Third Party Patching
September 2024 Third-Party Patches
Topics: Third Party Patching
In September 2024, Application Workspace (formerly Liquit) Setup Store addressed 79 unique vulnerabilities through released updates, enhancing security across 30 different applications. This number includes multiple major versions for certain applications. For example, Foxit PDF Editor released updates for versions 12, 13, Pro 12, Pro 13, and 2024. There were 35 total updates, meaning that some applications were updated multiple times during the last month.
Notable Vulnerabilities in September 2024 Third-Party Patches
Docker remediated two critical vulnerabilities with a severity rating of 9.8 CVSS. The first one, CVE-2024-8695, allows remote code execution (RCE) via crafted extension descriptions or changelogs, which could be exploited by a malicious extension. The second, CVE-2024-8696, also allows RCE via crafted extension publisher URLs or additional URLs, posing a similar threat. More information can be found in Docker’s release notes.
Datadog released a critical update for Datadog Agent, addressing the vulnerability CVE-2024-41110 with a CVSS rating of 9.9. This vulnerability is in a dependency they use, The Moby Project by Docker. Interestingly, the vulnerability was fixed twice: first in release 7.55.3 in August and then in release 7.57.0 in September. This issue was originally published in July 2024 and was included in our August review.
Microsoft released a remediation for a zero-day vulnerability, CVE-2024-38226, affecting Microsoft Publisher. This vulnerability allows an attacker with authenticated access to bypass Microsoft Office macros that block untrusted and malicious files. The issue is resolved in version 16.0.17928.20156. More details can be found in the corresponding MSRC article.
The latest Notepad++ release, version 8.7, addresses the vulnerability CVE-2014-9456. More information about this vulnerability can be found in its GitHub issue.
Browser Security Updates in September 2024
September saw significant updates to major web browsers:
- Google Chrome was updated four times, fixing a total of 16 vulnerabilities.
- Microsoft Edge released patches for 29 vulnerabilities across three updates.
- Brave Browser was updated once, addressing two vulnerabilities.
Microsoft Product Updates Included in September 2024 Third-Party Patches
In addition to Edge, Microsoft released updates for the following product families:
- Microsoft .NET SDK 8.0
- Microsoft 365 Apps
- Microsoft Edge Beta
- Microsoft Edge for Business
- Microsoft Edge Webview2 Runtime
- Microsoft Power Automate for Desktop
- Microsoft Visual Studio 2017 Community
- Microsoft Visual Studio 2017 Enterprise
- Microsoft Visual Studio 2017 Professional
- Microsoft Visual Studio 2019 Community
- Microsoft Visual Studio 2019 Enterprise
- Microsoft Visual Studio 2019 Professional
- Microsoft Visual Studio 2022 Community
- Microsoft Visual Studio 2022 Enterprise
- Microsoft Visual Studio 2022 Professional
- Microsoft Visual Studio Feedback Client 2017
- Microsoft Visual Studio Team Explorer 2017
- Microsoft Visual Studio Team Explorer 2019
- Microsoft Visual Studio Team Explorer 2022
Detailed List of September 2024 Third-Party Patches
For a complete list of applications, versions, and the number of remediated vulnerabilities, see the table below generated using Setup Store data.
| Product | Release version | Vulnerabilities remediated |
| Adobe Acrobat DC | 24.003.20112 | 2 |
| Adobe Acrobat DC Pro and Standard 2020 Classic Track | 20.005.30680 | 2 |
| Adobe Acrobat Reader 2020 MUI – Classic Track | 20.005.30680 | 2 |
| Adobe Acrobat Reader DC | 24.003.20112 | 2 |
| Adobe Acrobat Reader DC – Multilingual (MUI) | 24.003.20112 | 2 |
| Adobe Reader DC | 24.003.20112 | 2 |
| Brave Browser | 1.69.162 | 2 |
| Cisco Systems | 1.04.01 | 2 |
| Datadog Agent | 7.57.00 | 1 |
| Docker Desktop | 4.34.2.167172 | 2 |
| Notepad++ | 8.07.00 | 1 |
| pgAdmin 4 | 8.12.00 | 1 |
| ESET Server Security 10 | 10.0.12017.0 | 1 |
| Foxit PDF Editor 12 | 12.1.8.15703 | 21 |
| Foxit PDF Editor 13 | 13.1.4.23147 | 17 |
| Foxit PDF Editor 2024 | 2024.3.0.26795 | 17 |
| Foxit PDF Editor 2024 | 2024.3.0.65538 | 4 |
| Foxit PDF Editor Pro 12 | 12.1.8.15703 | 21 |
| Foxit PDF Editor Pro 13 | 13.1.4.23147 | 17 |
| Foxit PDF Reader | 2024.3.0.26795 | 17 |
| Ghostscript | 00/01/1900 | 6 |
| Google Chrome for Business | 128.0.6613.120 | 2 |
| Google Chrome for Business | 128.0.6613.138 | 4 |
| Google Chrome for Business | 129.0.6668.59 | 6 |
| Google Chrome for Business | 129.0.6668.71 | 4 |
| Google Go Programming Language 1.22 | 1.22.07 | 4 |
| Microsoft .NET SDK 8.0 | 8.4.224.46701 | 2 |
| Microsoft 365 Apps | 2408 (Build 16.0.17928.20156) | 4 |
| Microsoft 365 Apps | 2407 (Build 16.0.17830.20210) | 4 |
| Microsoft 365 Apps | 2402 (Build 16.0.17328.20588) | 4 |
| Microsoft Edge Beta | 129.0.2792.52 | 21 |
| Microsoft Edge for Business | 128.0.2739.79 | 4 |
| Microsoft Edge for Business | 129.0.2792.52 | 21 |
| Microsoft Edge for Business | 129.0.2792.65 | 4 |
Conclusion: September 2024 Third-Party Patches
Maintaining the security and performance of your IT environment hinges on timely third-party patching. The September 2024 updates addressed significant vulnerabilities across various applications, underscoring the importance of staying vigilant. By prioritizing these patches, you help safeguard your systems against potential exploits and ensure continued operational stability.
To deepen your understanding of third-party patching and its impact on your security posture, explore our eBook Reduce Your Attack Footprint. Additionally, don’t miss our analysis of the October 2024 Microsoft Patch Tuesday here.
