NIX Solutions: Microsoft’s September 2024 Security Update

Microsoft has rolled out a crucial security update for Windows operating systems, addressing a total of 79 vulnerabilities. These include “critical” and “high risk” flaws, with four vulnerabilities already being exploited in the wild. The company strongly advises users to download the update immediately to protect their systems from potential threats.

The majority of the vulnerabilities (67) affect various versions of Windows, including Windows 10, Windows 11, and Windows Server. Although Windows 7 and 8.1 are no longer featured in Microsoft’s security reports, users of these versions may still be at risk. Microsoft recommends upgrading to Windows 10 (22H2) or Windows 11 (23H2) for continued security updates, as support for Windows 10 will end in 2025.

The latest security patch also contains updates for Windows 11 24H2. However, the major update to Windows 11, expected this fall, remains under testing by the Windows Insider program and is not yet available to all users.

NIX Solutions

Zero-Day Vulnerabilities Closed

Among the vulnerabilities addressed, several zero-day flaws are already being actively exploited. One, known as CVE-2024-43461, has sparked debate over whether it is being widely used. Microsoft has not provided additional details on these zero-day issues in its latest report. However, cybersecurity expert Dustin Childs wrote on the Zero Day Initiative blog that researchers uncovered a vulnerability allowing the use of fake data. Microsoft, however, did not include this vulnerability in the list of those currently exploited in real-world conditions.

One critical flaw highlighted by Microsoft is CVE-2024-38217, a Security Feature Bypass vulnerability affecting the Mark of the Web (MotW) feature in downloaded files. This vulnerability allows attackers to bypass certain security mechanisms.

CVE-2024-43491, a remote code execution (RCE) vulnerability, is the only RCE flaw among the four zero-day issues. It affects certain older versions of Windows 10 and can be mitigated by installing updates KB5043936 and KB5043083. Fortunately, newer versions of Windows 10 are not impacted.

Another vulnerability, CVE-2024-38014, is an Elevation of Privilege (EoP) flaw within the Windows Installer. It affects all supported versions of Windows, including server editions. Attackers leveraging this vulnerability can gain system permissions without user interaction. Typically, EoP vulnerabilities are combined with RCE vulnerabilities to execute malicious code remotely.

Additional Critical Windows Vulnerabilities

Several other vulnerabilities in the report, while critical, have not yet been exploited. For example, the RCE vulnerability CVE-2024-38119 is related to the Network Address Translation (NAT) feature and requires attackers to be on the same network as their victims. Due to NAT’s inability to route across networks, this vulnerability cannot be exploited beyond the network boundary.

Additionally, seven vulnerabilities associated with Windows Remote Desktop Services are noted, including four RCE vulnerabilities. Vulnerabilities were also identified in Microsoft Management Console (CVE-2024-38259) and Power Automate for Desktop (CVE-2024-43479).

Microsoft Office Vulnerabilities

Microsoft’s latest update also addresses 11 vulnerabilities within Office products, including one zero-day vulnerability and two critical issues. A security feature bypass vulnerability (CVE-2024-38226) was discovered in Microsoft Publisher, which attackers are actively exploiting. To execute the attack, the user must be convinced to open a specially crafted file in Publisher, enabling Office macros to bypass rules and run malicious code.

Additionally, two RCE vulnerabilities in SharePoint Server (CVE-2024-38018 and CVE-2024-43464) are considered critical, while a further RCE vulnerability (CVE-2024-38227) in SharePoint Server and one in Visio (CVE-2024-43463) are classified as high risk.

SQL Server and Browser Updates

The update also resolves 13 security issues in SQL Server, including six RCE vulnerabilities with a CVSS score of 8.8. Three Elevation of Privilege vulnerabilities and four data leaks were also addressed.

For browser updates, the latest Microsoft Edge version, 128.0.2739.63, was released on September 3, based on Chromium 128.0.6613.120. Although it hasn’t yet appeared in the security update report, the subsequent update, 128.0.2739.67 (from September 5), addresses only minor bugs, notes NIX Solutions. Meanwhile, Google rolled out a Chrome update on September 10, which patches several high-risk vulnerabilities.

With a wide range of vulnerabilities addressed in this update, it’s crucial for users to apply the patch promptly. We’ll keep you updated on any further developments regarding these security vulnerabilities. Keeping your systems updated helps minimize the risk of exploitation, especially as some of these flaws are already being actively targeted by cybercriminals.