HomeCyber BalkansSeptember Patch Tuesday addresses four zero-day vulnerabilities

September Patch Tuesday addresses four zero-day vulnerabilities

Published on

spot_img

In the latest Patch Tuesday update from Microsoft, administrators are urged to prioritize deploying patches to fix four zero-day vulnerabilities that are currently being actively exploited. With a total of 79 new CVEs addressed, including seven critical ones, organizations relying on Windows, SQL Server, or SharePoint should ensure that they roll out the necessary fixes promptly.

The first zero-day vulnerability, CVE-2024-43491, is a critical remote-code execution flaw affecting systems running Windows 10 version 1507 with certain optional components enabled. While the impacted systems are limited to specific editions of Windows 10, it is crucial for admins to install the September 2024 Servicing Stack Update and Windows Security Update to mitigate this vulnerability effectively.

Moving on to the second zero-day, CVE-2024-38226, it is a security feature bypass vulnerability affecting Microsoft Publisher and Office products. Attackers can bypass Office macro policies to execute malicious files, emphasizing the importance of applying the necessary security updates to prevent such exploits.

The third zero-day, CVE-2024-38217, is a Windows Mark of the Web (MOTW) security feature bypass vulnerability that affects Windows desktop and server systems. This flaw, which has publicly disclosed exploit code, requires user interaction to evade MOTW protections in the Windows OS.

Lastly, the fourth zero-day, CVE-2024-38014, is a Windows Installer elevation-of-privilege vulnerability that allows attackers to gain system privileges without requiring user interaction. Admins must be vigilant in addressing this vulnerability, as threat actors can leverage it in combination with other exploits to infiltrate organizational environments.

In addition to these zero-day vulnerabilities, other notable security updates released by Microsoft in September include patches for SQL Server and Microsoft Office SharePoint. Admins handling these systems should review Microsoft’s notes carefully to avoid driver-related issues and ensure compatibility with the relevant drivers before updating the systems.

Furthermore, the ongoing mitigation process for the BlackLotus UEFI bootkit vulnerability, CVE-2023-24932, continues to pose challenges for Windows admins. While Microsoft has provided mitigations for this vulnerability, the enforcement date for making these measures permanent remains unclear, with speculations suggesting a potential enforcement phase in early 2025.

Overall, IT teams and administrators are encouraged to stay proactive in applying the latest security patches and updates to safeguard their systems against potential cyber threats. By prioritizing these critical updates, organizations can enhance their cybersecurity posture and mitigate the risks associated with known vulnerabilities in their IT infrastructure.

Source link

Latest articles

AI Bug-Finding Tools Require Human Validation

The Role of AI in Offensive Security: Balancing Speed with Human Insight In an evolving...

AWS Billing Bug Shows Trillion-Dollar Cost Estimates to Cloud Customers

Amazon Web Services Faces Major Billing Anomaly in Cost Explorer Tool Amazon Web Services (AWS)...

Scammers Exploit FaceTime for Social Engineering Tactics

Apple Warns Users About Social Engineering Scams Targeting FaceTime Apple Inc. has made a significant...

Hackers Compromise IIS Server and Launch Ransomware Attack Within 24 Hours

--- In June 2026, cybersecurity experts uncovered a coordinated and sophisticated cyber intrusion that began...

More like this

AI Bug-Finding Tools Require Human Validation

The Role of AI in Offensive Security: Balancing Speed with Human Insight In an evolving...

AWS Billing Bug Shows Trillion-Dollar Cost Estimates to Cloud Customers

Amazon Web Services Faces Major Billing Anomaly in Cost Explorer Tool Amazon Web Services (AWS)...

Scammers Exploit FaceTime for Social Engineering Tactics

Apple Warns Users About Social Engineering Scams Targeting FaceTime Apple Inc. has made a significant...