Microsoft’s September 2024 Patch Tuesday Addresses 79 Security Flaws Including 4 Zero-days

September 10, 2024

Microsoft's September 2024 Patch Tuesday saw the company release security updates for 79 flaws, among them four zero-days that are currently being exploited and one that has been disclosed to the public. These vulnerabilities were either remote code execution or elevation of privilege flaws, with seven of them being deemed critical.

The zero-day vulnerabilities being actively exploited that were addressed in this month's Patch Tuesday were: CVE-2024-38014, a Windows Installer Elevation of Privilege Vulnerability; CVE-2024-38217, a Windows Mark of the Web Security Feature Bypass Vulnerability; CVE-2024-38226, a Microsoft Publisher Security Feature Bypass Vulnerability; and CVE-2024-43491, a Microsoft Windows Update Remote Code Execution Vulnerability.

The Windows Installer Elevation of Privilege Vulnerability (CVE-2024-38014) enables attackers to gain SYSTEM privileges on Windows systems. The flaw was discovered by Michael Baer of SEC Consult Vulnerability Lab, but Microsoft has not released any information on how the vulnerability was exploited in attacks.

The Windows Mark of the Web Security Feature Bypass Vulnerability (CVE-2024-38217) was publicly disclosed by Joe Desimone of Elastic Security and has reportedly been actively exploited since 2018. Desimone detailed a technique known as LNK stomping, which allows specially crafted LNK files with non-standard target paths or internal structures to bypass Smart App Control and the Mark of the Web security warnings. Microsoft's advisory explains, 'An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as SmartScreen Application Reputation security check and/or the legacy Windows Attachment Services security prompt.'

The Microsoft Publisher Security Feature Bypass Vulnerability (CVE-2024-38226) allows an attacker to bypass Office macro policies used to block untrusted or malicious files. Microsoft's advisory explains, 'An attacker who successfully exploited this vulnerability could bypass Office macro policies used to block untrusted or malicious files.' The company has not disclosed who reported the flaw or how it was exploited.

The Microsoft Windows Update Remote Code Execution Vulnerability (CVE-2024-43491) is a servicing stack flaw that allows remote code execution. This vulnerability only impacts Windows 10, version 1507, which reached the end of life in 2017. However, it also affects Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB editions, which are still under support. Microsoft's advisory explains, 'This means that an attacker could exploit these previously mitigated vulnerabilities on Windows 10, version 1507 (Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB) systems that have installed the Windows security update released on March 12, 2024—KB5035858 (OS Build 10240.20526) or other updates released until August 2024.'

Latest News

• Akira Ransomware Group Exploits SonicWall Vulnerability for Remote Code Execution
• Chinese APT Group Mustang Panda Exploits Visual Studio Code in Southeast Asian Cyberattacks
• Critical 10/10 Severity RCE Vulnerability Identified in Progress LoadMaster
• SonicWall SSLVPN Vulnerability Exploited in Cyber Attacks: Urgent Call for Patching
• Critical Remote Code Execution Vulnerability Detected in Veeam Backup & Replication Software