Skip to main content

Microsoft Monthly Security Update (September 2024)

Last Update Date: 16 Sep 2024 Release Date: 11 Sep 2024 4207 Views

RISK: Extremely High Risk

TYPE: Operating Systems - Windows OS

TYPE: Windows OS

Microsoft has released monthly security update for their products:

 

Vulnerable ProductRisk LevelImpactsNotes
SQL ServerMedium Risk Medium RiskRemote Code Execution
Information Disclosure
Elevation of Privilege
 
Microsoft OfficeExtremely High Risk Extremely High RiskRemote Code Execution
Elevation of Privilege
Information Disclosure
Security Restriction Bypass
Denial of Service
CVE-2024-38226 is being exploited in the wild. An attacker who successfully exploits this vulnerability could bypass Office macro policies used to block untrusted or malicious files.
AzureMedium Risk Medium RiskElevation of Privilege
Remote Code Execution
 
WindowsHigh Risk Extremely High RiskDenial of Service
Elevation of Privilege
Information Disclosure
Remote Code Execution
Security Restriction Bypass
Spoofing

CVE-2024-38014 is being exploited in the wild. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2024-38217 is being exploited in the wild.  This vulnerability can be exploited to bypass the Mark of the Web (MOTW) defenses.

CVE-2024-43461 is being exploited in the wild.  

Extended Security Updates (ESU)High Risk Extremely High RiskDenial of Service
Elevation of Privilege
Information Disclosure
Remote Code Execution
Security Restriction Bypass
Spoofing

Exploitation of CVE-2024-43491 is being detected. An attacker who successfully exploited this vulnerability can initiate pre-auth remote code execution.

 

Microsoft states that there is no evidence of direct exploitation of CVE-2024-43491, it has observed that rollbacks of CVEs related to Optional Components for Windows 10 (version 1507), which prompted Microsoft to apply the exploitability index assessment for this vulnerability as “Exploitation Detected.”

Microsoft DynamicsMedium Risk Medium RiskElevation of Privilege
Spoofing
Remote Code Execution
 

 

Number of 'Extremely High Risk' product(s): 3

Number of 'High Risk' product(s): 0

Number of 'Medium Risk' product(s): 3

Number of 'Low Risk' product(s): 0

Evaluation of overall 'Risk Level': Extremely High Risk

 

 

[Updated on 2024-09-16]

Updated Description.


Impact

  • Information Disclosure
  • Elevation of Privilege
  • Security Restriction Bypass
  • Spoofing
  • Denial of Service
  • Remote Code Execution

System / Technologies affected

  • SQL Server
  • Microsoft Office
  • Azure
  • Windows
  • Extended Security Updates (ESU)
  • Microsoft Dynamics

Solutions

Before installation of the software, please visit the vendor web-site for more details.

  •  Apply fixes issued by the vendor.

Vulnerability Identifier


Source


Related Link