Table of Contents
  • Home
  • /
  • Blog
  • /
  • Breaking Down the Latest September 2024 Patch Tuesday Report
September 12, 2024
|
17m

Breaking Down the Latest September 2024 Patch Tuesday Report


September 2024 Patch Tuesday Overview

Microsoft has released its September 2024 Patch Tuesday security updates, addressing 79 vulnerabilities across Windows, Office, Exchange Server, Azure, Dynamics, and other products. This month's update includes fixes for four zero-day vulnerabilities, with three of them being actively exploited in the wild.

Out of the 79 vulnerabilities patched this month, 7 are rated as Critical, 71 as Important, and 1 as Moderate in severity. The most common types of vulnerabilities addressed are elevation of privilege (30 bugs), remote code execution (23 bugs), and information disclosure (11 bugs).

Key highlights of this Patch Tuesday include:

  • Four zero-day vulnerabilities, three of which were actively exploited:

* CVE-2024-38014: Windows Installer Elevation of Privilege Vulnerability

* CVE-2024-38217: Windows Mark of the Web Security Feature Bypass Vulnerability

* CVE-2024-38226: Microsoft Publisher Security Feature Bypass Vulnerability

* CVE-2024-43491: Microsoft Windows Update Remote Code Execution Vulnerability

  • Seven critical vulnerabilities, including remote code execution flaws in Microsoft SharePoint Server, Windows Network Address Translation (NAT), and Azure Stack Hub.

  • Important patches for Microsoft SQL Server, Azure Web Apps, Windows PowerShell, and various other Windows components.

Notably, Microsoft has not addressed any vulnerabilities in Microsoft Edge (Chromium-based) in this month's edition.

This Patch Tuesday continues Microsoft's efforts to secure its wide range of products against evolving cybersecurity threats. As always, administrators and users are advised to apply these security updates as soon as possible to protect their systems from potential exploits.

Key Highlights - Patch Tuesday September 2024

In September's Patch Tuesday, Microsoft addressed 79 flaws, including four zero-day vulnerabilities, with three of them being actively exploited in the wild. This update included patches across categories like elevation of privilege, remote code execution, information disclosure, spoofing, denial of service, and security feature bypass.

Key highlights are:

  1. Total Flaws and Zero-Day Vulnerabilities: This update resolves 79 total bugs, with four zero-day vulnerabilities, three of which were actively exploited.

  2. Critical Flaws: Among the patches, seven critical flaws were fixed, including remote code execution vulnerabilities in Microsoft SharePoint Server, Windows Network Address Translation (NAT), and Azure Stack Hub.

  3. Vulnerability Types: The most common types of vulnerabilities addressed are elevation of privilege (30 bugs), remote code execution (23 bugs), and information disclosure (11 bugs). Other types include denial of service (8), security feature bypass (4), and spoofing (3).

  4. Actively Exploited Zero-Days: The actively exploited zero-day vulnerabilities patched include:

  • CVE-2024-38014: Windows Installer Elevation of Privilege Vulnerability

  • VE-2024-38217: Windows Mark of the Web Security Feature Bypass Vulnerability

  • CVE-2024-38226: Microsoft Publisher Security Feature Bypass Vulnerability

5. Critical-Rated Bugs: Notable critical vulnerabilities include:

  • VE-2024-43491: Microsoft Windows Update Remote Code Execution Vulnerability (CVSS 9.8)

  • CVE-2024-38220: Azure Stack Hub Elevation of Privilege Vulnerability (CVSS 9.0)

  • CVE-2024-38018: Microsoft SharePoint Server Remote Code Execution Vulnerability (CVSS 8.8)

6. Key Affected Products: Windows, Office, Exchange Server, Azure, Dynamics 365, SQL Server, and SharePoint Server received significant updates this month.

7. No Microsoft Edge Updates: Microsoft has not addressed vulnerabilities in Microsoft Edge (Chromium-based) in this month's edition.

