Wednesday, September 11, 2024

Microsoft Patch Tuesday: September 2024 Brings Fixes for 79 Vulnerabilities, Including Four Actively Exploited Zero-Days

Microsoft's September 2024 Patch Tuesday delivered a significant wave of security updates, addressing a whopping 79 vulnerabilities across various products and services. This month's patch cycle holds particular importance due to the inclusion of fixes for four actively exploited zero-day vulnerabilities, one of which was publicly disclosed.

Zero-Day Vulnerabilities: A Threat in Real-Time

The term "zero-day" signifies a security flaw that is publicly disclosed or actively exploited in the wild before a patch is released. This poses a significant risk to users as attackers can leverage these vulnerabilities before any defense measures are implemented.

The September 2024 Zero-Day Vulnerabilities:

  1. CVE-2024-38014: Windows Installer Elevation of Privilege Vulnerability: This flaw allows attackers to gain SYSTEM privileges on Windows systems. While Microsoft hasn't shared details about how this vulnerability was exploited, its severity necessitates immediate patching.

  2. CVE-2024-38217: Windows Mark of the Web Security Feature Bypass Vulnerability: Publicly disclosed last month by Joe Desimone of Elastic Security, this vulnerability has been exploited since 2018. The "LNK stomping" technique allows attackers to bypass security warnings and execute commands through specially crafted LNK files, potentially leading to significant security breaches.

  3. CVE-2024-38226: Microsoft Publisher Security Feature Bypass Vulnerability: This vulnerability allows attackers to bypass security protections against embedded macros in downloaded documents. This means malicious actors can potentially deliver harmful payloads disguised within seemingly harmless documents.

  4. CVE-2024-43491: Microsoft Windows Update Remote Code Execution Vulnerability: This issue stems from a servicing stack flaw that allows attackers to execute code remotely. Interestingly, this vulnerability specifically affects Windows 10 version 1507, which reached its end-of-life in 2017. However, it also impacts Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB editions, which are still supported. This vulnerability also caused a rollback of certain Optional Components in Windows 10 version 1507, reintroducing previously patched vulnerabilities.

Beyond Zero-Days: A Comprehensive Patch Landscape

The September 2024 Patch Tuesday goes beyond just zero-day fixes, offering a broad spectrum of security updates categorized by vulnerability type:

  • Elevation of Privilege (30): These flaws allow attackers to gain higher privileges within a system, potentially leading to full system control.

  • Security Feature Bypass (4): These vulnerabilities allow attackers to bypass security measures, enabling them to exploit other vulnerabilities.

  • Remote Code Execution (23): This category includes vulnerabilities that allow attackers to execute malicious code on a target system, granting them control.

  • Information Disclosure (11): These flaws expose sensitive information to attackers, potentially leading to data breaches or further exploits.

  • Denial of Service (8): These vulnerabilities aim to disrupt service availability by overloading or crashing systems.

  • Spoofing (3): These flaws allow attackers to impersonate legitimate users or entities, potentially tricking victims into sharing sensitive information.

The Importance of Patching: A Vital Security Measure

The September 2024 Patch Tuesday highlights the critical importance of staying up-to-date with security updates. Failing to patch systems promptly leaves them vulnerable to exploitation, making them prime targets for malicious actors.

Patching Tips and Best Practices:

  • Install Updates Promptly: Apply security patches as soon as possible after their release.

  • Implement Automated Patching: Set up automated patching mechanisms to ensure regular updates without manual intervention.

  • Test Patches Before Deployment: Where possible, test updates in a controlled environment to minimize potential disruption.

  • Keep a Record of Patching: Maintain a record of applied patches to facilitate troubleshooting and security audits.

  • Stay Informed: Stay informed about new vulnerabilities and security advisories.

Beyond Microsoft: Updates From Other Vendors

Beyond Microsoft's Patch Tuesday, other software vendors have also released security updates in September 2024, addressing critical vulnerabilities across a range of products. These include:

  • Apache: Addressing a critical OFBiz remote code execution vulnerability that bypassed previously fixed flaws.

  • Cisco: Fixing multiple vulnerabilities, including a backdoor admin account in Smart Licensing Utility and a command injection vulnerability in ISE.

  • Eucleak Attack: This attack method extracts ECDSA secret keys to clone YubiKey FIDO devices.

  • Fortinet: Releasing security updates for flaws in Fortisandbox and FortiAnalyzer & FortiManager.

  • Google: Backporting a fix for an actively exploited Pixel elevation of privileges flaw to other Android devices.

  • Ivanti: Releasing security updates for a critical vTM auth bypass vulnerability with a public exploit.

  • LiteSpeed Cache: This plugin for WordPress fixed an unauthenticated account takeover issue.

  • SonicWall: Addressing a previously fixed access control flaw that is now exploited in ransomware attacks.

  • Veeam: Fixing a critical RCE vulnerability in Backup & Replication software.

  • Zyxel: Issuing a warning about a critical OS command injection flaw in its routers.

