Friend
Professional
- Messages
- 2,653
- Reaction score
- 842
- Points
- 113
On September Patch Tuesday, the company saved users from critical bugs.
Microsoft released security updates as part of the September Patch Tuesday 2024 that address 79 vulnerabilities. Among them are 4 actively exploited (including 1 publicly disclosed) zero-day vulnerabilities.
The update includes fixes for 7 critical vulnerabilities related to remote code execution and privilege escalation. Among the identified problems:
An important part of the update was fixes for 4 zero-day vulnerabilities that were actively exploited by cybercriminals, including one publicly disclosed.
List of zero-day vulnerabilities:
CVE-2024-38014 – Elevation of privilege vulnerability in Windows Installer
Allows you to gain system privileges on Windows devices. Microsoft has not yet disclosed details about the methods of use.
CVE-2024-38217 – Mark of the Web (MotW) security bypass vulnerability
The vulnerability was disclosed in August 2024. Experts believe that the bug has been exploited since 2018. The vulnerability exploits the LNK Stomping technique, which allows specially crafted LNK files to bypass Smart App Control security systems and warnings from Mark of the Web (MotW).
Attackers can create files that bypass MotW's protections, resulting in the loss of integrity and availability of security features such as SmartScreen Application Reputation and Windows Attachment Services.
CVE-2024-38226 - Microsoft Publisher Security Bypass Vulnerability
The bug made it possible to bypass protection against built-in macros in uploaded documents. In case of successful exploitation, attackers could bypass Office policies that block suspicious files. Details about how the vulnerability was exploited were not disclosed.
CVE-2024-43491 - Remote Code Execution vulnerability in Update
A vulnerability in the servicing stack could allow remote code execution. The issue affected Windows 10 version 1507, which reached end of life in 2017, but also remains relevant for Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB, which are still supported.
The error is due to the fact that during the installation of some security updates on devices running Windows 10 1507, previously fixed vulnerabilities became active again. To resolve the issue, users need to install the September 2024 servicing stack update and the corresponding security update.
Details about the affected components and how to fix the vulnerabilities can be found in the official Microsoft documentation. The company has also released a mandatory cumulative update to Windows 11 23H2 KB5043076 containing the September Patch Tuesday fixes. BleepingComputer specialists have compiled a complete list of Microsoft fixes as part of Patch Tuesday.
Source
Microsoft released security updates as part of the September Patch Tuesday 2024 that address 79 vulnerabilities. Among them are 4 actively exploited (including 1 publicly disclosed) zero-day vulnerabilities.
The update includes fixes for 7 critical vulnerabilities related to remote code execution and privilege escalation. Among the identified problems:
- 30 privilege escalation vulnerabilities;
- 4 security bypass vulnerabilities;
- 23 remote code execution vulnerabilities;
- 11 information disclosure vulnerabilities;
- 8 denial-of-service vulnerabilities;
- 3 spoofing vulnerabilities.
An important part of the update was fixes for 4 zero-day vulnerabilities that were actively exploited by cybercriminals, including one publicly disclosed.
List of zero-day vulnerabilities:
CVE-2024-38014 – Elevation of privilege vulnerability in Windows Installer
Allows you to gain system privileges on Windows devices. Microsoft has not yet disclosed details about the methods of use.
CVE-2024-38217 – Mark of the Web (MotW) security bypass vulnerability
The vulnerability was disclosed in August 2024. Experts believe that the bug has been exploited since 2018. The vulnerability exploits the LNK Stomping technique, which allows specially crafted LNK files to bypass Smart App Control security systems and warnings from Mark of the Web (MotW).
Attackers can create files that bypass MotW's protections, resulting in the loss of integrity and availability of security features such as SmartScreen Application Reputation and Windows Attachment Services.
CVE-2024-38226 - Microsoft Publisher Security Bypass Vulnerability
The bug made it possible to bypass protection against built-in macros in uploaded documents. In case of successful exploitation, attackers could bypass Office policies that block suspicious files. Details about how the vulnerability was exploited were not disclosed.
CVE-2024-43491 - Remote Code Execution vulnerability in Update
A vulnerability in the servicing stack could allow remote code execution. The issue affected Windows 10 version 1507, which reached end of life in 2017, but also remains relevant for Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB, which are still supported.
The error is due to the fact that during the installation of some security updates on devices running Windows 10 1507, previously fixed vulnerabilities became active again. To resolve the issue, users need to install the September 2024 servicing stack update and the corresponding security update.
Details about the affected components and how to fix the vulnerabilities can be found in the official Microsoft documentation. The company has also released a mandatory cumulative update to Windows 11 23H2 KB5043076 containing the September Patch Tuesday fixes. BleepingComputer specialists have compiled a complete list of Microsoft fixes as part of Patch Tuesday.
Source