This September's Patch Tuesday highlights Microsoft's ongoing commitment to securing its wide range of products against ever-evolving cybersecurity threats. Administrators should prioritize testing and deploying these patches, focusing on the actively exploited zero-days and critical remote code execution flaws.Zero-day Vulnerabilities Patched in September 2024

Microsoft addressed four zero-day vulnerabilities in the September 2024 Patch Tuesday release. Three of these vulnerabilities were being actively exploited in the wild prior to the patches being made available. Let's examine each of these critical vulnerabilities:

CVE ID
Title
Type
CVSS Score
Severity
Exploited
Publicly Disclosed
CVE-2024-38014
Windows Installer Elevation of Privilege Vulnerability
Elevation of Privilege
7.8
Important
Yes
No
CVE-2024-38217
Windows Mark of the Web Security Feature Bypass Vulnerability
Security Feature Bypass
5.4
Important
Yes
Yes
CVE-2024-38226
Microsoft Publisher Security Feature Bypass Vulnerability
Security Feature Bypass
7.3
Important
Yes
No
CVE-2024-43491
Microsoft Windows Update Remote Code Execution Vulnerability
Remote Code Execution
9.8
Critical
Yes*
No

CVE-2024-38014 - Windows Installer Elevation of Privilege Vulnerability

  • Vulnerability type: Elevation of Privilege

  • Affected product: Windows Installer

  • CVSS v3 base score: 7.8

  • Severity rating: Important

This vulnerability allows an attacker to gain SYSTEM privileges on Windows systems. Microsoft has not shared any details on how it was exploited in attacks. The attack vector is local, but both attack complexity and privilege requirements are low, and no user interaction is required. This makes it potentially attractive to malware authors for post-exploitation activities.

CVE-2024-38217 - Windows Mark of the Web Security Feature Bypass Vulnerability

  • Vulnerability type: Security Feature Bypass

  • Affected product: Windows Mark of the Web

  • CVSS v3 base score: 5.4

  • Severity rating: Important

This vulnerability was publicly disclosed last month by Joe Desimone of Elastic Security and is believed to have been actively exploited since 2018. The flaw allows attackers to bypass Windows Mark of the Web (MOTW) defenses, potentially disabling SmartScreen and Windows Attachment Services security features.

To exploit this vulnerability, an attacker must convince a user to open a specially crafted file downloaded from the internet. Successful exploitation could lead to the execution of malicious content without security warnings.

CVE-2024-38226 - Microsoft Publisher Security Feature Bypass Vulnerability

  • Vulnerability type: Security Feature Bypass

  • Affected product: Microsoft Publisher

  • CVSS v3 base score: 7.3

  • Severity rating: Important

This vulnerability allows attackers to bypass Office macro policies used to block untrusted or malicious files. To exploit this flaw, an attacker must be authenticated on the system and convince a user to download and open a specially crafted file from a website. The Preview Pane is not an attack vector for this vulnerability.

CVE-2024-43491 - Microsoft Windows Update Remote Code Execution Vulnerability

  • Vulnerability type: Remote Code Execution

  • Affected product: Windows Update

  • CVSS v3 base score: 9.8

  • Severity rating: Critical

This vulnerability is unique as it reintroduces previously patched vulnerabilities due to a flaw in the Windows Servicing Stack. It affects Windows 10, version 1507 (Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB) systems that have installed updates from March 2024 through August 2024.

The vulnerability caused certain Optional Components to roll back to their original RTM versions, potentially reintroducing previously mitigated vulnerabilities. While Microsoft has not observed direct exploitation of this specific vulnerability, it is marked as exploited due to the potential exploitation of the reintroduced vulnerabilities.

Microsoft notes that later versions of Windows 10 are not impacted by this vulnerability. Users of affected systems should apply both the September 2024 Servicing Stack Update (SSU KB5043936) and the September 2024 Windows security update (KB5043083), in that order, to address this issue.

Critical Vulnerabilities Patched in September 2024

Microsoft addressed seven vulnerabilities with critical severity scores in the September 2024 Patch Tuesday release. Let's examine these critical vulnerabilities:

