September 2024 – Microsoft Patch Tuesday Highlights
Background
Microsoft’s September 2024 Patch Tuesday rollout includes security patches for 79 vulnerabilities. Among these are four zero-days that are being actively exploited (CVE-2024-38014, CVE-2024-38217, CVE-2024-38226, CVE-2024-43491). The remaining 72 vulnerabilities are classified as Important or Moderate in severity, while the remaining seven are classified as Critical.
Updates for vulnerabilities in Microsoft Office and Components, Windows Hyper-V, Windows DHCP Server, Microsoft Streaming Service, Microsoft Management Console, Windows MSHTML Platform, Microsoft Dynamics 365 (on-premises), and other areas are included in the September edition of Microsoft Patch Tuesday.
Spoofing, Denial of Service (DoS), Elevation of Privilege (EoP), Information Disclosure, Security Feature Bypass, and Remote Code Execution (RCE) are among the vulnerabilities that Microsoft has addressed in several software products.
‘The Microsoft vulnerabilities of September 2024 are categorized as follows:
Vulnerability Category | Quantity | Severities |
Spoofing Vulnerability | 3 | Important: 3 |
Denial of Service Vulnerability | 8 | Important: 8 |
Elevation of Privilege Vulnerability | 30 | Critical: 3 Important: 27 |
Information Disclosure Vulnerability | 11 | Important: 11 |
Remote Code Execution Vulnerability | 23 | Critical: 4 Important: 19 |
Security Feature Bypass Vulnerability | 4 | Important: 4 |
Summary
The full list of vulnerabilities fixed in the September 2024 Patch Tuesday patches is provided below:
Tag | CVE ID | CVE Title | Severity |
Azure CycleCloud | Azure CycleCloud Remote Code Execution Vulnerability | Important | |
Azure Network Watcher | Azure Network Watcher VM Agent Elevation of Privilege Vulnerability | Important | |
Azure Network Watcher | Azure Network Watcher VM Agent Elevation of Privilege Vulnerability | Important | |
Azure Stack | Azure Stack Hub Elevation of Privilege Vulnerability | Critical | |
Azure Stack | Azure Stack Hub Elevation of Privilege Vulnerability | Critical | |
Azure Web Apps | Azure Web Apps Elevation of Privilege Vulnerability | Critical | |
Dynamics Business Central | Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability | Important | |
Microsoft AutoUpdate (MAU) | Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability | Important | |
Microsoft Dynamics 365 (on-premises) | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important | |
Microsoft Graphics Component | Windows Graphics Component Elevation of Privilege Vulnerability | Important | |
Microsoft Graphics Component | Windows Graphics Component Elevation of Privilege Vulnerability | Important | |
Microsoft Graphics Component | Windows Graphics Component Elevation of Privilege Vulnerability | Important | |
Microsoft Management Console | Microsoft Management Console Remote Code Execution Vulnerability | Important | |
Microsoft Office Excel | Microsoft Excel Elevation of Privilege Vulnerability | Important | |
Microsoft Office Publisher | Microsoft Publisher Security Feature Bypass Vulnerability | Important | |
Microsoft Office SharePoint | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important | |
Microsoft Office SharePoint | Microsoft SharePoint Server Remote Code Execution Vulnerability | Critical | |
Microsoft Office SharePoint | Microsoft SharePoint Server Remote Code Execution Vulnerability | Critical | |
Microsoft Office SharePoint | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important | |
Microsoft Office SharePoint | Microsoft SharePoint Server Denial of Service Vulnerability | Important | |
Microsoft Office Visio | Microsoft Office Visio Remote Code Execution Vulnerability | Important | |
Microsoft Outlook for iOS | Microsoft Outlook for iOS Information Disclosure Vulnerability | Important | |
Microsoft Streaming Service | Kernel Streaming Service Driver Elevation of Privilege Vulnerability | Important | |
Microsoft Streaming Service | Kernel Streaming Service Driver Elevation of Privilege Vulnerability | Important | |
Microsoft Streaming Service | Kernel Streaming Service Driver Elevation of Privilege Vulnerability | Important | |
Microsoft Streaming Service | Kernel Streaming Service Driver Elevation of Privilege Vulnerability | Important | |
Microsoft Streaming Service | Kernel Streaming Service Driver Elevation of Privilege Vulnerability | Important | |
Microsoft Streaming Service | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | Important | |
Microsoft Streaming Service | Kernel Streaming Service Driver Elevation of Privilege Vulnerability | Important | |
Power Automate | Microsoft Power Automate Desktop Remote Code Execution Vulnerability | Important | |
Role: Windows Hyper-V | Windows Hyper-V Denial of Service Vulnerability | Important | |
SQL Server | Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability | Important | |
SQL Server | Microsoft SQL Server Elevation of Privilege Vulnerability | Important | |
SQL Server | Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability | Important | |
SQL Server | Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability | Important | |
SQL Server | Microsoft SQL Server Native Scoring Information Disclosure Vulnerability | Important | |
SQL Server | Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability | Important | |
