September 2024 Patch Tuesday: 10 Critical Vulnerabilities Amid 86 CVEs
Published on Sep 10, 2024 • Last updated on Nov 15, 2024
September 2024 Risk Analysis
Critical Vulnerabilities
CVE-2024-43461
Windows MSHTML Platform Spoofing Vulnerability
Exploit
A critical spoofing vulnerability in the Windows MSHTML Platform allows attackers to execute network-based attacks through user interaction, potentially misrepresenting critical UI information and compromising system security. The vulnerability has been actively exploited in conjunction with another MSHTML Platform vulnerability as part of an attack chain, enabling unauthorized access to sensitive data and system manipulation. Given its confirmed exploitation in the wild and its presence in the CISA Known Exploited Vulnerabilities catalog, this vulnerability poses an immediate threat to organizations using affected Windows systems.
CVE-2024-38217
Windows Mark of the Web Security Feature Bypass Vulnerability
Exploit
A Windows Mark of the Web (MotW) security feature bypass vulnerability allows attackers to craft malicious files that evade security protections when downloaded from the internet, circumventing SmartScreen Application Reputation checks and Windows Attachment Services security prompts. The attack requires user interaction and network access, potentially enabling malicious files to execute without proper security warnings or restrictions typically applied to files from untrusted sources. This vulnerability is particularly concerning as it is being actively exploited in the wild, potentially exposing systems to unauthorized code execution and compromise of system security controls.
CVE-2024-38018
Microsoft SharePoint Server Remote Code Execution Vulnerability
Exploit
A critical remote code execution vulnerability in Microsoft SharePoint Server allows authenticated attackers with Site Member permissions to execute arbitrary code via network-based attacks, requiring no user interaction and minimal complexity. The flaw stems from insecure deserialization of untrusted data, enabling attackers to compromise system confidentiality, integrity, and availability through unauthorized code execution with the privileges of the compromised account. Given the widespread deployment of SharePoint in enterprise environments and the relatively low barrier to exploitation, this vulnerability represents a significant risk to organizational security.
CVE-2024-43491
<p>Microsoft is aware of a vulnerability in Servicing Stack that has rolled back the fixes for some vulnerabilities affecting Optional Components on Windows 10, version 1507 (initial version released July 2015). This means that an attacker could exploit these previously mitigated vulnerabilities on Windows 10, version 1507 (Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB) systems that have installed the Windows security update released on March 12, 2024—KB5035858 (OS Build 10240.20526) or other updates released until August 2024. All later versions of Windows 10 are not impacted by this vulnerability.</p> <p>This servicing stack vulnerability is addressed by installing the September 2024 Servicing stack update (SSU KB5043936) AND the September 2024 Windows security update (KB5043083), in that order.</p> <p>Note: Windows 10, version 1507 reached the end of support (EOS) on May 9, 2017 for devices running the Pro, Home, Enterprise, Education, and Enterprise IoT editions. Only <a href="https://learn.microsoft.com/en-us/lifecycle/products/windows-10-2015-ltsb">Windows 10 Enterprise 2015 LTSB</a> and <a href="https://learn.microsoft.com/en-us/lifecycle/products/windows-10-iot-enterprise-ltsb-2015">Windows 10 IoT Enterprise 2015 LTSB</a> editions are still under support.</p>
Exploit
A critical vulnerability in the Windows Servicing Stack has caused the rollback of previously implemented security fixes for Optional Components in Windows 10 version 1507, effectively reintroducing multiple patched vulnerabilities that were known to be exploited. The flaw, triggered by build version numbers crossing a specific range, causes Optional Components to be reverted to their RTM versions, potentially exposing affected systems to remote code execution with no user interaction required. This vulnerability is particularly concerning as it affects systems running Windows 10 Enterprise 2015 LTSB and IoT Enterprise 2015 LTSB editions with specific Optional Components enabled, potentially leaving these systems exposed to previously mitigated security threats.
