HomeCyber BalkansSeptember Patch Tuesday addresses four zero-day vulnerabilities

September Patch Tuesday addresses four zero-day vulnerabilities

Published on

spot_img

In the latest Patch Tuesday update from Microsoft, administrators are urged to prioritize deploying patches to fix four zero-day vulnerabilities that are currently being actively exploited. With a total of 79 new CVEs addressed, including seven critical ones, organizations relying on Windows, SQL Server, or SharePoint should ensure that they roll out the necessary fixes promptly.

The first zero-day vulnerability, CVE-2024-43491, is a critical remote-code execution flaw affecting systems running Windows 10 version 1507 with certain optional components enabled. While the impacted systems are limited to specific editions of Windows 10, it is crucial for admins to install the September 2024 Servicing Stack Update and Windows Security Update to mitigate this vulnerability effectively.

Moving on to the second zero-day, CVE-2024-38226, it is a security feature bypass vulnerability affecting Microsoft Publisher and Office products. Attackers can bypass Office macro policies to execute malicious files, emphasizing the importance of applying the necessary security updates to prevent such exploits.

The third zero-day, CVE-2024-38217, is a Windows Mark of the Web (MOTW) security feature bypass vulnerability that affects Windows desktop and server systems. This flaw, which has publicly disclosed exploit code, requires user interaction to evade MOTW protections in the Windows OS.

Lastly, the fourth zero-day, CVE-2024-38014, is a Windows Installer elevation-of-privilege vulnerability that allows attackers to gain system privileges without requiring user interaction. Admins must be vigilant in addressing this vulnerability, as threat actors can leverage it in combination with other exploits to infiltrate organizational environments.

In addition to these zero-day vulnerabilities, other notable security updates released by Microsoft in September include patches for SQL Server and Microsoft Office SharePoint. Admins handling these systems should review Microsoft’s notes carefully to avoid driver-related issues and ensure compatibility with the relevant drivers before updating the systems.

Furthermore, the ongoing mitigation process for the BlackLotus UEFI bootkit vulnerability, CVE-2023-24932, continues to pose challenges for Windows admins. While Microsoft has provided mitigations for this vulnerability, the enforcement date for making these measures permanent remains unclear, with speculations suggesting a potential enforcement phase in early 2025.

Overall, IT teams and administrators are encouraged to stay proactive in applying the latest security patches and updates to safeguard their systems against potential cyber threats. By prioritizing these critical updates, organizations can enhance their cybersecurity posture and mitigate the risks associated with known vulnerabilities in their IT infrastructure.

Source link

Latest articles

Interpol-Inspired Ransomware Attack Aims at SMBs

Ransomware Campaign Targets Small Businesses Worldwide Using Fake Interpol Emails A troubling ransomware campaign has...

The Elephants in the Tech Room

The Challenges Facing IT and Security Teams in the Age of Shadow Technology By Krishna...

Parrot 7.3 Released with New Menu System and Improved Daily Usability

Parrot 7.3 Released: A Focus on Refinement and Usability In a strategic move, the Parrot...

How Renown Health Is Transforming Its Digital ID Strategy

Renown Health Innovates Digital Identity Management with Advanced Security Measures Renown Health, a prominent not-for-profit...

More like this

Interpol-Inspired Ransomware Attack Aims at SMBs

Ransomware Campaign Targets Small Businesses Worldwide Using Fake Interpol Emails A troubling ransomware campaign has...

The Elephants in the Tech Room

The Challenges Facing IT and Security Teams in the Age of Shadow Technology By Krishna...

Parrot 7.3 Released with New Menu System and Improved Daily Usability

Parrot 7.3 Released: A Focus on Refinement and Usability In a strategic move, the Parrot...