The Comprehensive List of September 2024 Patch Tuesday Updates:

The following table provides a complete list of vulnerabilities addressed in the September 2024 Patch Tuesday updates. To access a full description of each vulnerability and the affected systems, you can consult the Microsoft Security Update Guide.

TagCVE IDCVE TitleSeverity
Azure CycleCloudCVE-2024-43469Azure CycleCloud Remote Code Execution VulnerabilityImportant
Azure Network WatcherCVE-2024-38188Azure Network Watcher VM Agent Elevation of Privilege VulnerabilityImportant
Azure Network WatcherCVE-2024-43470Azure Network Watcher VM Agent Elevation of Privilege VulnerabilityImportant
Azure StackCVE-2024-38216Azure Stack Hub Elevation of Privilege VulnerabilityCritical
Azure StackCVE-2024-38220Azure Stack Hub Elevation of Privilege VulnerabilityCritical
Azure Web AppsCVE-2024-38194Azure Web Apps Elevation of Privilege VulnerabilityCritical
Dynamics Business CentralCVE-2024-38225Microsoft Dynamics 365 Business Central Elevation of Privilege VulnerabilityImportant
Microsoft AutoUpdate (MAU)CVE-2024-43492Microsoft AutoUpdate (MAU) Elevation of Privilege VulnerabilityImportant
Microsoft Dynamics 365 (on-premises)CVE-2024-43476Microsoft Dynamics 365 (on-premises) Cross-site Scripting VulnerabilityImportant
Microsoft Graphics ComponentCVE-2024-38247Windows Graphics Component Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2024-38250Windows Graphics Component Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2024-38249Windows Graphics Component Elevation of Privilege VulnerabilityImportant
Microsoft Management ConsoleCVE-2024-38259Microsoft Management Console Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2024-43465Microsoft Excel Elevation of Privilege VulnerabilityImportant
Microsoft Office PublisherCVE-2024-38226Microsoft Publisher Security Feature Bypass VulnerabilityImportant
Microsoft Office SharePointCVE-2024-38227Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2024-43464Microsoft SharePoint Server Remote Code Execution VulnerabilityCritical
Microsoft Office SharePointCVE-2024-38018Microsoft SharePoint Server Remote Code Execution VulnerabilityCritical
Microsoft Office SharePointCVE-2024-38228Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2024-43466Microsoft SharePoint Server Denial of Service VulnerabilityImportant
Microsoft Office VisioCVE-2024-43463Microsoft Office Visio Remote Code Execution VulnerabilityImportant
Microsoft Outlook for iOSCVE-2024-43482Microsoft Outlook for iOS Information Disclosure VulnerabilityImportant
Microsoft Streaming ServiceCVE-2024-38245Kernel Streaming Service Driver Elevation of Privilege VulnerabilityImportant
Microsoft Streaming ServiceCVE-2024-38241Kernel Streaming Service Driver Elevation of Privilege VulnerabilityImportant
Microsoft Streaming ServiceCVE-2024-38242Kernel Streaming Service Driver Elevation of Privilege VulnerabilityImportant
Microsoft Streaming ServiceCVE-2024-38244Kernel Streaming Service Driver Elevation of Privilege VulnerabilityImportant
Microsoft Streaming ServiceCVE-2024-38243Kernel Streaming Service Driver Elevation of Privilege VulnerabilityImportant
Microsoft Streaming ServiceCVE-2024-38237Kernel Streaming WOW Thunk Service Driver Elevation of Privilege VulnerabilityImportant
Microsoft Streaming ServiceCVE-2024-38238Kernel Streaming Service Driver Elevation of Privilege VulnerabilityImportant
Power AutomateCVE-2024-43479Microsoft Power Automate Desktop Remote Code Execution VulnerabilityImportant
Role: Windows Hyper-VCVE-2024-38235Windows Hyper-V Denial of Service VulnerabilityImportant
SQL ServerCVE-2024-37338Microsoft SQL Server Native Scoring Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-37980Microsoft SQL Server Elevation of Privilege VulnerabilityImportant
SQL ServerCVE-2024-26191Microsoft SQL Server Native Scoring Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-37339Microsoft SQL Server Native Scoring Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-37337Microsoft SQL Server Native Scoring Information Disclosure VulnerabilityImportant
SQL ServerCVE-2024-26186Microsoft SQL Server Native Scoring Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-37342Microsoft SQL Server Native Scoring Information Disclosure VulnerabilityImportant
SQL ServerCVE-2024-43474Microsoft SQL Server Information Disclosure VulnerabilityImportant
SQL ServerCVE-2024-37335Microsoft SQL Server Native Scoring Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-37966Microsoft SQL Server Native Scoring Information Disclosure VulnerabilityImportant
