In its recent Patch Tuesday release in September 2024, Microsoft addressed a total of 79 vulnerabilities in Windows [1] [5], including critical vulnerabilities and zero-day bugs actively exploited in the wild.
Description
In the September 2024 Patch Tuesday release [6], Microsoft addressed a total of 79 vulnerabilities in Windows [1] [5]. This included seven critical vulnerabilities and four zero-day bugs actively exploited in the wild. Among the vulnerabilities patched were two bugs allowing bypassing critical security protections, an elevation of privilege flaw [1] [5], and a bug reintroducing vulnerabilities in Windows 10 [1]. The update also included seven critical remote code execution (RCE) and elevation of privilege vulnerabilities [1], with 19 CVEs assessed as more likely to be exploited [1]. Elevation of privilege vulnerabilities made up 38% of the patched vulnerabilities [6], with remote code execution vulnerabilities following at 29.1%. Two security bypass vulnerabilities in Microsoft Publisher and Windows Mark of the Web were identified [1], allowing attackers to bypass security features [1] [5]. Additionally, two actively exploited bugs in the update were an elevation of privilege vulnerability and an RCE in Windows Update [1]. Other high-priority bugs included a Windows spoofing vulnerability [1], a Microsoft SharePoint Server RCE [1], and two elevation-of-privilege vulnerabilities in Kernel Streaming Service Driver [1]. Microsoft has disclosed a total of 745 vulnerabilities this year [1], with 33 identified as critical [1]. The patches also addressed several zero-day vulnerabilities, such as CVE-2024-38217, CVE-2024-38226 [1] [2] [3] [4] [5] [7], and CVE-2024-38014 [1] [2] [3] [4] [5] [7], which allowed attackers to bypass security features in Microsoft Publisher and Windows Installer. Another zero-day [1] [2] [3] [6] [7], CVE-2024-43461 [1] [2] [3] [4] [5] [7], a Windows MSHTML Platform spoofing vulnerability [3], is not currently exploited but should be treated as such [3]. Additionally, four vulnerabilities in Microsoft Sharepoint (CVE-2024-38018 [3], CVE-2024-38227 [1] [2] [3] [4] [5] [7], CVE-2024-38228 [1] [2] [3] [4] [5] [7], CVE-2024-43464) could be exploited for remote code execution on the SharePoint Server [3]. Admins should not overlook the other 70-plus vulnerabilities addressed in the release [7], as hackers commonly exploit them on “Exploit Wednesday” after Patch Tuesday [7]. Users are advised to apply the September 2024 Servicing Stack Update and Windows Security Updates to correct the CVE-2024-43491 issue [5], which caused the rollback of fixes for some Windows 10 systems [5].
Conclusion
The September 2024 Patch Tuesday release by Microsoft addressed critical vulnerabilities and zero-day bugs [6], emphasizing the importance of applying the updates promptly. Admins and users should be vigilant in applying the necessary patches to mitigate potential security risks and protect their systems from exploitation.
References
[1] https://www.darkreading.com/application-security/microsoft-discloses-4-zero-days-in-september-update
[2] https://blog.talosintelligence.com/microsoft-patch-tuesday-september-2024/
[3] https://www.helpnetsecurity.com/2024/09/10/cve-2024-38217-cve-2024-43491/
[4] https://www.zerodayinitiative.com/blog/2024/9/10/the-september-2024-security-update-review
[5] https://krebsonsecurity.com/2024/09/bug-left-some-windows-pcs-dangerously-unpatched/
[6] https://www.tenable.com/blog/microsofts-september-2024-patch-tuesday-addresses-79-cves-cve-2024-43491
[7] https://www.scmagazine.com/news/microsoft-fixes-at-least-four-zero-days-in-september-patch-tuesday