SQL Server | Microsoft SQL Server Native Scoring Information Disclosure Vulnerability | Important | |
SQL Server | Microsoft SQL Server Information Disclosure Vulnerability | Important | |
SQL Server | Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability | Important | |
SQL Server | Microsoft SQL Server Native Scoring Information Disclosure Vulnerability | Important | |
SQL Server | Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability | Important | |
SQL Server | Microsoft SQL Server Elevation of Privilege Vulnerability | Important | |
SQL Server | Microsoft SQL Server Elevation of Privilege Vulnerability | Important | |
Windows Admin Center | Microsoft Windows Admin Center Information Disclosure Vulnerability | Important | |
Windows AllJoyn API | Microsoft AllJoyn API Information Disclosure Vulnerability | Important | |
Windows Authentication Methods | Windows Authentication Information Disclosure Vulnerability | Important | |
Windows DHCP Server | DHCP Server Service Denial of Service Vulnerability | Important | |
Windows Installer | Windows Installer Elevation of Privilege Vulnerability | Important | |
Windows Kerberos | Windows Kerberos Elevation of Privilege Vulnerability | Important | |
Windows Kernel-Mode Drivers | Windows Kernel-Mode Driver Information Disclosure Vulnerability | Important | |
Windows Libarchive | Windows libarchive Remote Code Execution Vulnerability | Important | |
Windows Mark of the Web (MOTW) | Windows Mark of the Web Security Feature Bypass Vulnerability | Important | |
Windows Mark of the Web (MOTW) | Windows Mark of the Web Security Feature Bypass Vulnerability | Moderate | |
Windows MSHTML Platform | Windows MSHTML Platform Spoofing Vulnerability | Important | |
Windows Network Address Translation (NAT) | Windows Network Address Translation (NAT) Remote Code Execution Vulnerability | Critical | |
Windows Network Virtualization | Windows Networking Denial of Service Vulnerability | Important | |
Windows Network Virtualization | Windows Networking Denial of Service Vulnerability | Important | |
Windows Network Virtualization | Windows Networking Denial of Service Vulnerability | Important | |
Windows Network Virtualization | Windows Networking Information Disclosure Vulnerability | Important | |
Windows PowerShell | PowerShell Elevation of Privilege Vulnerability | Important | |
Windows Remote Access Connection Manager | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | Important | |
Windows Remote Desktop Licensing Service | Windows Remote Desktop Licensing Service Denial of Service Vulnerability | Important | |
Windows Remote Desktop Licensing Service | Windows Remote Desktop Licensing Service Information Disclosure Vulnerability | Important | |
Windows Remote Desktop Licensing Service | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | Important | |
Windows Remote Desktop Licensing Service | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | Important | |
Windows Remote Desktop Licensing Service | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | Important | |
Windows Remote Desktop Licensing Service | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | Important | |
Windows Remote Desktop Licensing Service | Windows Remote Desktop Licensing Service Spoofing Vulnerability | Important | |
Windows Security Zone Mapping | Windows Security Zone Mapping Security Feature Bypass Vulnerability | Important | |
Windows Setup and Deployment | Windows Setup and Deployment Elevation of Privilege Vulnerability | Important | |
Windows Standards-Based Storage Management Service | Windows Standards-Based Storage Management Service Denial of Service Vulnerability | Important | |
Windows Storage | Windows Storage Elevation of Privilege Vulnerability | Important | |
Windows TCP/IP | Windows TCP/IP Remote Code Execution Vulnerability | Important | |
Windows TCP/IP | Windows TCP/IP Remote Code Execution Vulnerability | Important | |
Windows Update | Microsoft Windows Update Remote Code Execution Vulnerability | Critical | |
Windows Win32K – GRFX | Win32k Elevation of Privilege Vulnerability | Important | |
Windows Win32K – ICOMP | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | Important | |
Windows Win32K – ICOMP | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | Important |
Zero-day Vulnerabilities
Windows Installer Elevation of Privilege Vulnerability (CVE-2024-38014):
Software installation and removal are made possible via the Windows Installer, a part of the Windows operating system. It has been a feature of Windows since version 2000, and many widely used software programs prefer to install in this format.
If the vulnerability is successfully exploited, an attacker could obtain SYSTEM privileges.
In order to notify users of the ongoing exploitation of CVE-2024-38014, CISA added the vulnerability to its list of known exploited vulnerabilities and asked that users fix it by October 1, 2024.
Microsoft Publisher Security Features Bypass Vulnerability (CVE-2024-38226):
A desktop publishing tool called Microsoft Publisher assists users in producing publications that appear professional. Included in the Microsoft 365 package, it serves a purpose for sectors needing top-notch publication design.
By using this vulnerability, an attacker might get around Office macro settings that prevent malicious or untrusted files from being opened.
