Patch Tuesday for September

Every second Tuesday of the month, Microsoft releases patches to their applications, services, and operating systems. Typically, these patches include a myriad of security fixes and this time around, for September of 2024, 79 different vulnerabilities have been addressed including 4 zero-day vulnerabilities and 10 critical vulnerabilities.

Zero Day Vulnerabilities

1. CVE-2024-43491: This critical remote code execution vulnerability in Microsoft Windows Update affects the Servicing Stack. It can potentially roll back fixes for previously mitigated vulnerabilities on certain Windows 10 systems. This issue affects Optional Components on Windows 10 version 1507. An attacker could exploit previously mitigated vulnerabilities on this version on any system which has received the Match 2024 – August 2024 security updates. Installing the September 2024 servicing stack updates and then the Windows security update in order will remediate this vulnerability. | CVSS score: 9.8
   ‍
2. CVE-2024-38014: A Windows Installer Elevation of Privilege vulnerability. This flaw allows attackers to gain elevated privileges on the system, making it easier to execute malicious code. | CVSS score: 7.8
   ‍
3. CVE-2024-38217: A Windows Mark-of-the-Web (MotW) Security Feature Bypass vulnerability. This vulnerability allows attackers to bypass security features that block Microsoft Office macros from running, which can lead to the execution of malicious code. | CVSS score: 5.4
   ‍
4. CVE-2024-38226: A Microsoft Publisher Security Feature Bypass vulnerability. Similar to CVE-2024-38217, this flaw allows attackers to bypass security features, but it requires authenticated local access for exploitation. | CVSS score: 5.4

Remediation

Security updates have been provided by Microsoft for the vulnerabilities within this release. To check for updates, users can navigate to the Update & Security section, select Windows Update > Check for Updates. Check the updates you need, click Download and Install, and then reboot your system. For Enterprise Environments, using Windows Server Updates Services or Microsoft Endpoint Configuration Manager can be used to deploy updates across many devices. There are also update tools such as Microsoft Intune which can manage and schedule these updates. Individual knowledge base articles can be downloaded for a specific vulnerability; these are in the Microsoft Security Response Center under Security Updates.

Recommendations    

User

• Enable Automatic Updates, this will allow security fixes to be applied without manual intervention. This can be done by going to the Settings > Update & Security > Windows Update section of the Operating System.
• Back Up Data and set up System Restore Point, make sure all critical files are properly backed up into either a secure cloud service or an external media such as a USB drive. Setting up a System Restore point before installing an update will also ensure that a backup is created of that Operating System image allowing for the system to be recovered if the update introduces any issues.

Enterprise

• Test Updates - Before deploying the updates to all users ensure that they are properly tested to identify potential issues.
• Schedule Updates - Updates should be pushed to devices off-peak operating hours to ensure minimal business disruptions. These updates typically require a reboot and could disrupt meetings or work if a reboot is applied during peak hours.
• Backup Critical Systems - If any issues are discovered during deployment this will help prevent data from being compromised.
• Monitor and Review Updates - Monitor progress of updates throughout deployment and troubleshoot any issues which may arise post-update or if any issue exists which prevents the asset from becoming patched.

Associated Bulletins

September 2024 Security Updates - Release Notes - Security Update Guide - Microsoft

‍