Breaking Down the Latest September 2024 Patch Tuesday Report

Microsoft has released its September 2024 Patch Tuesday security updates, addressing 79 vulnerabilities across Windows, Office, Exchange Server, Azure, Dynamics, and other products. This month's update includes fixes for four zero-day vulnerabilities, with three of them being actively exploited in the wild.

Out of the 79 vulnerabilities patched this month, 7 are rated as Critical, 71 as Important, and 1 as Moderate in severity. The most common types of vulnerabilities addressed are elevation of privilege (30 bugs), remote code execution (23 bugs), and information disclosure (11 bugs).

Key highlights of this Patch Tuesday include:

* CVE-2024-38014: Windows Installer Elevation of Privilege Vulnerability

* CVE-2024-38217: Windows Mark of the Web Security Feature Bypass Vulnerability

* CVE-2024-38226: Microsoft Publisher Security Feature Bypass Vulnerability

* CVE-2024-43491: Microsoft Windows Update Remote Code Execution Vulnerability

Notably, Microsoft has not addressed any vulnerabilities in Microsoft Edge (Chromium-based) in this month's edition.

This Patch Tuesday continues Microsoft's efforts to secure its wide range of products against evolving cybersecurity threats. As always, administrators and users are advised to apply these security updates as soon as possible to protect their systems from potential exploits.

Key Highlights - Patch Tuesday September 2024

In September's Patch Tuesday, Microsoft addressed 79 flaws, including four zero-day vulnerabilities, with three of them being actively exploited in the wild. This update included patches across categories like elevation of privilege, remote code execution, information disclosure, spoofing, denial of service, and security feature bypass.

Key highlights are:

5. Critical-Rated Bugs: Notable critical vulnerabilities include:

6. Key Affected Products: Windows, Office, Exchange Server, Azure, Dynamics 365, SQL Server, and SharePoint Server received significant updates this month.

7. No Microsoft Edge Updates: Microsoft has not addressed vulnerabilities in Microsoft Edge (Chromium-based) in this month's edition.

This September's Patch Tuesday highlights Microsoft's ongoing commitment to securing its wide range of products against ever-evolving cybersecurity threats. Administrators should prioritize testing and deploying these patches, focusing on the actively exploited zero-days and critical remote code execution flaws.Zero-day Vulnerabilities Patched in September 2024

Microsoft addressed four zero-day vulnerabilities in the September 2024 Patch Tuesday release. Three of these vulnerabilities were being actively exploited in the wild prior to the patches being made available. Let's examine each of these critical vulnerabilities:

CVE-2024-38014 - Windows Installer Elevation of Privilege Vulnerability

This vulnerability allows an attacker to gain SYSTEM privileges on Windows systems. Microsoft has not shared any details on how it was exploited in attacks. The attack vector is local, but both attack complexity and privilege requirements are low, and no user interaction is required. This makes it potentially attractive to malware authors for post-exploitation activities.

CVE-2024-38217 - Windows Mark of the Web Security Feature Bypass Vulnerability

This vulnerability was publicly disclosed last month by Joe Desimone of Elastic Security and is believed to have been actively exploited since 2018. The flaw allows attackers to bypass Windows Mark of the Web (MOTW) defenses, potentially disabling SmartScreen and Windows Attachment Services security features.

To exploit this vulnerability, an attacker must convince a user to open a specially crafted file downloaded from the internet. Successful exploitation could lead to the execution of malicious content without security warnings.

CVE-2024-38226 - Microsoft Publisher Security Feature Bypass Vulnerability

This vulnerability allows attackers to bypass Office macro policies used to block untrusted or malicious files. To exploit this flaw, an attacker must be authenticated on the system and convince a user to download and open a specially crafted file from a website. The Preview Pane is not an attack vector for this vulnerability.

CVE-2024-43491 - Microsoft Windows Update Remote Code Execution Vulnerability

This vulnerability is unique as it reintroduces previously patched vulnerabilities due to a flaw in the Windows Servicing Stack. It affects Windows 10, version 1507 (Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB) systems that have installed updates from March 2024 through August 2024.

The vulnerability caused certain Optional Components to roll back to their original RTM versions, potentially reintroducing previously mitigated vulnerabilities. While Microsoft has not observed direct exploitation of this specific vulnerability, it is marked as exploited due to the potential exploitation of the reintroduced vulnerabilities.

Microsoft notes that later versions of Windows 10 are not impacted by this vulnerability. Users of affected systems should apply both the September 2024 Servicing Stack Update (SSU KB5043936) and the September 2024 Windows security update (KB5043083), in that order, to address this issue.