CVE ID
Title
Type
CVSS Score
Affected Product
CVE-2024-43491
Microsoft Windows Update Remote Code Execution Vulnerability
Remote Code Execution
9.8
Windows Update
CVE-2024-38220
Azure Stack Hub Elevation of Privilege Vulnerability
Elevation of Privilege
9.0
Azure Stack Hub
CVE-2024-38018
Microsoft SharePoint Server Remote Code Execution Vulnerability
Remote Code Execution
8.8
Microsoft SharePoint Server
CVE-2024-38194
Azure Web Apps Elevation of Privilege Vulnerability
Elevation of Privilege
8.4
Azure Web Apps
CVE-2024-38216
Azure Stack Hub Elevation of Privilege Vulnerability
Elevation of Privilege
8.2
Azure Stack Hub
CVE-2024-38119
Windows Network Address Translation (NAT) Remote Code Execution Vulnerability
Remote Code Execution
7.5
Windows Network Address Translation (NAT)
CVE-2024-43464
Microsoft SharePoint Server Remote Code Execution Vulnerability
Remote Code Execution
7.2
Microsoft SharePoint Server

CVE-2024-43491 - Microsoft Windows Update Remote Code Execution Vulnerability

  • Vulnerability type: Remote Code Execution

  • Affected product: Windows Update

  • CVSS v3 base score: 9.8

  • Severity rating: Critical

This vulnerability is particularly concerning due to its high CVSS score and its unique nature. It stems from a flaw in the Windows Servicing Stack that has rolled back fixes for previously patched vulnerabilities in Optional Components on Windows 10, version 1507. While Microsoft hasn't observed direct exploitation of this vulnerability, it's marked as exploited due to the potential for attackers to leverage the reintroduced vulnerabilities.

CVE-2024-38220 - Azure Stack Hub Elevation of Privilege Vulnerability

  • Vulnerability type: Elevation of Privilege

  • Affected product: Azure Stack Hub

  • CVSS v3 base score: 9.0

  • Severity rating: Critical

This vulnerability could allow an attacker to gain unauthorized access to other Azure cloud tenants' applications and content. Successful exploitation could grant the attacker access to system resources with the same privileges as the compromised process.

CVE-2024-38018 - Microsoft SharePoint Server Remote Code Execution Vulnerability

  • Vulnerability type: Remote Code Execution

  • Affected product: Microsoft SharePoint Server

  • CVSS v3 base score: 8.8

  • Severity rating: Critical

An authenticated attacker with at least Site Member level permissions could remotely execute code on the SharePoint Server through a network-based attack. Microsoft rates the exploitation of this vulnerability as more likely.

CVE-2024-38194 - Azure Web Apps Elevation of Privilege Vulnerability

  • Vulnerability type: Elevation of Privilege

  • Affected product: Azure Web Apps

  • CVSS v3 base score: 8.4

  • Severity rating: Critical

This vulnerability allows an authenticated attacker to exploit an improper authorization vulnerability in Azure Web Apps to elevate privileges over a network. Microsoft has already fully addressed this vulnerability within the Azure infrastructure.

CVE-2024-38216 - Azure Stack Hub Elevation of Privilege Vulnerability

  • Vulnerability type: Elevation of Privilege

  • Affected product: Azure Stack Hub

  • CVSS v3 base score: 8.2

  • Severity rating: Critical

Similar to CVE-2024-38220, this vulnerability in Azure Stack Hub could allow an attacker to gain unauthorized access to system resources, potentially executing actions with privileges matching the compromised process.

CVE-2024-38119 - Windows Network Address Translation (NAT) Remote Code Execution Vulnerability

  • Vulnerability type: Remote Code Execution

  • Affected product: Windows Network Address Translation (NAT)

  • CVSS v3 base score: 7.5

  • Severity rating: Critical

This vulnerability exists in the Windows NAT implementation. Exploitation requires the attacker to be on the same network as the target and to win a race condition. Despite its critical rating, Microsoft lists exploitation as less likely.

CVE-2024-43464 - Microsoft SharePoint Server Remote Code Execution Vulnerability

  • Affected product: Microsoft SharePoint Server

  • CVSS v3 base score: 7.2

  • Severity rating: Critical

This vulnerability allows an authenticated attacker with Site Owner permissions to upload a specially crafted file and send crafted API requests to trigger deserialization, potentially leading to remote code execution in the context of SharePoint Server.

These critical vulnerabilities underscore the importance of promptly applying September's security updates, especially for organizations using Azure services, SharePoint, or running Windows servers with NAT enabled.