SQL ServerCVE-2024-37340Microsoft SQL Server Native Scoring Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-37965Microsoft SQL Server Elevation of Privilege VulnerabilityImportant
SQL ServerCVE-2024-37341Microsoft SQL Server Elevation of Privilege VulnerabilityImportant
Windows Admin CenterCVE-2024-43475Microsoft Windows Admin Center Information Disclosure VulnerabilityImportant
Windows AllJoyn APICVE-2024-38257Microsoft AllJoyn API Information Disclosure VulnerabilityImportant
Windows Authentication MethodsCVE-2024-38254Windows Authentication Information Disclosure VulnerabilityImportant
Windows DHCP ServerCVE-2024-38236DHCP Server Service Denial of Service VulnerabilityImportant
Windows InstallerCVE-2024-38014Windows Installer Elevation of Privilege VulnerabilityImportant
Windows KerberosCVE-2024-38239Windows Kerberos Elevation of Privilege VulnerabilityImportant
Windows Kernel-Mode DriversCVE-2024-38256Windows Kernel-Mode Driver Information Disclosure VulnerabilityImportant
Windows LibarchiveCVE-2024-43495Windows libarchive Remote Code Execution VulnerabilityImportant
Windows Mark of the Web (MOTW)CVE-2024-38217Windows Mark of the Web Security Feature Bypass VulnerabilityImportant
Windows Mark of the Web (MOTW)CVE-2024-43487Windows Mark of the Web Security Feature Bypass VulnerabilityModerate
Windows MSHTML PlatformCVE-2024-43461Windows MSHTML Platform Spoofing VulnerabilityImportant
Windows Network Address Translation (NAT)CVE-2024-38119Windows Network Address Translation (NAT) Remote Code Execution VulnerabilityCritical
Windows Network VirtualizationCVE-2024-38232Windows Networking Denial of Service VulnerabilityImportant
Windows Network VirtualizationCVE-2024-38233Windows Networking Denial of Service VulnerabilityImportant
Windows Network VirtualizationCVE-2024-38234Windows Networking Denial of Service VulnerabilityImportant
Windows Network VirtualizationCVE-2024-43458Windows Networking Information Disclosure VulnerabilityImportant
Windows PowerShellCVE-2024-38046PowerShell Elevation of Privilege VulnerabilityImportant
Windows Remote Access Connection ManagerCVE-2024-38240Windows Remote Access Connection Manager Elevation of Privilege VulnerabilityImportant
Windows Remote Desktop Licensing ServiceCVE-2024-38231Windows Remote Desktop Licensing Service Denial of Service VulnerabilityImportant
Windows Remote Desktop Licensing ServiceCVE-2024-38258Windows Remote Desktop Licensing Service Information Disclosure VulnerabilityImportant
Windows Remote Desktop Licensing ServiceCVE-2024-43467Windows Remote Desktop Licensing Service Remote Code Execution VulnerabilityImportant
Windows Remote Desktop Licensing ServiceCVE-2024-43454Windows Remote Desktop Licensing Service Remote Code Execution VulnerabilityImportant
Windows Remote Desktop Licensing ServiceCVE-2024-38263Windows Remote Desktop Licensing Service Remote Code Execution VulnerabilityImportant
Windows Remote Desktop Licensing ServiceCVE-2024-38260Windows Remote Desktop Licensing Service Remote Code Execution VulnerabilityImportant
Windows Remote Desktop Licensing ServiceCVE-2024-43455Windows Remote Desktop Licensing Service Spoofing VulnerabilityImportant
Windows Security Zone MappingCVE-2024-30073Windows Security Zone Mapping Security Feature Bypass VulnerabilityImportant
Windows Setup and DeploymentCVE-2024-43457Windows Setup and Deployment Elevation of Privilege VulnerabilityImportant
Windows Standards-Based Storage Management ServiceCVE-2024-38230Windows Standards-Based Storage Management Service Denial of Service VulnerabilityImportant
Windows StorageCVE-2024-38248Windows Storage Elevation of Privilege VulnerabilityImportant
Windows TCP/IPCVE-2024-21416Windows TCP/IP Remote Code Execution VulnerabilityImportant
Windows TCP/IPCVE-2024-38045Windows TCP/IP Remote Code Execution VulnerabilityImportant
Windows UpdateCVE-2024-43491Microsoft Windows Update Remote Code Execution VulnerabilityCritical
Windows Win32K - GRFXCVE-2024-38246Win32k Elevation of Privilege VulnerabilityImportant
Windows Win32K - ICOMPCVE-2024-38252Windows Win32 Kernel Subsystem Elevation of Privilege VulnerabilityImportant
Windows Win32K - ICOMPCVE-2024-38253Windows Win32 Kernel Subsystem Elevation of Privilege VulnerabilityImportant

Staying Safe in a Cyber-Threat Landscape

The constant emergence of vulnerabilities underscores the ever-evolving nature of cybersecurity. Staying informed about new threats, prioritizing patching, and implementing robust security practices are crucial to safeguarding systems and data. By staying proactive, users can significantly reduce their risk and maintain a secure digital environment.

0 comments:

Post a Comment