September's Patch Tuesday tackles numerous flaws, including four zero-days

This month's Patch Tuesday addresses vulnerabilities already exploited in the wild

Microsoft released Patch Tuesday updates: four zero-days and numerous other flaws patched

Microsoft’s September 2024 Patch Tuesday brings updates for 79 security flaws, and seven of these are critical.[1] Notably, four of these vulnerabilities are zero-day flaws, three of which have already been exploited.

Zero-day vulnerabilities are particularly dangerous since they can be exploited or made public before a patch is made available. This release comes after the Patch Tuesday featuring major updates from last month.

Administrators should prioritize applying these updates to ensure the security of their systems. Exploit activity often ramps up immediately after Patch Tuesday, highlighting the urgency of addressing these vulnerabilities.

What are the four zero-days?

Some of the most critical vulnerabilities for this month include CVE-2024-43491,[2] a flaw in the Windows Update Servicing Stack. What makes it so critical is the 9.8 CVSS score it earns, and there is the risk of uninstalling the patches that were applied. While Microsoft has not found evidence of exploitation of the hole in the wild, as a remote code execution flaw, it could be used to help reintroduce older, already-patched vulnerabilities.

Besides, three zero-days exploited so far include CVE-2024-38014, a Windows Installer elevation of privilege vulnerability; CVE-2024-38217, a security feature bypass flaw related to Windows Mark of the Web; and CVE-2024-38226, a bypass vulnerability in Microsoft Publisher's macro protection. These could, among other things, provide attackers with escalated privileges, or bypass critical security protections – both of which highlight the need to update as soon as possible.

Broader security flaws addressed

Apart from the zero-day vulnerabilities, seven critical vulnerabilities in the release primarily involve remote code execution and elevation of privileges, which are significant threats to system integrity. For example, CVE-2024-38014 allows attackers to gain SYSTEM privileges, making it a highly dangerous exploit that can compromise entire networks.

The vulnerability in Windows Mark of the Web (CVE-2024-38217) is also of particular concern. Exploited since 2018, it bypasses security checks on malicious files, potentially leading to security feature failures like Smart App Control.

Meanwhile, CVE-2024-38226 targets the relatively obscure Microsoft Publisher, where attackers can bypass macro security policies, exposing organizations to macro-based threats.

Recommendations for IT administrators and organizations

Given the criticality of vulnerabilities associated with the update, system administrators would have to act quickly on this and apply the patches. Active exploitation of zero-days and another critical flaw presents an increased chance of the possibility of a major security breach if systems are not updated.

To prioritize, install the September 2024 servicing stack update (KB5043936),[3] along with the Windows security update (KB5043083).[4] This will remediate vulnerabilities such as CVE-2024-43491, which might bring back to life old security flaws otherwise addressed. Systems that are still running older versions of Windows 10, especially version 1507, are at even higher risk since some of these old security fixes may be undone.

Admins also need to make sure to patch the other zero-days being exploited, such as CVE-2024-38014, CVE-2024-38217, and CVE-2024-38226. These vulnerabilities allow attackers to escalate privileges or bypass security measures and, if combined, lead to an even more advanced attack on IT systems. Adobe has also published updates fixing 28 vulnerabilities, with 10 being listed as critical. While none of these are currently being exploited, it's still recommended to apply these patches for complete protection.

Applying such updates early will reduce the chances that zero-day exploits can be executed and help reduce any potential risks that could be in the pipeline as a result of future attacks. Attackers quickly up their efforts post-Patch Tuesday, so it's important to apply patches as soon as possible and more so for organizations within high-risk sectors like government and finance.

About the author
Gabriel E. Hall
Gabriel E. Hall - Passionate web researcher

Gabriel E. Hall is a passionate malware researcher who has been working for 2-spyware for almost a decade.

Contact Gabriel E. Hall
About the company Esolutions

References
Files
Software
Compare