vulnerabilities, one flaw is publicly known.

Seven vulnerabilities are rated as Critical, 71 as Important, and one as Moderate.

“The size of this release tracks with the volume we saw from Redmond last month, but again, it’s unusual to see such a high number of bugs under active attack.” reported ZDI. “One of these CVEs is listed as publicly known, and four others are listed as under active attack at the time of release. However, we at the ZDI think that number should be five.”

The four actively exploited zero-day vulnerabilities are:

CVE-2024-38014 – Windows Installer Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2024-38217 – Windows Mark of the Web Security Feature Bypass Vulnerability. An attacker could exploit this vulnerability by hosting a malicious file on their server and tricking a user into downloading and opening it. This file could bypass Mark of the Web (MOTW) defenses, potentially compromising security features like SmartScreen Application Reputation and Windows Attachment Services security prompts.

CVE-2024-38226 – Microsoft Publisher Security Feature Bypass Vulnerability. An attacker could bypass Office macro policies by tricking an authenticated user into downloading and opening a specially crafted file from a website. This local attack could compromise the victim’s computer through social engineering.

CVE-2024-43491 – Microsoft Windows Update Remote Code Execution Vulnerability. Microsoft is aware of a vulnerability in Servicing Stack that has rolled back the fixes for some vulnerabilities affecting Optional Components on Windows 10, version 1507 (initial version released July 2015). This means that an attacker could exploit these previously mitigated vulnerabilities on Windows 10, version 1507 (Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB) systems that have installed the Windows security update released on March 12, 2024—KB5035858 (OS Build 10240.20526) or other updates released until August 2024. All later versions of Windows 10 are not impacted by this vulnerability.

The complete list of flaws fixed with Microsoft Patch Tuesday security updates for September 2024 is available here.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Microsoft Patch Tuesday)