Vulnerabilities by Category

In total, 79 vulnerabilities were addressed in September's Patch Tuesday. Elevation of privilege vulnerabilities lead the count this month, followed closely by remote code execution flaws. Here's a breakdown of the vulnerability categories patched this month:

  • Elevation of Privilege: 30

  • Remote Code Execution: 23

  • Information Disclosure: 11

  • Denial of Service: 8

  • Security Feature Bypass: 4

  • Spoofing: 3

Elevation of privilege vulnerabilities continue to be a significant concern, representing 38% of this month's patches. These flaws can allow attackers to gain higher levels of access on compromised systems, potentially leading to further exploitation.

Remote code execution vulnerabilities account for 29.1% of the September updates. These critical bugs enable arbitrary code execution and pose substantial risks if successfully exploited.

Information disclosure flaws make up 13.9% of the patched vulnerabilities. While often considered less severe, these can still provide valuable intelligence to attackers for planning more targeted exploits.

The remaining categories - denial of service (10.1%), security feature bypass (5.1%), and spoofing (3.8%) - round out the vulnerabilities addressed this month. Though fewer in number, these flaws can still pose significant risks in certain scenarios.

Here is a table with the vulnerability categories and associated CVE IDs from Microsoft's September 2024 Patch Tuesday:

Vulnerability Category
CVE IDs
Elevation of Privilege
CVE-2024-38014, CVE-2024-38188, CVE-2024-43470, CVE-2024-38216, CVE-2024-38220, CVE-2024-38194, CVE-2024-38225, CVE-2024-43492, CVE-2024-38247, CVE-2024-38250, CVE-2024-38249, CVE-2024-43465, CVE-2024-37980, CVE-2024-37965, CVE-2024-37341, CVE-2024-38240, CVE-2024-38252, CVE-2024-38253, CVE-2024-43457, CVE-2024-38046, CVE-2024-38237, CVE-2024-38241, CVE-2024-38242, CVE-2024-38238, CVE-2024-38243, CVE-2024-38244, CVE-2024-38245, CVE-2024-38248, CVE-2024-38246, CVE-2024-38239
Remote Code Execution
CVE-2024-43491, CVE-2024-43469, CVE-2024-38259, CVE-2024-38018, CVE-2024-43464, CVE-2024-38227, CVE-2024-38228, CVE-2024-43463, CVE-2024-26186, CVE-2024-26191, CVE-2024-37335, CVE-2024-37338, CVE-2024-37339, CVE-2024-37340, CVE-2024-43479, CVE-2024-38119, CVE-2024-21416, CVE-2024-38045, CVE-2024-43467, CVE-2024-38263, CVE-2024-38260, CVE-2024-43454, CVE-2024-43495
Information Disclosure
CVE-2024-43475, CVE-2024-38257, CVE-2024-38258, CVE-2024-43482, CVE-2024-37337, CVE-2024-37342, CVE-2024-37966, CVE-2024-43474, CVE-2024-43458, CVE-2024-38256, CVE-2024-38254
Denial of Service
CVE-2024-38235, CVE-2024-38236, CVE-2024-43466, CVE-2024-38232, CVE-2024-38233, CVE-2024-38234, CVE-2024-38230, CVE-2024-38231
Security Feature Bypass
CVE-2024-38226, CVE-2024-38217, CVE-2024-43487, CVE-2024-30073
Spoofing
CVE-2024-43455, CVE-2024-43461, CVE-2024-43476

List of Products Patched in September 2024 Patch Tuesday Report

Microsoft's September 2024 Patch Tuesday includes updates for a broad range of its products, applications, and services. Here are the key products and components that received patches:

Product Name
No. of Vulnerabilities Patched
Windows
46
SQL Server
13
Azure
6
Microsoft Office SharePoint
5
Microsoft Dynamics
4
Windows Remote Desktop Licensing Service
4
Windows Network Virtualization
4
Microsoft Streaming Service
4
Windows Mark of the Web (MOTW)
2
Windows TCP/IP
2
Windows Win32K - ICOMP
2
Microsoft Office Excel
1
Microsoft Office Visio
1
Microsoft Office Publisher
1
Microsoft Outlook for iOS
1
Windows Hyper-V
1
Windows DHCP Server
1
Windows Installer
1
Windows Kerberos
1
Windows Libarchive
1
Windows PowerShell
1
Windows Remote Access Connection Manager
1
Windows Security Zone Mapping
1
Windows Setup and Deployment
1
Windows Standards-Based Storage Management Service
1
Windows Storage
1
Windows Update
1
Windows Win32K - GRFX
1
Power Automate
1
Windows Admin Center
1
Windows AllJoyn API
1
Windows Authentication Methods
1
Microsoft AutoUpdate (MAU)
1

Complete List of Vulnerabilities Patched in September 2024 Patch Tuesday

Download the complete list of vulnerabilities by products patched in September 2024 Patch Tuesday here. 

