In its latest security update for September 2024, Microsoft has addressed a total of 79 vulnerabilities. The rollout includes four zero-day flaws that are being actively exploited, demanding prompt action from IT administrators.
Detailed Breakdown
The vulnerabilities span multiple categories: 30 related to elevation of privilege, 23 impacting remote code execution, 11 concerning information disclosure, 8 focused on denial of service, 4 involving security feature bypass, 2 connected to spoofing, and 1 cross-site scripting flaw. Compared to last month’s update of 90 issues, this release is slightly smaller.
Among the four zero-day vulnerabilities, CVE-2024-38014 impacts Windows Installer and is exploited to gain system-level privileges. CVE-2024-38217, discovered by Joe Desimone of Elastic Security, allows bypassing Smart App Control and Mark of the Web warnings through LNK stomping. CVE-2024-38226 targets Microsoft Publisher, letting attackers circumvent macro policies. Lastly, CVE-2024-43491 is a critical flaw in Windows Update that undoes previous patches, enabling remote code execution.
Critical Issues
Seven vulnerabilities have been marked as critical this month. These include flaws in Azure, Microsoft Office SharePoint, Windows Network Address Translation (NAT), and Windows Update. Specific issues like CVE-2024-38216 and CVE-2024-38220 in Azure Stack permit unauthorized system access. Another critical flaw, CVE-2024-38194 in Azure Web Apps, allows privilege escalation due to poor validation.
Two significant vulnerabilities affecting Microsoft Office SharePoint are CVE-2024-38018 and CVE-2024-43464. Both allow remote code execution, with CVE-2024-38018 permitting code execution by users with Site Member permissions and CVE-2024-43464 enabling Site Owners to inject and run code.
Windows Network Address Translation (NAT) and Windows Update
Critical vulnerability CVE-2024-38119 impacts Windows NAT, where attackers can exploit memory issues to execute code remotely. CVE-2024-43491 in Windows Update affects systems like Windows 10 Enterprise 2015 LTSB and involves a rollback of previous patches, bringing back older vulnerabilities.
Microsoft defines zero-day vulnerabilities as those that are either publicly disclosed or actively exploited without an existing fix. One such flaw, CVE-2024-38217, disclosed last month, involves bypassing security warnings via LNK files. Another, CVE-2024-43491, affects certain Windows 10 versions and reintroduces vulnerabilities by restoring Optional Components to original versions.
All Fixed Vulnerabilities from September 2024 Patch Tuesday
CVE ID |
Tag |
CVE Title |
Severity |
Azure CycleCloud |
Azure CycleCloud Remote Code Execution Vulnerability |
Important |
|
Azure Network Watcher |
Azure Network Watcher VM Agent Elevation of Privilege Vulnerability |
Important |
|
Azure Network Watcher |
Azure Network Watcher VM Agent Elevation of Privilege Vulnerability |
Important |
|
Azure Stack |
Azure Stack Hub Elevation of Privilege Vulnerability |
Critical |
|
Azure Stack |
Azure Stack Hub Elevation of Privilege Vulnerability |
Critical |
|
Azure Web Apps |
Azure Web Apps Elevation of Privilege Vulnerability |
Critical |
|
Dynamics Business Central |
Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability |
Important |
|
Microsoft AutoUpdate (MAU) |
Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability |
Important |
|
Microsoft Dynamics 365 (on-premises) |
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
Important |
|
Microsoft Graphics Component |
Windows Graphics Component Elevation of Privilege Vulnerability |
Important |
|
Microsoft Graphics Component |
Windows Graphics Component Elevation of Privilege Vulnerability |
Important |
|
Microsoft Graphics Component |
Windows Graphics Component Elevation of Privilege Vulnerability |
Important |
|
Microsoft Management Console |
Microsoft Management Console Remote Code Execution Vulnerability |
Important |
|
Microsoft Office Excel |
Microsoft Excel Elevation of Privilege Vulnerability |
Important |
|
Microsoft Office Publisher |
Microsoft Publisher Security Feature Bypass Vulnerability |
Important |
|
Microsoft Office SharePoint |
Microsoft SharePoint Server Remote Code Execution Vulnerability |
Important |
|
Microsoft Office SharePoint |
Microsoft SharePoint Server Remote Code Execution Vulnerability |
Critical |
|
Microsoft Office SharePoint |
Microsoft SharePoint Server Remote Code Execution Vulnerability |
Critical |
|
Microsoft Office SharePoint |
Microsoft SharePoint Server Remote Code Execution Vulnerability |
Important |
|
Microsoft Office SharePoint |
Microsoft SharePoint Server Denial of Service Vulnerability |
Important |
|
Microsoft Office Visio |
Microsoft Office Visio Remote Code Execution Vulnerability |
Important |
|
Microsoft Outlook for iOS |
Microsoft Outlook for iOS Information Disclosure Vulnerability |
Important |
|
Microsoft Streaming Service |
Kernel Streaming Service Driver Elevation of Privilege Vulnerability |
Important |
|
Microsoft Streaming Service |
Kernel Streaming Service Driver Elevation of Privilege Vulnerability |
Important |
|
Microsoft Streaming Service |
Kernel Streaming Service Driver Elevation of Privilege Vulnerability |
Important |
|
Microsoft Streaming Service |
Kernel Streaming Service Driver Elevation of Privilege Vulnerability |
Important |
|
Microsoft Streaming Service |