Critical Vulnerabilities Patched in September 2024

Microsoft addressed seven vulnerabilities with critical severity scores in the September 2024 Patch Tuesday release. Let's examine these critical vulnerabilities:

CVE-2024-43491 - Microsoft Windows Update Remote Code Execution Vulnerability

This vulnerability is particularly concerning due to its high CVSS score and its unique nature. It stems from a flaw in the Windows Servicing Stack that has rolled back fixes for previously patched vulnerabilities in Optional Components on Windows 10, version 1507. While Microsoft hasn't observed direct exploitation of this vulnerability, it's marked as exploited due to the potential for attackers to leverage the reintroduced vulnerabilities.

CVE-2024-38220 - Azure Stack Hub Elevation of Privilege Vulnerability

This vulnerability could allow an attacker to gain unauthorized access to other Azure cloud tenants' applications and content. Successful exploitation could grant the attacker access to system resources with the same privileges as the compromised process.

CVE-2024-38018 - Microsoft SharePoint Server Remote Code Execution Vulnerability

An authenticated attacker with at least Site Member level permissions could remotely execute code on the SharePoint Server through a network-based attack. Microsoft rates the exploitation of this vulnerability as more likely.

CVE-2024-38194 - Azure Web Apps Elevation of Privilege Vulnerability

This vulnerability allows an authenticated attacker to exploit an improper authorization vulnerability in Azure Web Apps to elevate privileges over a network. Microsoft has already fully addressed this vulnerability within the Azure infrastructure.

CVE-2024-38216 - Azure Stack Hub Elevation of Privilege Vulnerability

Similar to CVE-2024-38220, this vulnerability in Azure Stack Hub could allow an attacker to gain unauthorized access to system resources, potentially executing actions with privileges matching the compromised process.

CVE-2024-38119 - Windows Network Address Translation (NAT) Remote Code Execution Vulnerability

This vulnerability exists in the Windows NAT implementation. Exploitation requires the attacker to be on the same network as the target and to win a race condition. Despite its critical rating, Microsoft lists exploitation as less likely.

CVE-2024-43464 - Microsoft SharePoint Server Remote Code Execution Vulnerability

This vulnerability allows an authenticated attacker with Site Owner permissions to upload a specially crafted file and send crafted API requests to trigger deserialization, potentially leading to remote code execution in the context of SharePoint Server.

These critical vulnerabilities underscore the importance of promptly applying September's security updates, especially for organizations using Azure services, SharePoint, or running Windows servers with NAT enabled.

Vulnerabilities by Category

In total, 79 vulnerabilities were addressed in September's Patch Tuesday. Elevation of privilege vulnerabilities lead the count this month, followed closely by remote code execution flaws. Here's a breakdown of the vulnerability categories patched this month:

Elevation of privilege vulnerabilities continue to be a significant concern, representing 38% of this month's patches. These flaws can allow attackers to gain higher levels of access on compromised systems, potentially leading to further exploitation.

Remote code execution vulnerabilities account for 29.1% of the September updates. These critical bugs enable arbitrary code execution and pose substantial risks if successfully exploited.

Information disclosure flaws make up 13.9% of the patched vulnerabilities. While often considered less severe, these can still provide valuable intelligence to attackers for planning more targeted exploits.

The remaining categories - denial of service (10.1%), security feature bypass (5.1%), and spoofing (3.8%) - round out the vulnerabilities addressed this month. Though fewer in number, these flaws can still pose significant risks in certain scenarios.

Here is a table with the vulnerability categories and associated CVE IDs from Microsoft's September 2024 Patch Tuesday:

List of Products Patched in September 2024 Patch Tuesday Report

Microsoft's September 2024 Patch Tuesday includes updates for a broad range of its products, applications, and services. Here are the key products and components that received patches:

Complete List of Vulnerabilities Patched in September 2024 Patch Tuesday

Download the complete list of vulnerabilities by products patched in September 2024 Patch Tuesday here. 

Azure vulnerabilities

ESU vulnerabilities

ESU Windows vulnerabilities

ESU Windows Microsoft Office vulnerabilities

Microsoft Dynamics vulnerabilities

Microsoft Office vulnerabilities

SQL Server vulnerabilities

Windows vulnerabilities

Bottom Line

Microsoft's September 2024 Patch Tuesday release addressed 79 total vulnerabilities, headlined by fixes for four zero-day flaws, three of which were actively exploited in the wild:

In total, 7 critical and 71 important severity vulnerabilities were addressed this month. The most common vulnerability types were elevation of privilege (30 bugs), remote code execution (23 bugs), and information disclosure (11 bugs).

Here's a summary table of the vulnerabilities by severity:

The extensive patch load emphasizes the importance of continuous monitoring, vulnerability management, and timely updating to counter sophisticated multi-stage attacks targeting enterprise networks. Prioritizing remediation efforts by potential business impact is crucial.

We aim to keep readers informed each month in our Patch Tuesday reports. Please follow our website thesecmaster.com or subscribe to our social media pages on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium & Instagram to receive similar updates.

You may also like these articles: