Microsoft Monthly Security Update (September 2024)
Microsoft has released monthly security update for their products:
Vulnerable Product | Risk Level | Impacts | Notes |
SQL Server | Remote Code Execution Information Disclosure Elevation of Privilege | ||
Microsoft Office | Remote Code Execution Elevation of Privilege Information Disclosure Security Restriction Bypass Denial of Service | CVE-2024-38226 is being exploited in the wild. An attacker who successfully exploits this vulnerability could bypass Office macro policies used to block untrusted or malicious files. | |
Azure | Elevation of Privilege Remote Code Execution | ||
Windows | Denial of Service Elevation of Privilege Information Disclosure Remote Code Execution Security Restriction Bypass Spoofing | CVE-2024-38014 is being exploited in the wild. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2024-38217 is being exploited in the wild. This vulnerability can be exploited to bypass the Mark of the Web (MOTW) defenses. | |
Extended Security Updates (ESU) | Denial of Service Elevation of Privilege Information Disclosure Remote Code Execution Security Restriction Bypass Spoofing | Exploitation of CVE-2024-43491 is being detected. An attacker who successfully exploited this vulnerability can initiate pre-auth remote code execution.
Microsoft states that there is no evidence of direct exploitation of CVE-2024-43491, it has observed that rollbacks of CVEs related to Optional Components for Windows 10 (version 1507), which prompted Microsoft to apply the exploitability index assessment for this vulnerability as “Exploitation Detected.” | |
Microsoft Dynamics | Elevation of Privilege Spoofing Remote Code Execution |
Number of ‘Extremely High Risk’ product(s): 3
Number of ‘High Risk’ product(s): 0
Number of ‘Medium Risk’ product(s): 3
Number of ‘Low Risk’ product(s): 0
Evaluation of overall ‘Risk Level’: Extremely High Risk
RISK: Extremely High Risk
TYPE: Operating Systems – Windows OS
Impact
- Information Disclosure
- Elevation of Privilege
- Security Restriction Bypass
- Spoofing
- Denial of Service
- Remote Code Execution
System / Technologies affected
- SQL Server
- Microsoft Office
- Azure
- Windows
- Extended Security Updates (ESU)
- Microsoft Dynamics
Solutions
Before installation of the software, please visit the vendor web-site for more details.
- Apply fixes issued by the vendor.
Vulnerability Identifier
Source
Related Link
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.