Azure vulnerabilities

CVE
Title
Exploited?
Publicly disclosed?
CVSSv3 base score
Azure Stack Hub Elevation of Privilege Vulnerability
No
No
9
Azure CycleCloud Remote Code Execution Vulnerability
No
No
8.8
Azure Web Apps Elevation of Privilege Vulnerability
No
No
8.4
Azure Stack Hub Elevation of Privilege Vulnerability
No
No
8.2
Azure Network Watcher VM Agent Elevation of Privilege Vulnerability
No
No
7.3
Azure Network Watcher VM Agent Elevation of Privilege Vulnerability
No
No
7.1

ESU vulnerabilities

CVE
Title
Exploited?
Publicly disclosed?
CVSSv3 base score
Microsoft Windows Admin Center Information Disclosure Vulnerability
No
No
7.3

ESU Windows vulnerabilities

CVE
Title
Exploited?
Publicly disclosed?
CVSSv3 base score
Windows Remote Desktop Licensing Service Spoofing Vulnerability
No
No
8.8
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
No
No
8.8
Windows MSHTML Platform Spoofing Vulnerability
No
No
8.8
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
No
No
8.1
Windows Security Zone Mapping Security Feature Bypass Vulnerability
No
No
7.8
Windows Installer Elevation of Privilege Vulnerability
Yes
No
7.8
Windows Graphics Component Elevation of Privilege Vulnerability
No
No
7.8
Windows Graphics Component Elevation of Privilege Vulnerability
No
No
7.8
Kernel Streaming Service Driver Elevation of Privilege Vulnerability
No
No
7.8
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
No
No
7.5
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
No
No
7.5
DHCP Server Service Denial of Service Vulnerability
No
No
7.5
Windows Kerberos Elevation of Privilege Vulnerability
No
No
7.2
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
No
No
7.1
Windows Standards-Based Storage Management Service Denial of Service Vulnerability
No
No
6.5
Windows Remote Desktop Licensing Service Information Disclosure Vulnerability
No
No
6.5
Windows Remote Desktop Licensing Service Denial of Service Vulnerability
No
No
6.5
Windows Networking Denial of Service Vulnerability
No
No
6.5
Windows Mark of the Web Security Feature Bypass Vulnerability
No
No
6.5
Windows Kernel-Mode Driver Information Disclosure Vulnerability
No
No
5.5
Windows Mark of the Web Security Feature Bypass Vulnerability
Yes
Yes
5.4

ESU Windows Microsoft Office vulnerabilities

CVE
Title
Exploited?
Publicly disclosed?
CVSSv3 base score
Windows Graphics Component Elevation of Privilege Vulnerability
No
No
7.8

Microsoft Dynamics vulnerabilities

CVE
Title
Exploited?
Publicly disclosed?
CVSSv3 base score
Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability
No
No
8.8
Microsoft Power Automate Desktop Remote Code Execution Vulnerability
No
No
8.5
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
No
No
7.6

Microsoft Office vulnerabilities

CVE
Title
Exploited?
Publicly disclosed?
CVSSv3 base score
Microsoft SharePoint Server Remote Code Execution Vulnerability
No
No
8.8
Microsoft Office Visio Remote Code Execution Vulnerability
No
No
7.8
Microsoft Excel Elevation of Privilege Vulnerability
No
No
7.8
Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability
No
No
7.8
Microsoft Publisher Security Feature Bypass Vulnerability
Yes
No
7.3
Microsoft SharePoint Server Remote Code Execution Vulnerability
No
No
7.2
Microsoft SharePoint Server Remote Code Execution Vulnerability
No
No
7.2
Microsoft SharePoint Server Remote Code Execution Vulnerability
No
No
7.2
Microsoft SharePoint Server Denial of Service Vulnerability
No
No
6.5
Microsoft Outlook for iOS Information Disclosure Vulnerability
No
No
6.5