CVE-2024-26191
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
A remote code execution vulnerability in Microsoft SQL Server's Native Scoring feature allows authenticated attackers with low privileges to execute arbitrary code by leveraging pre-trained models within the database environment. The critical nature of this vulnerability stems from its network-based attack vector and low attack complexity, potentially enabling attackers to gain unauthorized access to sensitive data, modify database contents, and disrupt database services across affected SQL Server versions. Given the high impact on confidentiality, integrity, and availability, combined with the widespread deployment of SQL Server in enterprise environments, this vulnerability represents a significant risk to organizational data security.
CVE-2024-38220
Azure Stack Hub Elevation of Privilege Vulnerability
A recently identified elevation of privilege vulnerability in Azure Stack Hub enables authenticated attackers with low privileges to gain unauthorized system access by exploiting a flaw that requires user interaction to initiate a connection. The vulnerability's scope-changing nature allows attackers to interact with other tenant's applications and content, potentially compromising confidentiality, integrity, and availability across the entire Azure Stack Hub environment. This cross-tenant impact combined with low attack complexity makes this a critical security issue that could lead to significant unauthorized actions within affected networks.
CVE-2024-38226
Microsoft Publisher Security Feature Bypass Vulnerability
Exploit
This security feature bypass vulnerability in Microsoft Publisher enables authenticated attackers to circumvent Office macro policies designed to block untrusted or malicious files through a local attack vector requiring user interaction. The vulnerability allows attackers with low privileges to potentially compromise system confidentiality, integrity, and availability by convincing users to open specially crafted files. Given that this vulnerability is being actively exploited in the wild and could lead to unauthorized access to sensitive data and system modification, immediate attention is warranted.
CVE-2024-37335
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
A remote code execution vulnerability in Microsoft SQL Server Native Scoring allows authenticated attackers with low privileges to leverage SQL Server's model application capabilities to execute arbitrary code without moving data out of the database. The vulnerability's exploitation can lead to complete compromise of affected SQL Server instances, potentially resulting in unauthorized access to sensitive data, modification of database contents, and service disruption, making it particularly dangerous for organizations utilizing SQL Server's machine learning features. Swift remediation is critical as this vulnerability requires minimal complexity to exploit and does not need user interaction.
CVE-2024-26186
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
A remote code execution vulnerability in Microsoft SQL Server Native Scoring allows authenticated attackers with low privileges to execute arbitrary code through network-based attacks without requiring user interaction. The flaw poses significant risk as successful exploitation could lead to unauthorized data access, data manipulation, and service disruption across affected SQL Server instances, with potential for lateral movement if the compromised server has network connections to other systems. Given the critical nature of SQL databases in enterprise environments and the relatively low barrier to exploitation, this vulnerability represents a serious threat to data security and business operations.
CVE-2024-38014
Windows Installer Elevation of Privilege Vulnerability
Exploit
A local privilege escalation vulnerability in the Windows Installer component allows attackers with low-level access to gain SYSTEM privileges without requiring user interaction. This high-severity vulnerability, which is being actively exploited in the wild, affects multiple Windows versions and enables unauthorized access to sensitive information, system file modification, and potential service disruption. Given its active exploitation status and inclusion in CISA's Known Exploited Vulnerabilities catalog, this threat represents a significant risk to system security if left unpatched.
