Microsoft Monthly Security Update (September 2024)

Microsoft has released monthly security update for their products:

 

Vulnerable ProductRisk LevelImpactsNotes
SQL ServerMedium Risk Medium RiskRemote Code Execution
Information Disclosure
Elevation of Privilege
 
Microsoft OfficeExtremely High Risk Extremely High RiskRemote Code Execution
Elevation of Privilege
Information Disclosure
Security Restriction Bypass
Denial of Service
CVE-2024-38226 is being exploited in the wild. An attacker who successfully exploits this vulnerability could bypass Office macro policies used to block untrusted or malicious files.
AzureMedium Risk Medium RiskElevation of Privilege
Remote Code Execution
 
WindowsHigh Risk Extremely High RiskDenial of Service
Elevation of Privilege
Information Disclosure
Remote Code Execution
Security Restriction Bypass
Spoofing

CVE-2024-38014 is being exploited in the wild. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2024-38217 is being exploited in the wild.  This vulnerability can be exploited to bypass the Mark of the Web (MOTW) defenses.

Extended Security Updates (ESU)High Risk Extremely High RiskDenial of Service
Elevation of Privilege
Information Disclosure
Remote Code Execution
Security Restriction Bypass
Spoofing

Exploitation of CVE-2024-43491 is being detected. An attacker who successfully exploited this vulnerability can initiate pre-auth remote code execution.

 

Microsoft states that there is no evidence of direct exploitation of CVE-2024-43491, it has observed that rollbacks of CVEs related to Optional Components for Windows 10 (version 1507), which prompted Microsoft to apply the exploitability index assessment for this vulnerability as “Exploitation Detected.”

Microsoft DynamicsMedium Risk Medium RiskElevation of Privilege
Spoofing
Remote Code Execution
 

 

Number of ‘Extremely High Risk’ product(s): 3

Number of ‘High Risk’ product(s): 0

Number of ‘Medium Risk’ product(s): 3

Number of ‘Low Risk’ product(s): 0

Evaluation of overall ‘Risk Level’: Extremely High Risk

RISK: Extremely High Risk

TYPE: Operating Systems – Windows OS

TYPE: Windows OS

Impact

  • Information Disclosure
  • Elevation of Privilege
  • Security Restriction Bypass
  • Spoofing
  • Denial of Service
  • Remote Code Execution

System / Technologies affected

  • SQL Server
  • Microsoft Office
  • Azure
  • Windows
  • Extended Security Updates (ESU)
  • Microsoft Dynamics

Solutions

Before installation of the software, please visit the vendor web-site for more details.

  •  Apply fixes issued by the vendor.

Vulnerability Identifier


Source


Related Link

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

To keep up to date follow us on the below channels.