Service Notices
Microsoft Releases September 2024 Security Updates
Sep 12, 2024 GMT+08:00
I. Overview.
Microsoft has released its September 2024 Security Updates. A total of 79 security vulnerabilities have been disclosed, among which 7 are marked as important vulnerabilities. Attackers can exploit these vulnerabilities to implement remote code execution, privilege escalation, and security feature bypass. The affected applications include Microsoft Windows, Microsoft Office, SQL Server, and Azure Stack.
For details, visit the Microsoft official website:
https://msrc.microsoft.com/update-guide/releaseNote/2024-Sep
The following vulnerabilities require close scrutiny as their details have been disclosed or they have already been exploited by attackers:
Microsoft Windows Update Remote Code Execution Vulnerability (CVE-2024-43491): 0-day vulnerability. Due to a defect in the Windows update process, attackers can exploit this vulnerability to execute remote code on the target host. This vulnerability has been exploited in the wild, and the risk is high.
Microsoft Publisher Security Feature Bypass Vulnerability (CVE-2024-38226): 0-day vulnerability. An authenticated attacker can exploit this flaw by convincing a victim to download and open a specially crafted file from a website. Successful exploitation allows the attacker to bypass the Office macro policy, which is designed to block untrusted or malicious files, and execute local attacks on the victim's computer. This vulnerability has been exploited in the wild, and the risk is high.
Windows Mark of the Web Security Feature Bypass Vulnerability (CVE-2024-38217): 0-day vulnerability. An attacker can exploit this flaw by convincing a victim to download and open a specially crafted malicious file. Successful exploitation allows the attacker to evade MOTW defenses and bypass security features. This vulnerability has been exploited in the wild, and the risk is high.
Windows Installer Elevation of Privilege Vulnerability (CVE-2024-38014): 0-day vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. This vulnerability has been exploited in the wild, and the risk is high.
19 vulnerabilities (such as CVE-2024-43461, CVE-2024-38018, and CVE-2024-43457) are marked as Exploitation More Likely. For details, see the official announcement. Please perform security self-check and security hardening in a timely manner to reduce attack risks.
II. Severity
Severity: important
(Severity: low, moderate, important, and critical)
III. Affected Products
Microsoft Windows, Microsoft Office, SQL Server and Azure Stack.
IV. Vulnerability Details
CVE ID |
Vulnerability |
Severity |
Description |
CVE-2024-38119 |
Windows Network Address Translation (NAT) Remote Code Execution Vulnerability |
Important |
An attacker who wins the race condition can exploit this vulnerability to execute remote code on the target system. |
CVE-2024-38194 |
Azure Web Apps Elevation of Privilege Vulnerability |
Important |
An authenticated attacker can exploit an improper authorization vulnerability in Azure Web Apps to elevate privileges over a network. |
CVE-2024-43491 |
Microsoft Windows Update Remote Code Execution Vulnerability |
Important |
Due to a defect in the Windows update process, attackers can exploit this vulnerability to execute remote code on the target host. |
CVE-2024-38018 CVE-2024-43464 |
Microsoft SharePoint Server Remote Code Execution Vulnerability |
Important |
An authenticated attacker with Site Owner permissions can use the vulnerability to inject arbitrary code and execute this code in the context of SharePoint Server. |
CVE-2024-38216 CVE-2024-38220 |
Azure Stack Hub Elevation of Privilege Vulnerability |
Important |
An attacker who successfully exploited this vulnerability could gain unauthorized access to system resources, potentially allowing them to perform actions with the same privileges as the compromised process. |
(Note: Vulnerabilities listed above are important ones. For more information, refer to the official website of Microsoft.)
V. Security Recommendations
1. Use Windows Update or download patches from the following address to fix the vulnerabilities:
https://msrc.microsoft.com/update-guide
2. Back up data remotely to protect your data.
Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.