Kernel Streaming Service Driver Elevation of Privilege Vulnerability |
Important |
|
Microsoft Streaming Service |
Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability |
Important |
|
Microsoft Streaming Service |
Kernel Streaming Service Driver Elevation of Privilege Vulnerability |
Important |
|
Power Automate |
Microsoft Power Automate Desktop Remote Code Execution Vulnerability |
Important |
|
Role: Windows Hyper-V |
Windows Hyper-V Denial of Service Vulnerability |
Important |
|
SQL Server |
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability |
Important |
|
SQL Server |
Microsoft SQL Server Elevation of Privilege Vulnerability |
Important |
|
SQL Server |
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability |
Important |
|
SQL Server |
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability |
Important |
|
SQL Server |
Microsoft SQL Server Native Scoring Information Disclosure Vulnerability |
Important |
|
SQL Server |
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability |
Important |
|
SQL Server |
Microsoft SQL Server Native Scoring Information Disclosure Vulnerability |
Important |
|
SQL Server |
Microsoft SQL Server Information Disclosure Vulnerability |
Important |
|
SQL Server |
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability |
Important |
|
SQL Server |
Microsoft SQL Server Native Scoring Information Disclosure Vulnerability |
Important |
|
SQL Server |
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability |
Important |
|
SQL Server |
Microsoft SQL Server Elevation of Privilege Vulnerability |
Important |
|
SQL Server |
Microsoft SQL Server Elevation of Privilege Vulnerability |
Important |
|
Windows Admin Center |
Microsoft Windows Admin Center Information Disclosure Vulnerability |
Important |
|
Windows AllJoyn API |
Microsoft AllJoyn API Information Disclosure Vulnerability |
Important |
|
Windows Authentication Methods |
Windows Authentication Information Disclosure Vulnerability |
Important |
|
Windows DHCP Server |
DHCP Server Service Denial of Service Vulnerability |
Important |
|
Windows Installer |
Windows Installer Elevation of Privilege Vulnerability |
Important |
|
Windows Kerberos |
Windows Kerberos Elevation of Privilege Vulnerability |
Important |
|
Windows Kernel-Mode Drivers |
Windows Kernel-Mode Driver Information Disclosure Vulnerability |
Important |
|
Windows Libarchive |
Windows libarchive Remote Code Execution Vulnerability |
Important |
|
Windows Mark of the Web (MOTW) |
Windows Mark of the Web Security Feature Bypass Vulnerability |
Important |
|
Windows Mark of the Web (MOTW) |
Windows Mark of the Web Security Feature Bypass Vulnerability |
Moderate |
|
Windows MSHTML Platform |
Windows MSHTML Platform Spoofing Vulnerability |
Important |
|
Windows Network Address Translation (NAT) |
Windows Network Address Translation (NAT) Remote Code Execution Vulnerability |
Critical |
|
Windows Network Virtualization |
Windows Networking Denial of Service Vulnerability |
Important |
|
Windows Network Virtualization |
Windows Networking Denial of Service Vulnerability |
Important |
|
Windows Network Virtualization |
Windows Networking Denial of Service Vulnerability |
Important |
|
Windows Network Virtualization |
Windows Networking Information Disclosure Vulnerability |
Important |
|
Windows PowerShell |
PowerShell Elevation of Privilege Vulnerability |
Important |
|
Windows Remote Access Connection Manager |
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability |
Important |
|
Windows Remote Desktop Licensing Service |
Windows Remote Desktop Licensing Service Denial of Service Vulnerability |
Important |
|
Windows Remote Desktop Licensing Service |
Windows Remote Desktop Licensing Service Information Disclosure Vulnerability |
Important |
|
Windows Remote Desktop Licensing Service |
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability |
Important |
|
Windows Remote Desktop Licensing Service |
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability |
Important |
|
Windows Remote Desktop Licensing Service |
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability |
Important |
|
Windows Remote Desktop Licensing Service |
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability |
Important |
|
Windows Remote Desktop Licensing Service |
Windows Remote Desktop Licensing Service Spoofing Vulnerability |
Important |
|
Windows Security Zone Mapping |
Windows Security Zone Mapping Security Feature Bypass Vulnerability |
Important |
|
Windows Setup and Deployment |
Windows Setup and Deployment Elevation of Privilege Vulnerability |
Important |
|
Windows Standards-Based Storage Management Service |
Windows Standards-Based Storage Management Service Denial of Service Vulnerability |
Important |
|
Windows Storage |
Windows Storage Elevation of Privilege Vulnerability |
Important |
|
Windows TCP/IP |
Windows TCP/IP Remote Code Execution Vulnerability |
Important |
|
Windows TCP/IP |
Windows TCP/IP Remote Code Execution Vulnerability |
Important |
|
Windows Update |
Microsoft Windows Update Remote Code Execution Vulnerability |
Critical |
|
Windows Win32K – GRFX |
Win32k Elevation of Privilege Vulnerability |
Important |
|
Windows Win32K – ICOMP |
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability |
Important |
|
Windows Win32K – ICOMP |
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability |
Important |
Last Updated on November 18, 2024 12:02 pm CET