Microsoft has revealed Tuesday that three new security flaws affecting the Windows platform have been actively exploited as part of the September 2024 “Patch Tuesday” update.
The monthly security release addresses a total of 79 vulnerabilities, of which seven are classified as Critical, 71 as Important and one as Moderate in severity; in addition to this, 26 vulnerabilities that the tech giant has fixed it in its Chromium-based Edge browser since the last “Patch Tuesday” update last month.
What’s new and what’s fixed in the September 2024 Patch Tuesday update
The three vulnerabilities fixed with the patch that have been exploited in a malicious context are listed below, along with one bug that Microsoft is treating as exploited:
- CVE-2024-38014 (CVSS Score: 7.8) – Windows Installer Elevation of Privilege Vulnerability
- CVE-2024-38217 (CVSS Score: 5.4) – Windows Mark-of-the-Web (MotW) Security Feature Bypass Vulnerability
- CVE-2024-38226 (CVSS Score: 7.3) – Microsoft Publisher Security Feature Bypass Vulnerability
- CVE-2024-43491 (CVSS Score: 9.8) – Remote Code Execution Vulnerability in Microsoft Windows Update
“Exploitation of both CVE-2024-38226 and CVE-2024-38217 can lead to the bypassing of important security features that block Microsoft Office macros from running“, said Satnam Narang, senior research engineer at Tenable, in a statement, adding that “In both cases, the target must be convinced to open a specially crafted file from a server controlled by the attacker. The difference is that, to exploit CVE-2024-38226, an attacker must be authenticated on the system and have local access to it..“
As disclosed by Elastic Security Labs last month, CVE-2024-38217 (also known as “LNK Stomping“) would have been exploited as early as February 2018.
CVE-2024-43491, on the other hand, is notable for the fact that it is similar to the downgrade attack analyzed by cybersecurity firm SafeBreach earlier last month.
Other vulnerabilities fixed by the patch
“Microsoft is aware of a vulnerability in the Service Stack that has resulted in fixes for some vulnerabilities affecting Optional Components on Windows 10, version 1507 (initial release July 2015)“, Redmond observed.
“This means that an attacker could exploit these previously mitigated vulnerabilities on Windows 10, version 1507 (Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB) systems that have installed the Windows security update released on March 12, 2024 — KB5035858 (OS Build 10240.20526) or other updates released until August 2024.”
The Windows maker also stated that the issue can be resolved by installing the September 2024 Service Stack Update (SSU KB5043936) and the September 2024 Windows Security Update (KB5043083), in this order.
It is also worth noting that the rating of “Exploitation Detected” from Microsoft for CVE-2024-43491 It comes from the rollback of fixes that had addressed vulnerabilities affecting some Optional Components for Windows 10 (version 1507) that had previously been exploited.
“No direct exploitation of CVE-2024-43491 was detected“, the company said. “Additionally, Microsoft’s Windows product team discovered this issue, and we have not seen any evidence that it is publicly known.“
Software patches from other vendors
In addition to Microsoft, in recent months other vendors have also released security updates to fix various vulnerabilities through various patches, including:
#Patches #Windows #vulnerabilities #actively #exploited
