Microsoft Addresses Critical Vulnerabilities in September 2024 Patch Tuesday Update
On Tuesday, September 10, 2024, Microsoft announced the identification of three significant security vulnerabilities affecting the Windows operating system, which are now under active exploitation. This disclosure was part of the company’s monthly Patch Tuesday update, highlighting the urgent need for businesses to promptly address these newly discovered flaws.
The September update tackles a total of 79 vulnerabilities, categorized by severity as follows: seven are classified as Critical, 71 as Important, and one as Moderate. Notably, this release comes in addition to a previous resolution of 26 vulnerabilities within the Chromium-based Edge browser, which was announced after last month’s Patch Tuesday.
Among the critical vulnerabilities that are currently being exploited are the following: CVE-2024-38014, a Windows Installer Elevation of Privilege vulnerability with a CVSS score of 7.8; CVE-2024-38217, which pertains to a Mark-of-the-Web (MotW) Security Feature Bypass vulnerability rated at 5.4; and CVE-2024-38226, concerning a Security Feature Bypass in Microsoft Publisher with a CVSS of 7.3. Additionally, Microsoft has identified CVE-2024-43491, a Remote Code Execution vulnerability within the Windows Update framework, classified with a CVSS score of 9.8, as actively exploited.
According to cybersecurity expert Satnam Narang from Tenable, the exploitation of both CVE-2024-38226 and CVE-2024-38217 can lead to the circumvention of essential security measures that prevent unauthorized execution of Microsoft Office macros. In practical terms, attackers may convince targets to open specially designed files from malicious servers, resulting in potential breaches. The critical distinction lies in the fact that exploiting CVE-2024-38226 requires an attacker to be authenticated with local access to the target system.
Further complicating matters, the CVE-2024-38217 vulnerability, known colloquially as “LNK Stomping,” has reportedly been utilized in malicious activities since as early as February 2018, as disclosed by Elastic Security Labs. In contrast, CVE-2024-43491 bears similarities to a downgrade attack highlighted by cybersecurity firm SafeBreach, which poses risks to systems running outdated versions of Windows.
Microsoft has alerted users about a vulnerability affecting the Servicing Stack, which has inadvertently reverted fixes for several vulnerabilities in Optional Components on Windows 10 version 1507, originally released in July 2015. This creates an avenue for attackers to exploit previously mitigated vulnerabilities on systems that have received specific updates. To remedy this, Microsoft recommends installing the September 2024 Servicing Stack Update (KB5043936) followed by the relevant Windows security update (KB5043083).
The urgency in addressing these vulnerabilities cannot be overstated, particularly given Microsoft’s assessment of “Exploitation Detected” associated with CVE-2024-43491, stemming from the rollback of fixes that could potentially be exploited. Although there is currently no evidence suggesting the exploitation of this specific vulnerability is publicly known, it serves to underscore the necessity of swift action.
The implications of these vulnerabilities resonate across various business sectors, particularly for organizations that rely on the integrity of Windows systems for operations. The vulnerabilities could align with various tactics and techniques catalogued in the MITRE ATT&CK framework, including initial access, privilege escalation, and exploitation of vulnerabilities, indicating a multifaceted threat landscape that organizations must navigate.
As Microsoft continues to release security updates, it is imperative for businesses to remain vigilant about cybersecurity practices, including the regular application of updates and employee training on recognizing and responding to potential threats.
Source Link : https://thehackernews.com/2024/09/microsoft-issues-patches-for-79-flaws.html
