As the calendar pages flip to September, the autumn air brings more than just the promise of cozy sweaters. In our world of cybersecurity, it also heralds the arrival of new updates and critical patches. In this month’s Patch Tuesday, the tech giant Microsoft has served us a new batch of security fixes, adding a bit of excitement to the seasonal shift by addressing 79 vulnerabilities, including 4 vulnerabilities which are being exploited in the wild.
These security updates signify the importance of timely patch management. This security release is further divided into 7 Critical, 71 Important and 1 Moderate Vulnerabilities. Elevation of privilege vulnerabilities dominated the current threat landscape, followed by remote code execution and information disclosure posing a significant threat to data integrity and system security.
With CVEs like CVE-2024-38217 being exploited in the wild, which require user interaction for exploitation, the importance of user education is again emphasized apart from regular patch applications.
Actively Exploited Zero-Day Vulnerabilities:
CVE-2024-43491: Microsoft Windows Update Remote Code Execution Vulnerability
The Servicing stack in Microsoft Windows Update for Optional Components on Windows 10, version 1507(Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB), contains an RCE vulnerability. The Servicing Stack regression described here was introduced in the March 2024 patches. Anyone still running Windows 10 1507 should note that patches are required for both the Servicing Stack and the regular Windows OS patch. The following list of affected optional components has also been shared by Microsoft:
- .NET Framework 4.6 Advanced Services \ ASP.NET 4.6
- Active Directory Lightweight Directory Services
- Administrative Tools
- Internet Explorer 11
- Internet Information Services\World Wide Web Services
- LPD Print Service
- Microsoft Message Queue (MSMQ) Server Core
- MSMQ HTTP Support
- MultiPoint Connector
- SMB 1.0/CIFS File Sharing Support
- Windows Fax and Scan
- Windows Media Player
- Work Folders Client
- XPS Viewer
Although this CVE has been flagged as exploited in the wild, Microsoft states that there is no evidence of known exploitation of CVE-2024-43491. Since some of the rolled-back CVEs had been exploited in the past, Microsoft has marked the exploitability index assessment as “Exploitation Detected” for this vulnerability.
CVE-2024-38014: Windows Installer Elevation of Privilege Vulnerability
This is a EoP vulnerability and its successful exploitation grants code execution as SYSTEM. It is one of the 4 exploited in-the-wild vulnerabilities of this patch Tuesday, but Microsoft has not further disclosed the details of the exploitation of this vulnerability.
CVE-2024-38226: Microsoft Publisher Security Feature Bypass Vulnerability
CVE-2024-38226 is a local security feature bypass for Office macro policy. This attack can be carried out locally by an authenticated user. An attacker would then need to convince a target to open the file, but if they do, it will bypass Office macro policies and execute code on the target system. According to Microsoft the Preview Pane is not an attack vector for this vulnerability.
CVE-2024-38217: Windows Mark of the Web Security Feature Bypass Vulnerability
MoTW bypass vulnerabilities have been in the talks over the last several months and remain a topic of discussion. This is one of two MoTW bypasses addressed in this month’s security updates, but only this one is listed as exploited in-the-wild. As described by Microsoft, this vulnerability allows an attacker to pass malicious files past MoTW defences, causing limited loss of integrity and availability of security features. It is scored as 5.4 by Microsoft, as for successful exploitation an attacker would need to convince a targeted user to download and open the file hosted on the attacker-controlled server.
As we wrap up this patch Tuesday roundup, it’s evident that staying secure requires a proactive approach. It’s essential to prioritize timely security updates to protect our systems and organization from potential exploitation. Remember, security is an ongoing journey, and a well-patched system is a more secure system.
