CyberWatch

Patch Tuesday for September

By

Matthew Fagan, Vulnerability Management Patch Analyst

By

Access Point Consulting

Every second Tuesday of the month, Microsoft releases patches to their applications, services, and operating systems. Typically, these patches include a myriad of security fixes and this time around, for September of 2024, 79 different vulnerabilities have been addressed including 4 zero-day vulnerabilities and 10 critical vulnerabilities.

Zero Day Vulnerabilities

  1. CVE-2024-43491: This critical remote code execution vulnerability in Microsoft Windows Update affects the Servicing Stack. It can potentially roll back fixes for previously mitigated vulnerabilities on certain Windows 10 systems. This issue affects Optional Components on Windows 10 version 1507. An attacker could exploit previously mitigated vulnerabilities on this version on any system which has received the Match 2024 – August 2024 security updates. Installing the September 2024 servicing stack updates and then the Windows security update in order will remediate this vulnerability. | CVSS score: 9.8
  2. CVE-2024-38014: A Windows Installer Elevation of Privilege vulnerability. This flaw allows attackers to gain elevated privileges on the system, making it easier to execute malicious code. | CVSS score: 7.8
  3. CVE-2024-38217: A Windows Mark-of-the-Web (MotW) Security Feature Bypass vulnerability. This vulnerability allows attackers to bypass security features that block Microsoft Office macros from running, which can lead to the execution of malicious code. | CVSS score: 5.4
  4. CVE-2024-38226: A Microsoft Publisher Security Feature Bypass vulnerability. Similar to CVE-2024-38217, this flaw allows attackers to bypass security features, but it requires authenticated local access for exploitation. | CVSS score: 5.4

Remediation

Security updates have been provided by Microsoft for the vulnerabilities within this release. To check for updates, users can navigate to the Update & Security section, select Windows Update > Check for Updates. Check the updates you need, click Download and Install, and then reboot your system. For Enterprise Environments, using Windows Server Updates Services or Microsoft Endpoint Configuration Manager can be used to deploy updates across many devices. There are also update tools such as Microsoft Intune which can manage and schedule these updates. Individual knowledge base articles can be downloaded for a specific vulnerability; these are in the Microsoft Security Response Center under Security Updates.

Recommendations    

User

  • Enable Automatic Updates, this will allow security fixes to be applied without manual intervention. This can be done by going to the Settings > Update & Security > Windows Update section of the Operating System.
  • Back Up Data and set up System Restore Point, make sure all critical files are properly backed up into either a secure cloud service or an external media such as a USB drive. Setting up a System Restore point before installing an update will also ensure that a backup is created of that Operating System image allowing for the system to be recovered if the update introduces any issues.

Enterprise

  • Test Updates - Before deploying the updates to all users ensure that they are properly tested to identify potential issues.
  • Schedule Updates - Updates should be pushed to devices off-peak operating hours to ensure minimal business disruptions. These updates typically require a reboot and could disrupt meetings or work if a reboot is applied during peak hours.
  • Backup Critical Systems - If any issues are discovered during deployment this will help prevent data from being compromised.
  • Monitor and Review Updates - Monitor progress of updates throughout deployment and troubleshoot any issues which may arise post-update or if any issue exists which prevents the asset from becoming patched.

Associated Bulletins

September 2024 Security Updates - Release Notes - Security Update Guide - Microsoft

Resources

Trending Articles & Security Reports

Resources

CyberWatch

October 7, 2024

VINs and Losses: How Hackers Take Kias for a Ride

In the age of smart cars and connected devices, convenience often comes with hidden risks. A recently discovered critical vulnerability in Kia vehicles serves as a stark reminder of how our increasingly digital world is making cars new targets for cyberattacks. This vulnerability allowed hackers to remotely control various vehicle functions—using nothing more than a car's license plate number. It highlights the growing threat of cyberattacks on connected cars and the importance of cybersecurity in the automotive industry.

Find out more
October 3, 2024

Vulnerability in SolarWinds Managed File Transfer Server Actively Exploited

CVE-2024-28995 SolarWinds has issued a critical update for a zero-day vulnerability in its Serv-U MFT Server, allowing attackers to bypass security and access restricted files without authentication. Actively exploited, this flaw poses a significant risk for businesses that delay applying the fix.

Find out more
October 1, 2024

Critical Container Flaw Could Impact NVIDIA AI Services

On September 25th, NVIDIA issued a security advisory regarding a critical vulnerability (CVE-2024-0132) in the NVIDIA Container Toolkit. This Time-of-Check Time-of-Use (TOCTOU) flaw allows a specially crafted container image to access the host file system. The vulnerability impacts most AI applications in both cloud and on-prem environments using NVIDIA GPUs.

Find out more