Microsoft on Tuesday opened that three new security vulnerabilities affecting the Windows platform were actively exploited as part of the September 2024 Patch Tuesday update.
The monthly security release addresses a total of 79 vulnerabilities, of which seven are rated critical, 71 are important, and one is rated moderate. It is aside from 26 disadvantages which the tech giant decided on its Chromium-based Edge browser after releasing a patch on Tuesday last month.
The three vulnerabilities that have been exploited in a malicious context are listed below, along with the bug that Microsoft considers an exploit –
- CVE-2024-38014 (CVSS Score: 7.8) – An elevation of privilege vulnerability in Windows Installer
- CVE-2024-38217 (CVSS Score: 5.4) – Windows Mark-of-the-Web (MotW) security feature bypass vulnerability
- CVE-2024-38226 (CVSS Score: 7.3) – Microsoft Publisher Security Bypass Vulnerability
- CVE-2024-43491 (CVSS Score: 9.8) – Microsoft Windows Update remote code execution vulnerability
“The use of both CVE-2024-38226 and CVE-2024-38217 could lead to the bypassing of critical security features that block Microsoft Office macros from running,” Satnam Narang, senior research engineer at Tenable, said in a statement.
“In both cases, the target must be convinced to open a specially crafted file from a server controlled by the attacker. Their difference is that an attacker must be authenticated to the system and have local access to it in order to exploit CVE-2024. -38226″.
As Elastic Security Labs revealed last month, CVE-2024-38217 – also called LNK Tupat – they say that they were abused in the wild back in February 2018.
CVE-2024-43491, on the other hand, is notable for being similar to a downgrade attack by cybersecurity firm SafeBreach. in detail beginning of last month.
“Microsoft is aware of a vulnerability in the maintenance stack that rolled back fixes for some vulnerabilities affecting additional components in Windows 10, version 1507 (originally released in July 2015),” Redmond noted.
“This means that an attacker could exploit these previously fixed vulnerabilities on Windows 10 version 1507 systems (Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB) that have installed the Windows security update that was released on March 12, 2024 — KB5035858 (OS) . Build 10240.20526) or other updates released before August 2024.”
The Windows manufacturer went on to say that this can be resolved by installing the September 2024 Service Stack Update (SSU KB5043936) and the Windows September 2024 Security Update (KB5043083), in that order.
It’s also worth noting that Microsoft’s “Exploit Discovered” rating for CVE-2024-43491 stems from a patch rollback that addressed vulnerabilities affecting some add-ons for Windows 10 (version 1507) that were previously in use.
“No exploitation of CVE-2024-43491 itself has been detected,” the company said. “Furthermore, the Windows product team at Microsoft identified this issue, and we have seen no evidence that it has become public knowledge.”
Third-party software patches
In addition to Microsoft, security updates have also been released by other vendors over the past few weeks to address some vulnerabilities, including –
- Adobe
- hand
- Bosch
- Broadcom (including VMware)
- Cisco
- Citrix
- CODESIS
- D-Link
- Dell
- Drupal
- F5
- Fortinet
- Fortra
- GitLab
- Google Android and pixel
- Google Chrome
- Google Cloud
- Google Wear OS
- Hitachi Energy
- HP
- HP Enterprise (including Aruba Networks)
- IBM
- Intel
- Ivanta
- Lenovo
- Linux distributions Amazon Linux, Debian, Oracle Linux, Red hat, Rocky Linux, SUSEand Ubuntu
- MediaTek
- Mitsubishi Electric
- MongoDB
- Mozilla Firefox, Firefox ESR, Focus and Thunderbird
- NVIDIA
- ownCloud
- Palo Alto Networks
- Software progress
- QNAP
- Qualcomm
- Rockwell Automation
- Samsung
- SAP
- Schneider Electric Company
- Siemens
- SolarWinds
- SonicWall
- Spring Framework
- Sinology
- Veeam
- Zimbra
- Zoho ManageEngine ServiceDesk Plus, SupportCenter Plusand ServiceDesk Plus MSP
- scalingand
- Zyxel
