Skip to main content

Microsoft Releases September 2024 Security Updates

Scheduled updates for Microsoft products fix 79 vulnerabilities, including four zero-day vulnerabilities

Threat ID:
CC-4548
Threat Severity:
Medium
Published:
11 September 2024 3:53 PM
Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Scheduled updates for Microsoft products fix 79 vulnerabilities, including four zero-day vulnerabilities

Affected platforms

The following platforms are known to be affected:

Windows 10

Microsoft SharePoint Server

Microsoft Office

The following platforms are also known to be affected:

  • Azure CycleCloud
  • Azure Network Watcher
  • Azure Stack
  • Azure Web Apps
  • Dynamics Business Central
  • Microsoft AutoUpdate (MAU)
  • Microsoft Dynamics 365 (on-premises)
  • Microsoft Graphics Component
  • Microsoft Management Console
  • Microsoft Office Excel
  • Microsoft Office Publisher
  • Microsoft Office SharePoint
  • Microsoft Office Visio
  • Microsoft Outlook for iOS
  • Microsoft Streaming Service
  • Microsoft Windows
  • Power Automate
  • Role: Windows Hyper-V
  • Servicing Stack Updates
  • SQL Server
  • Windows Admin Center
  • Windows AllJoyn API
  • Windows Authentication Methods
  • Windows Deployment Services
  • Windows DHCP Server
  • Windows Installer
  • Windows Kerberos
  • Windows Kernel-Mode Drivers
  • Windows Mark of the Web (MOTW)
  • Windows MSHTML Platform
  • Windows Network Address Translation (NAT)
  • Windows Network Virtualization
  • Windows PowerShell
  • Windows Remote Access Connection Manager
  • Windows Remote Desktop Licensing Service
  • Windows Security Zone Mapping
  • Windows Setup and Deployment
  • Windows Standards-Based Storage Management Service
  • Windows Storage
  • Windows TCP/IP
  • Windows Update
  • Windows Win32K – GRFX
  • Windows Win32K - ICOMP

Threat details

Active zero-day exploitation of five vulnerabilities

Microsoft have reported that four vulnerabilities are under active exploitation. These are:

  • CVE-2024-38014
  • CVE-2024-38217
  • CVE-2024-38226
  • CVE-2024-43491

Additionally, security researchers are reporting that CVE-2024-43461 is under exploitation as a zero-day.

Introduction

Microsoft has released security updates to address 79 vulnerabilities in Microsoft products. The security updates include four zero-day vulnerabilities, one under active exploitation and one publicly disclosed.

Vulnerability details

  • CVE-2024-38014 - Windows Installer Elevation of Privilege Vulnerability
    CVE-2024-38014 is an 'improper privilege management' vulnerability in Windows Installer with a CVSSv3 score of 7.8. Successful exploitation could allow a local attacker with low privileges to elevate to system privileges. This vulnerability is under active exploitation as a zero-day. 
     
  • CVE-2024-38217 - Windows Mark of the Web Security Feature Bypass Vulnerability 
    CVE-2024-38217 is a 'protection mechanism failure' vulnerability in Windows Mark of the Web Security Feature with a CVSSv3 score of 5.4. Successful exploitation could allow a remote attacker to interfere with Mark of the Web functionality by hosting a file on an attacker-controlled server and convincing a user to download and open it. This vulnerability is under active exploitation as a zero-day.
     
  • CVE-2024-38226 - Microsoft Publisher Security Feature Bypass Vulnerability
    CVE-2024-38226 is a ‘protection mechanism failure’ vulnerability in Microsoft Publisher with a CVSSv3 score of 7.3. Successful exploitation could allow a remote attacker to bypass Office macro policies used to block untrusted or malicious files. This vulnerability is under active exploitation as a zero-day.
     
  • CVE-2024-43491 - Microsoft Windows Update Remote Code Execution Vulnerability
    CVE-2024-43491 is a ‘use after free’ vulnerability in Servicing Stack that has rolled back fixes for some vulnerabilities affecting optional components on Windows 10, version 1507 (Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB) and has a CVSSv3 score of 9.8. Successful exploitation could allow a remote attacker to exploit previously mitigated vulnerabilities on affected systems that have installed Windows security update KB5035858 (OS Build 10240.20526) or other updates released until August 2024. This vulnerability is under active exploitation as a zero-day.
     
  • CVE-2024-43461 - Windows MSHTML Platform Spoofing Vulnerability
    CVE-2024-43461 is a ‘user interface misrepresentation of critical information’ vulnerability affecting Windows MSHTML platform with a CVSSv3 score of 8.8. Successful exploitation by an attacker requires user interaction. Trend Micro Zero Day Initiative report this vulnerability as exploited in the wild.
     
  • CVE-2024-38018 - Microsoft SharePoint Server Remote Code Execution Vulnerability
    CVE-2024-38018 Is a ‘deserialisation of untrusted data’ vulnerability in Microsoft Sharepoint Server with a CVSSv3 score of 8.8. Successful exploitation could allow a remote attacker with a minimum of site member privileges to achieve remote code execution (RCE) on the Sharepoint Server.

Remediation advice

Affected organisations are encouraged to review Microsoft's September 2024 Security Update Summary and apply the relevant updates.

CVE Vulnerabilities

Status Published

CVE-2024-38014

Windows Installer Elevation of Privilege Vulnerability
Status Published

CVE-2024-38217

Windows Mark of the Web Security Feature Bypass Vulnerability
Status Published

CVE-2024-38226

Microsoft Publisher Security Feature Bypass Vulnerability
Status Published

CVE-2024-43491

Microsoft is aware of a vulnerability in Servicing Stack that has rolled back the fixes for some vulnerabilities affecting Optional Components on Windows 10, version 1507 (initial version released July 2015). This means that an attacker could exploit these previously mitigated vulnerabilities on Windows 10, version 1507 (Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB) systems that have installed the Windows security update released on March 12, 2024—KB5035858 (OS Build 10240.20526) or other updates released until August 2024. All later versions of Windows 10 are not impacted by this vulnerability. This servicing stack vulnerability is addressed by installing the September 2024 Servicing stack update (SSU KB5043936) AND the September 2024 Windows security update (KB5043083), in that order. Note: Windows 10, version 1507 reached the end of support (EOS) on May 9, 2017 for devices running the Pro, Home, Enterprise, Education, and Enterprise IoT editions. Only Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB editions are still under support.
Status Published

CVE-2024-43461

Windows MSHTML Platform Spoofing Vulnerability
Status Published

CVE-2024-38018

Microsoft SharePoint Server Remote Code Execution Vulnerability

Last edited: 11 September 2024 3:53 pm