By adding CVE-2024-38226 to its list of known exploited vulnerabilities and advising users to fix the vulnerability by October 1, 2024, CISA confirmed that the vulnerability is being exploited actively.
Windows Mark of the Web Security Feature Bypass Vulnerability (CVE-2024-38217):
A Windows security feature called Mark of the Web (MoTW) flags files acquired from the internet as possibly dangerous.
To take advantage of the vulnerability, an attacker might host a malicious file on a server they control. A targeted user must be persuaded by the attacker to download and run the malicious file. If the vulnerability is successfully exploited, the attacker might be able to tamper with Mark of the Web capabilities.
By adding CVE-2024-38217 to its list of known exploited vulnerabilities and advising users to fix the vulnerability by October 1, 2024, CISA confirmed that the vulnerability is being exploited actively.
Microsoft Windows Update Remote Code Execution Vulnerability (CVE-2024-43491):
“Microsoft is aware of a vulnerability in Servicing Stack that has rolled back the fixes for some vulnerabilities affecting Optional Components on Windows 10, version 1507 (original version released July 2015),” the company stated in the advisory. By installing the Windows security update KB5035858 (OS Build 10240.20526), which was released on March 12, 2024, or other updates up until August 2024, an attacker could take advantage of these previously mitigated vulnerabilities on Windows 10, version 1507 (Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB) systems. Not all updates to Windows 10 are affected by this vulnerability.
In order to notify users of the ongoing exploitation of CVE-2024-43491, CISA added the vulnerability to its list of known exploited vulnerabilities and asked that users fix it by October 1, 2024.
Critical Vulnerabilities
Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2024-38018):
A web-based platform for document management and collaboration, Microsoft SharePoint facilitates the sharing of documents, data, news, and resources. The program offers easy sharing and seamless collaboration, which changes the way corporate activities are done.
An authenticated attacker with the bare minimum of Site Member access could remotely execute code on the SharePoint Server through a network-based attack.
Azure Stack Hub Elevation of Privilege Vulnerability (CVE-2024-38216 & CVE-2024-38220):
The Azure Stack portfolio includes Azure Stack Hub. With the software, users may deploy Azure services in their data center and run apps in an on-premises environment.
If the vulnerability is successfully exploited, an attacker might be able to access system resources without authorization. An attacker might be able to take actions with the same privileges as the compromised process due to this vulnerability.
Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2024-43464):
To cause the deserialization of the file’s parameters, an attacker can create specific API queries and upload a specially designed file to the targeted SharePoint Server. The vulnerability could allow an authorized attacker with Site Owner rights to run any code within the SharePoint Server environment.
Azure Web Apps Elevation of Privilege Vulnerability (CVE-2024-38194):
It is possible to host online apps in many programming languages like .NET, Java, Node.js, Python, and PHP with Azure online Apps. To guarantee that your application is always up and running, it offers high availability, load balancing, and automatic scalability.
By taking advantage of an Azure Web Apps improper authorization vulnerability, authenticated attackers can gain elevated network privileges.
Other Vulnerabilities
- Microsoft SharePoint Server has two remote code execution vulnerabilities: CVE-2024-38227 and CVE-2024-38228. The vulnerability could allow an authorized attacker with Site Owner rights to run any code within the SharePoint Server environment.
- An elevation of privilege vulnerability in the Kernel Streaming WOW Thunk Service Driver is identified as CVE-2024-38237. If this vulnerability is properly exploited, the attacker may obtain SYSTEM privileges.
- The Kernel Streaming Service Driver has an elevation of privilege vulnerabilities identified as CVE-2024-38238, CVE-2024-38241, CVE-2024-38242, CVE-2024-38243, CVE-2024-38244, and CVE-2024-38245. If the attack is successful, the attacker could obtain SYSTEM privileges.
- A Win32k elevation of privilege vulnerability is identified as CVE-2024-38246. To take advantage of the vulnerability, an attacker needs to satisfy a race condition. If the attack is successful, the attacker could obtain SYSTEM privileges.
- An elevation of privilege vulnerability in the Windows Graphics Component is identified as CVE-2024-38247. If the attack is successful, the attacker could obtain SYSTEM privileges.
- An elevation of privilege vulnerability in the Windows Graphics Component is identified as CVE-2024-38249. If this vulnerability is properly exploited, the attacker may obtain SYSTEM privileges.
- The Windows Win32 Kernel Subsystem is vulnerable to the elevation of privilege vulnerabilities (CVE-2024-38252 & CVE-2024-38253). If this vulnerability is properly exploited, the attacker may obtain SYSTEM privileges.
- An elevation of privilege vulnerability in Windows Setup and Deployment is identified as CVE-2024-43457. If the attack is successful, the attacker could obtain SYSTEM privileges.
- A security feature bypass vulnerability in Windows Mark of the Web is identified as CVE-2024-43487. If the vulnerability is successfully exploited, an attacker might be able to go around the SmartScreen’s user interface. To take advantage of the vulnerability, an attacker has to send the user a malicious file and convince them to open it.