Analysis Summary

Microsoft's Patch Tuesday update for September 2024 addresses a total of 79 vulnerabilities in the Windows platform with seven categorized as critical, 71 deemed Important, and one rated moderate in severity.

Additionally, 26 flaws affecting Microsoft's Chromium-based Edge browser have been patched since the last update. Among the most significant vulnerabilities disclosed are three that are currently being actively exploited, along with one bug, CVE-2024-43491, which Microsoft is treating as having been exploited despite no direct exploitation of the vulnerability being detected.

Microsoft's Patch Tuesday disclosed that the three actively exploited vulnerabilities are: CVE-2024-38014, a Windows Installer Elevation of Privilege flaw with a CVSS score of 7.8; CVE-2024-38217, a Windows Mark-of-the-Web (MotW) Security Feature Bypass Vulnerability with a CVSS score of 5.4; and CVE-2024-38226, a Microsoft Publisher Security Feature Bypass Vulnerability with a CVSS score of 7.3.

Both CVE-2024-38226 and CVE-2024-38217 allow attackers to bypass security features that prevent the execution of malicious Office macros, with CVE-2024-38217 being actively exploited as far back as 2018. CVE-2024-38014, meanwhile, allows attackers to elevate privileges, giving them enhanced access to compromised systems.

The most critical vulnerability, CVE-2024-43491, with a CVSS score of 9.8, involves a remote code execution flaw in Microsoft Windows Update. This vulnerability is noteworthy because it is linked to a rollback issue affecting Optional Components on Windows 10, version 1507 (the original release from 2015). Despite no current exploitation of CVE-2024-43491, Microsoft’s assessment is based on the rollback of previous fixes that addressed known vulnerabilities, leading to concerns that attackers could exploit the issue on unpatched systems.

To mitigate these risks, Microsoft recommends applying the September 2024 Servicing Stack Update (SSU KB5043936), followed by the Windows security update (KB5043083). These updates address both new and previously patched vulnerabilities, especially those affecting legacy versions of Windows 10 that may have had security patches rolled back unintentionally.

Impact

• Privilege Escalation
• Code Execution
• Security Bypass

Indicators of Compromise

CVE

• CVE-2024-38014
• CVE-2024-38217
• CVE-2024-38226
• CVE-2024-43491

Affected Vendors

Remediation

• Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.
• Organizations must test their assets for the vulnerability mentioned above and apply the available security patch or mitigation steps as soon as possible.
• Implement multi-factor authentication to add an extra layer of security to login processes.
• Regularly monitor network activity for any unusual behavior, as this may indicate that a cyberattack is underway.
• Organizations must stay vigilant and follow best practices for cybersecurity to protect their systems and data from potential threats. This includes regularly updating software and implementing strong access controls and monitoring tools.
• Develop a comprehensive incident response plan to respond effectively in case of a security breach or data leakage.
• Maintain regular backups of critical data and systems to ensure data recovery in case of a security incident.
• Adhere to security best practices, including the principle of least privilege, and ensure that users and applications have only the necessary permissions.
• Establish a robust patch management process to ensure that security patches are evaluated, tested, and applied promptly.
• Conduct security audits and assessments to evaluate the overall security posture of your systems and networks.
• Implement network segmentation to contain and isolate potential threats to limit their impact on critical systems.