Summary of Critical Updates
Microsoft’s September 2024 Patch Tuesday addresses a total of 79 vulnerabilities, including four zero-days, three of which have been actively exploited. Seven critical vulnerabilities were patched this month, primarily focusing on remote code execution (RCE) and elevation of privilege (EoP) flaws.
The breakdown of vulnerabilities patched includes:
- 30 Elevation of Privilege (EoP) vulnerabilities
- 23 Remote Code Execution (RCE) vulnerabilities
- 11 Information Disclosure vulnerabilities
- 8 Denial of Service (DoS) vulnerabilities
- 4 Security Feature Bypass vulnerabilities
- 3 Spoofing vulnerabilities
For additional details on non-security updates, you can explore the latest Windows 11 KB5043076 and Windows 10 KB5043064 cumulative updates.
Zero-Day Vulnerabilities
- CVE-2024-43491 | Windows Update Remote Code Execution (RCE):
This vulnerability affects the Windows Update mechanism and primarily targets Windows 10 Enterprise 2015 LTSB and IoT versions. It was rated as a critical zero-day with a CVSS score of 9.8 and has been exploited in the wild, albeit indirectly. The issue stems from an incorrect handling of optional components in the Servicing Stack, which causes rollbacks of previously patched vulnerabilities. While Microsoft found no direct exploitation, observed rollbacks of previously exploited CVEs led them to assess this flaw as actively exploited. - CVE-2024-38217 | Windows Mark of the Web (MOTW) Security Feature Bypass:
Exploited in the wild and publicly disclosed before patching, this vulnerability affects the security feature designed to mark files downloaded from the internet. Attackers can trick users into opening specially crafted files that bypass MOTW protections, making it easier to launch malicious code. The flaw had been exploited for over six years, with the earliest exploitation dating back to 2018. - CVE-2024-38014 | Windows Installer Elevation of Privilege (EoP):
This zero-day targets the Windows Installer and allows attackers to gain SYSTEM-level privileges once exploited. Though the exact method of exploitation has not been disclosed, this vulnerability could be used in post-compromise scenarios, enabling attackers to escalate their control over compromised networks. - CVE-2024-38226 | Microsoft Publisher Security Feature Bypass:
Affecting Microsoft Publisher, this vulnerability allows attackers to bypass Office macro protections by getting users to download specially crafted files. Exploited in the wild, this flaw poses a significant risk since it undermines one of the core defenses against malicious macros in Office documents.
Other Critical Vulnerabilities:
- CVE-2024-43491 | Windows Update RCE:
The most severe vulnerability this month, affecting optional components in Windows Update, poses an extreme risk because successful exploitation could revert previously mitigated vulnerabilities, enabling attackers to re-exploit older flaws. The issue impacts several optional features, including Internet Explorer 11, .NET Framework, and Windows Media Player. - CVE-2024-38018 | Microsoft SharePoint Server RCE:
This vulnerability allows attackers with authenticated access to execute arbitrary code on Microsoft SharePoint Server with a CVSS score of 8.8. While Microsoft has not disclosed exact exploit methods, an attacker could leverage page creation permissions to inject malicious code into SharePoint environments. - CVE-2024-26186, CVE-2024-26191 | SQL Server Native Scoring RCE:
A cluster of six RCE vulnerabilities in Microsoft SQL Server Native Scoring poses risks for data integrity. While rated important with a CVSS score of 8.8, the vulnerabilities allow authenticated attackers to manipulate pre-trained models and apply them to their data without leaving the database. These flaws could escalate to RCE if combined with other exploits or security misconfigurations.
Adobe and Other Vendor Updates:
In addition to Microsoft’s patches, Adobe released updates addressing vulnerabilities across its product line. Key updates include:
- Adobe Acrobat and Reader: Addressing 17 vulnerabilities, some of which were rated as critical, allowing for remote code execution.
- Adobe Photoshop: Five vulnerabilities were addressed, primarily focusing on memory corruption flaws that could lead to RCE.
- Adobe After Effects: A smaller update, fixing two vulnerabilities related to security feature bypass.
Active exploitation of some Adobe products is suspected, particularly in Adobe Reader, where malicious PDFs can be used to exploit vulnerabilities before users have a chance to update.
Best Practices for Users
Given the critical nature of these updates, it is crucial for users to stay up-to-date with the latest security patches from Microsoft and Adobe. While it’s recommended to install these updates promptly, waiting a day or two can be prudent. This approach allows time for any immediate issues with the updates to be addressed. Furthermore, backing up data or imaging the Windows drive before applying new updates can prevent data loss in case of problems during the update process.
To mitigate risks associated with the vulnerabilities addressed in September’s Patch Tuesday, users are encouraged to:
- Update promptly: Apply security updates as soon as possible to avoid exposure to actively exploited vulnerabilities.
- Back up data: Before installing updates, ensure that important data is backed up in case any system issues arise during patch deployment.
- Monitor trusted sources: Stay informed on further developments by monitoring trusted resources like the SANS Internet Storm Center and vendor-specific advisories for any post-update complications or new attack vectors.
By following these practices, users can reduce their risk of falling victim to attacks targeting unpatched vulnerabilities.
How Can Netizen Help?
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.
Questions or concerns? Feel free to reach out to us any time –
https://www.netizen.net/contact