September 2024 Patch Tuesday: Critical Security Updates

Welcome to Recast Software’s September 2024 Patch Tuesday post. 

Microsoft’s September 2024 Patch Tuesday addresses 79 vulnerabilities, including 7 rated as critical. Among these, several stand out as high-priority updates, with three actively exploited zero-day vulnerabilities. Let’s dive into the most critical patches to ensure your environment stays secure. 

Key Critical Updates 

CVE-2024-43491: Windows Update Remote Code Execution Vulnerability 

• Severity: Critical | CVSS Score: 9.8 
• Exploitability: Exploitation Detected 
• Description: This vulnerability stems from the improper handling of optional components in Windows 10 (version 1507) through the Windows Update servicing stack. It allows for remote code execution, potentially reintroducing vulnerabilities previously mitigated in these components. Exploitation has been detected in the wild, making it essential to apply the September 2024 Servicing Stack Update (SSU KB5043936) and the Windows security update (KB5043083). 

CVE-2024-38014: Windows Installer Elevation of Privilege Vulnerability 

• Severity: Important | CVSS Score: 7.8 
• Exploitability: Exploitation Detected 
• Description: This zero-day vulnerability allows attackers to gain SYSTEM-level privileges through the Windows Installer. Exploitation has been observed in attacks, though details remain scarce. This makes it a high-priority patch for organizations, as elevation of privilege vulnerabilities can enable lateral movement across compromised networks. 

CVE-2024-38217: Windows Mark of the Web (MOTW) Security Feature Bypass 

• Severity: Important | CVSS Score: 5.4 
• Exploitability: Exploited in the Wild 
• Description: Exploited since 2018, this MOTW vulnerability allows specially crafted files to bypass critical security warnings, such as SmartScreen. Attackers can trick users into executing malicious files, making this an essential patch for preventing further exploitation. 

CVE-2024-38018: Microsoft SharePoint Server Remote Code Execution 

• Severity: Critical | CVSS Score: 8.8 
• Exploitability: Exploitation More Likely 
• Description: This RCE vulnerability in Microsoft SharePoint Server allows attackers with sufficient permissions to execute arbitrary code. Given SharePoint’s central role in collaboration, addressing this vulnerability is vital to protect against potential compromise. 

Other Noteworthy Vulnerabilities 

Several SQL Server vulnerabilities (CVE-2024-26186, CVE-2024-37338, and others) were also addressed, with CVSS scores reaching up to 8.8. Though rated as important, they could lead to remote code execution or sensitive data exposure if left unpatched. 

Stay Protected 

With vulnerabilities spanning Windows, SharePoint, SQL Server, and more, it’s critical to prioritize these updates. By staying up to date with patches, you can safeguard your systems from potential exploits. Learn how Application Manager and Application Workspace can streamline your patching process to reduce the risk of missed updates and improve security across your IT environment. 

For a comprehensive overview of September’s Patch Tuesday updates, visit Microsoft’s release notes here. 

Stay vigilant and keep your systems protected.