Menu
“Patch Tuesday” is an unofficial term used to refer to the second Tuesday of each month, when Microsoft, Adobe, Oracle, Google and other vendors regularly release software patches for their software products. Critical security updates are occasionally released outside of the normal Patch Tuesday cycle, but these are known as “Out-of-band” releases.
You can access the Microsoft list of Security Updates for September 2024 directly at msrc.microsoft.com/update-guide/releaseNote/2024-Sep
The top story this month without a question is CVE-2024-43491, a ‘Pandora’s Box’ that has rolled back previous fixes for a number of critical vulnerabilities affecting Optional Components on Windows 10. Due to a major flaw in the implementation of a controversial ‘Rollback’ feature of the Windows Servicing Stack, multiple previously-patched vulnerabilities were inadvertently rolled back to a vulnerable state and will have remained in a vulnerable state since March 2024. What’s worse is that several of the vulnerabilities that had their patches rolled back were already known to be undergoing active exploit in the wild. And in an extra sting in the tail causing headaches for system administrators, Windows update would erroneously report that it is fully patched, leaving IT managers unaware of the risk. Oof.
Microsoft Patch Tuesday, September 2024 update also includes important updates for vulnerabilities in Microsoft Office and Components, Windows Hyper-V, Windows DHCP Server, Microsoft Streaming Service, Microsoft Management Console, Windows MSHTML Platform, Microsoft Dynamics 365 (on-premises), and more.
The list of “Known Exploited” vulnerabilities below have been reported by the CISA, America’s Cyber Defense Agency, to be known to be currently being exploited in the wild and at scale. These represent the absolute highest priority for patching for many organisations.
The AppCheck Scanner is able to detect these vulnerabilities and report on their presence in your technical estate, enabling you to effectively and swiftly target them for remediation – please click each CVE below to read more about each entry on our public-facing Detections database.
Attackers are exploiting this vulnerability to enable an escalation of privilege and gain SYSTEM (superuser) privileges, allowing them to execute arbitrary commands from a privileged context.
See more details in the AppCheck Detections Service at https://detections.appcheck-ng.com/vulnerabilities/view/320659
Attackers are reported to be exploiting a flaw in the Windows Mark of the Web (MOTW) protection mechanism to deploy malware and ransomware on vulnerable systems.
See more details in the AppCheck Detections Service at https://detections.appcheck-ng.com/vulnerabilities/view/320661
Attackers have found a way to bypass Office macro policies used to block the execution of malicious code contained in untrusted files, and are exploiting it via social engineering attacks to execute arbitrary (attacker-controlled) macro code on victims’ machines.
See more details in the AppCheck Detections Service at https://detections.appcheck-ng.com/vulnerabilities/view/320663
A serious flaw in Microsoft’s Servicing Stack means that patches already applied by system administrators against critical vulnerabilities may have been rolled back. As a result, previously-secure systems have been laid open to exploitation multiple critical, previously-patched vulnerabilities.
See more details in the AppCheck Detections Service at https://detections.appcheck-ng.com/vulnerabilities/view/320701
The list of “Critical” vulnerabilities below are all those with a “CVSS” score of 9.0 or greater. This generally reflects a vulnerability that is a critical risk, being both trivial to exploit, likely to be exploited, and which could cause great harm and damage if exploited:
| Product | CVE | CVSS Score |
|---|---|---|
| Azure Stack Hub Elevation of Privilege | CVE-2024-38220 | 9.0 |
| Microsoft Windows Update Remote Code Execution Vulnerability | CVE-2024-43491 | 9.8 |
The list of “Highly Exploitable” vulnerabilities below are all those which Microsoft has determined are relatively trivial to exploit.
| Product | CVE | CVSS Score |
|---|---|---|
| Microsoft Office SharePoint6.5 | CVE-2024-38018 | 8.8 |
| Microsoft Office SharePoint | CVE-2024-38227 | 7.2 |
| Microsoft Office SharePoint | CVE-2024-38228 | 7.2 |
| Microsoft Streaming Service | CVE-2024-38237 | 7.8 |
| Microsoft Streaming Service | CVE-2024-38238 | 7.8 |
| Microsoft Streaming Service | CVE-2024-38241 | 7.8 |
| Microsoft Streaming Service | CVE-2024-38242 | 7.8 |
| Microsoft Streaming Service | CVE-2024-38243 | 7.8 |
| Microsoft Streaming Service | CVE-2024-38244 | 7.8 |
| Microsoft Streaming Service | CVE-2024-38245 | 7.8 |
| Windows Win32K – GRFX | CVE-2024-38246 | 7.0 |
| Microsoft Graphics Component | CVE-2024-38247 | 7.8 |
| Microsoft Graphics Component | CVE-2024-38249 | 7.8 |
| Windows Win32K – ICOMP | CVE-2024-38252 | 7.8 |
| Windows Win32K – ICOMP | CVE-2024-38253 | 7.8 |
| Windows Setup and Deployment | CVE-2024-43457 | 7.8 |
| Windows MSHTML Platform | CVE-2024-43461 | 8.8 |
| Microsoft Office SharePoint | CVE-2024-43464 | 7.2 |
| Windows Mark of the Web (MOTW) | CVE-2024-43487 | 6.5 |
In addition to the above, Microsoft released 79 important security patches in total.
Products affected by this Patch Tuesday’s updates include:
You can see the full list on Microsoft’s Security Update Guide page (https://msrc.microsoft.com/update-guide/en-us), along with the associated KB articles and security vulnerability details.
Total Microsoft CVEs: 79
Currently exploited: 4
Highly Exploitable: 19
As with every month, if you don’t want to wait for your system to download Microsoft critical updates on pre-determined schedule, you can download them immediately from the Windows Update Catalog website at https://www.catalog.update.microsoft.com/Home.aspx and searching by Microsoft KB ID.
We also recommend scanning your entire estate using the AppCheck vulnerability scanner regularly – including end-user machines running desktop operating systems. Contact your account manager now if you are not already licensed for internal scan hubs to cover your whole estate.
The next Patch Tuesday will be on 8th October 2024 – add it to your calendar now!
AppCheck is a software security vendor based in the UK, offering a leading security scanning platform that automates the discovery of security flaws within organisations websites, applications, network, and cloud infrastructure. AppCheck are authorized by the Common Vulnerabilities and Exposures (CVE) Program as a CVE Numbering Authority (CNA).
No software to download or install.
Contact us or call us 0113 887 8380
AppCheck is a software security vendor based in the UK, offering a leading security scanning platform that automates the discovery of security flaws within organisations websites, applications, network and cloud infrastructure. AppCheck are authorized by te Common Vulnerabilities and Exposures (CVE) Program aas a CVE Numbering Authority (CNA)
