In the latest Patch Tuesday update from Microsoft, administrators are urged to prioritize deploying patches to fix four zero-day vulnerabilities that are currently being actively exploited. With a total of 79 new CVEs addressed, including seven critical ones, organizations relying on Windows, SQL Server, or SharePoint should ensure that they roll out the necessary fixes promptly.
The first zero-day vulnerability, CVE-2024-43491, is a critical remote-code execution flaw affecting systems running Windows 10 version 1507 with certain optional components enabled. While the impacted systems are limited to specific editions of Windows 10, it is crucial for admins to install the September 2024 Servicing Stack Update and Windows Security Update to mitigate this vulnerability effectively.
Moving on to the second zero-day, CVE-2024-38226, it is a security feature bypass vulnerability affecting Microsoft Publisher and Office products. Attackers can bypass Office macro policies to execute malicious files, emphasizing the importance of applying the necessary security updates to prevent such exploits.
The third zero-day, CVE-2024-38217, is a Windows Mark of the Web (MOTW) security feature bypass vulnerability that affects Windows desktop and server systems. This flaw, which has publicly disclosed exploit code, requires user interaction to evade MOTW protections in the Windows OS.
Lastly, the fourth zero-day, CVE-2024-38014, is a Windows Installer elevation-of-privilege vulnerability that allows attackers to gain system privileges without requiring user interaction. Admins must be vigilant in addressing this vulnerability, as threat actors can leverage it in combination with other exploits to infiltrate organizational environments.
In addition to these zero-day vulnerabilities, other notable security updates released by Microsoft in September include patches for SQL Server and Microsoft Office SharePoint. Admins handling these systems should review Microsoft’s notes carefully to avoid driver-related issues and ensure compatibility with the relevant drivers before updating the systems.
Furthermore, the ongoing mitigation process for the BlackLotus UEFI bootkit vulnerability, CVE-2023-24932, continues to pose challenges for Windows admins. While Microsoft has provided mitigations for this vulnerability, the enforcement date for making these measures permanent remains unclear, with speculations suggesting a potential enforcement phase in early 2025.
Overall, IT teams and administrators are encouraged to stay proactive in applying the latest security patches and updates to safeguard their systems against potential cyber threats. By prioritizing these critical updates, organizations can enhance their cybersecurity posture and mitigate the risks associated with known vulnerabilities in their IT infrastructure.