Microsoft Releases Nearly 80 Patches, Including 1 'Critical' Zero-Day -- Redmondmag.com

Microsoft Releases Nearly 80 Patches, Including 1 'Critical' Zero-Day

By Gladys Rama
09/10/2024

Microsoft's latest security patch update addresses 79 vulnerabilities, including four that are already being actively exploited in the wild.

One of these four zero-day exploits, CVE-2024-43491 -- a Windows Update remote code execution flaw targeting a nearly 10-year-old version of Windows -- is rated "critical." Per Microsoft's advisory, Windows 10 version 1507, which was first released in 2015 and is now unsupported, is susceptible to "a vulnerability in Servicing Stack that has rolled back the fixes for some vulnerabilities affecting Optional Components." It continued:

This means that an attacker could exploit these previously mitigated vulnerabilities on Windows 10, version 1507 (Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB) systems that have installed the Windows security update released on March 12, 2024 --KB5035858 (OS Build 10240.20526) or other updates released until August 2024.

The other three zero-day fixes are rated "important." They are:

CVE-2024-38226, a feature bypass vulnerability that can override Office macro settings meant to disarm harmful files.
CVE-2024-38217, a feature bypass vulnerability that can fool a user into downloading a malicious server file, enabling an attacker to bypass the Mark of the Web identifier, which Microsoft uses to flag potentially unsecure files.
CVE-2024-38014, an elevation-of-privilege vulnerability affecting Windows Installer that could grant an attacker system access.

Dustin Childs of the Zero Day Initiative blog identified a fifth vulnerability, CVE-2024-43461, that he says is "under active attack." Rated "important" by Microsoft, this flaw is a spoofing vulnerability that affects all supported versions of Windows via the Internet Explorer MSHTML platform. Microsoft had initially patched this flaw in July's security update, wrote Childs, but "threat actors quickly bypassed" that fix, leaving the vulnerability open to attack. However, Microsoft's official advisory says it is not currently being exploited.

"We're not sure why they don't list it as being under active attack, but you should treat it as though it were," Childs said.

Also of note are six other vulnerabilities labeled "critical." They are as follows:

CVE-2024-43464 and CVE-2024-38018: Remote code execution in SharePoint Server.
CVE-2024-38220 and CVE-2024-38216: Elevation of privilege in Azure Stack Hub.
CVE-2024-38194: Elevation of privilege in Azure Web Apps.
CVE-2024-38119: Remote code execution in Windows Network Address Translation.

Microsoft's full September security bulletin can be accessed here.

About the Author

Gladys Rama (@GladysRama3) is the editorial director of Converge360.

Featured

How Much Space Are You Using in Microsoft 365?

Reclaim your cloud storage by locating unwanted data.
Microsoft Releases Nearly 80 Patches, Including 1 'Critical' Zero-Day

Microsoft's latest security patch update addresses 79 vulnerabilities, including four that are already being actively exploited in the wild.
Oracle-Microsoft 'Database@Azure' Service Getting Fabric, Sentinel Hooks

A year after it was first unveiled, the Oracle Database@Azure infrastructure-as-a-service offering from Oracle and Microsoft is getting significant new capabilities.
How License Stacking Works in the Real World

Organizations using servers with more than 16 cores need to "stack" multiple Windows Server licenses to cover all cores, ensuring compliance with licensing requirements. Here's how.
California AI Regulation Bill Heads to Newsom's Desk

California appears to be on the verge of setting a national precedent for AI regulation.