Security & Threat Updates – September 2024:

Share This Article

Microsoft addressed 79 Common Vulnerabilities and Exposures (CVE’s) this month, 4 which were marked as zero-day vulnerabilities.  The most critical Common Vulnerabilities and Exposures (CVE’s) are noted below:

Microsoft Vulnerabilities:

Windows Zero-Days:

  • CVE-2024-43491 – Microsoft Windows Update Remote Code Execution Vulnerability
    • Previously exploited.
    • Downgrade attack only affecting Windows 10 version 1507 & Windows 10 version 2015 LTSB.
    • Requires the September 2024 Servicing stack update (SSU KB5043936) AND the September 2024 Windows security update (KB5043083) in that order to mitigate this vulnerability.
  • CVE-2024-38014 – Windows Installer Elevation of Privilege Vulnerability
    • Actively being exploited in the wild.
  • CVE-2024-38217 – Windows Mark of the Web Security Feature Bypass Vulnerability
    • Publicly disclosed & actively being exploited in the wild.
  • CVE-2024-38226 – Microsoft Publisher Security Feature Bypass Vulnerability
    • Actively being exploited in the wild.

Other Critical CVE’s worth mentioning:

  • CVE-2024-38109 – Azure Health Bot Elevation of Privilege Vulnerability
  • CVE-2024-38216 / 38220 – Azure Stack Hub Elevation of Privilege Vulnerability
  • CVE-2024-38194 – Azure Web Apps Elevation of Privilege Vulnerability
  • CVE-2024-38018 / 43464 – Microsoft SharePoint Server Remote Code Execution Vulnerability
  • CVE-2024-38119 – Windows Network Address Translation (NAT) Remote Code Execution Vulnerability

3rd Party Critical CVE’s:

Adobe Products:

Apache:

Cisco:

Google Chrome:

  • Versions 128.0.6613.137/.138 were released for Windows & Apple and 128.0.6613.137 for Linux on September 10th
  • This update includes 5 security fixes
  • Chrome Release: September 10th 2024

Firefox:

Fortinet:

SonicWall:

Veeam:

About FortressSRM Cyber Hygiene Offering:

Software vulnerabilities are one of the top cyber-attack vectors and one in three breaches are the result of vulnerabilities that were known about and should have been already patched. 

Keeping operating systems and application software patched and secure is time consuming and tedious – an internal IT resource nightmare. Fortress SRM’s Guardian Managed Patching with Monitoring Service delivers automated, high-efficacy (97%+) updates to Microsoft and over 80 third-party software, ensuring efficient patch deployment to every device, whether on or off network. This includes the deployment of critical updates, security updates, feature updates, operating system upgrades, key Windows security setting and configurations. 

The Fortress SRM real-time reporting console includes current patch levels of devices and gives the Client total visibility into what patch related activities have been performed, while real-

Ready to start the Cyber Hygiene journey? Contact us at: Contact Us | Fortress Security Risk Management (fortresssrm.com)