SQL Server vulnerabilities

CVE
Title
Exploited?
Publicly disclosed?
CVSSv3 base score
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
No
No
8.8
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
No
No
8.8
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
No
No
8.8
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
No
No
8.8
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
No
No
8.8
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
No
No
8.8
Microsoft SQL Server Elevation of Privilege Vulnerability
No
No
8.8
Microsoft SQL Server Elevation of Privilege Vulnerability
No
No
8.8
Microsoft SQL Server Elevation of Privilege Vulnerability
No
No
8.8
Microsoft SQL Server Information Disclosure Vulnerability
No
No
7.6
Microsoft SQL Server Native Scoring Information Disclosure Vulnerability
No
No
7.1
Microsoft SQL Server Native Scoring Information Disclosure Vulnerability
No
No
7.1
Microsoft SQL Server Native Scoring Information Disclosure Vulnerability
No
No
7.1

Windows vulnerabilities

CVE
Title
Exploited?
Publicly disclosed?
CVSSv3 base score
Microsoft Windows Update Remote Code Execution Vulnerability
Yes
No
9.8
Microsoft Management Console Remote Code Execution Vulnerability
No
No
8.8
Windows TCP/IP Remote Code Execution Vulnerability
No
No
8.1
Windows TCP/IP Remote Code Execution Vulnerability
No
No
8.1
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
No
No
7.8
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
No
No
7.8
Windows Setup and Deployment Elevation of Privilege Vulnerability
No
No
7.8
PowerShell Elevation of Privilege Vulnerability
No
No
7.8
Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
No
No
7.8
Kernel Streaming Service Driver Elevation of Privilege Vulnerability
No
No
7.8
Kernel Streaming Service Driver Elevation of Privilege Vulnerability
No
No
7.8
Kernel Streaming Service Driver Elevation of Privilege Vulnerability
No
No
7.8
Kernel Streaming Service Driver Elevation of Privilege Vulnerability
No
No
7.8
Kernel Streaming Service Driver Elevation of Privilege Vulnerability
No
No
7.8
Windows Networking Information Disclosure Vulnerability
No
No
7.7
Windows Networking Denial of Service Vulnerability
No
No
7.5
Windows Networking Denial of Service Vulnerability
No
No
7.5
Windows Network Address Translation (NAT) Remote Code Execution Vulnerability
No
No
7.5
Microsoft AllJoyn API Information Disclosure Vulnerability
No
No
7.5
Windows libarchive Remote Code Execution Vulnerability
No
No
7.3
Windows Storage Elevation of Privilege Vulnerability
No
No
7
Win32k Elevation of Privilege Vulnerability
No
No
7
Windows Hyper-V Denial of Service Vulnerability
No
No
6.5
Windows Authentication Information Disclosure Vulnerability
No
No
5.5

Bottom Line

Microsoft's September 2024 Patch Tuesday release addressed 79 total vulnerabilities, headlined by fixes for four zero-day flaws, three of which were actively exploited in the wild:

In total, 7 critical and 71 important severity vulnerabilities were addressed this month. The most common vulnerability types were elevation of privilege (30 bugs), remote code execution (23 bugs), and information disclosure (11 bugs).

Here's a summary table of the vulnerabilities by severity:

Severity
Count
Critical
7
Important
71
Moderate
1

The extensive patch load emphasizes the importance of continuous monitoring, vulnerability management, and timely updating to counter sophisticated multi-stage attacks targeting enterprise networks. Prioritizing remediation efforts by potential business impact is crucial.

We aim to keep readers informed each month in our Patch Tuesday reports. Please follow our website thesecmaster.com or subscribe to our social media pages on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium & Instagram to receive similar updates.

You may also like these articles:

Arun KL

Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.

Recently added

Report

View All

Learn More About Cyber Security Security & Technology

“Knowledge Arsenal: Empowering Your Security Journey through Continuous Learning”

Cybersecurity All-in-One For Dummies - 1st Edition

"Cybersecurity All-in-One For Dummies" offers a comprehensive guide to securing personal and business digital assets from cyber threats, with actionable insights from industry experts.

Tools

Featured

View All

Learn Something New with Free Email subscription

Subscribe

Subscribe