All vulnerabilities
CVE ID | CVSS Score | Product | Trend | Exploit |
|---|---|---|---|---|
CVE-2024-43496Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | CVSS 6.5 | edge | - | |
CVE-2024-43495Windows libarchive Remote Code Execution Vulnerability | CVSS 7.3 | windows | - | |
CVE-2024-43492Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability | CVSS 7.8 | autoupdate | Sep 12, 2024 | |
CVE-2024-43491<p>Microsoft is aware of a vulnerability in Servicing Stack that has rolled back the fixes for some vulnerabilities affecting Optional Components on Windows 10, version 1507 (initial version released July 2015). This means that an attacker could exploit these previously mitigated vulnerabilities on Windows 10, version 1507 (Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB) systems that have installed the Windows security update released on March 12, 2024—KB5035858 (OS Build 10240.20526) or other updates released until August 2024. All later versions of Windows 10 are not impacted by this vulnerability.</p>
<p>This servicing stack vulnerability is addressed by installing the September 2024 Servicing stack update (SSU KB5043936) AND the September 2024 Windows security update (KB5043083), in that order.</p>
<p>Note: Windows 10, version 1507 reached the end of support (EOS) on May 9, 2017 for devices running the Pro, Home, Enterprise, Education, and Enterprise IoT editions. Only <a href="https://learn.microsoft.com/en-us/lifecycle/products/windows-10-2015-ltsb">Windows 10 Enterprise 2015 LTSB</a> and <a href="https://learn.microsoft.com/en-us/lifecycle/products/windows-10-iot-enterprise-ltsb-2015">Windows 10 IoT Enterprise 2015 LTSB</a> editions are still under support.</p>
| CVSS 9.8 | windows_10 | Sep 10, 2024 | |
CVE-2024-43489Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | CVSS 6.5 | edge | - | |
CVE-2024-43487Windows Mark of the Web Security Feature Bypass Vulnerability | CVSS 6.5 | windows | - | |
CVE-2024-43482Microsoft Outlook for iOS Information Disclosure Vulnerability | CVSS 6.5 | outlook | - | |
CVE-2024-43479Microsoft Power Automate Desktop Remote Code Execution Vulnerability | CVSS 8.5 | power_automate | - | |
CVE-2024-43476Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | CVSS 7.6 | dynamics_365 | - | |
CVE-2024-43475Microsoft Windows Admin Center Information Disclosure Vulnerability | CVSS 7.3 | windows_admin_center | - | |
CVE-2024-43474Microsoft SQL Server Information Disclosure Vulnerability | CVSS 7.6 | sql_server | - | |
CVE-2024-43470Azure Network Watcher VM Agent Elevation of Privilege Vulnerability | CVSS 7.3 | azure_network_watcher | - | |
CVE-2024-43469Azure CycleCloud Remote Code Execution Vulnerability | CVSS 8.8 | azure_cyclecloud | - | |
CVE-2024-43467Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | CVSS 7.5 | windows | - | |
CVE-2024-43466Microsoft SharePoint Server Denial of Service Vulnerability | CVSS 6.5 | sharepoint_server | - | |
CVE-2024-43465Microsoft Excel Elevation of Privilege Vulnerability | CVSS 7.8 | 365_apps | - | |
CVE-2024-43464Microsoft SharePoint Server Remote Code Execution Vulnerability | CVSS 7.2 | sharepoint_server | Sep 11, 2024 | |
CVE-2024-43463Microsoft Office Visio Remote Code Execution Vulnerability | CVSS 7.8 | 365_apps | - | |
CVE-2024-43461Windows MSHTML Platform Spoofing Vulnerability | CVSS 8.8 | windows | Sep 10, 2024 | |
CVE-2024-43460<p>Improper authorization in Dynamics 365 Business Central resulted in a vulnerability that allows an authenticated attacker to elevate privileges over a network.</p>
| CVSS 8.1 | Dynamics 365 Business Central | - | |
CVE-2024-43458Windows Networking Information Disclosure Vulnerability | CVSS 7.7 | windows_10_1607 | - | |
CVE-2024-43457Windows Setup and Deployment Elevation of Privilege Vulnerability | CVSS 7.8 | windows_11 | - | |
CVE-2024-43455Windows Remote Desktop Licensing Service Spoofing Vulnerability | CVSS 8.8 | webex_network_recording_player | - | |
CVE-2024-43454Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | CVSS 7.1 | windows_server_2008 | - | |
CVE-2024-38263Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | CVSS 7.5 | windows_server_2008 | - | |
CVE-2024-38260Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | CVSS 8.8 | server | - | |
CVE-2024-38259Microsoft Management Console Remote Code Execution Vulnerability | CVSS 8.8 | remote | Oct 9, 2024 | |
CVE-2024-38258Windows Remote Desktop Licensing Service Information Disclosure Vulnerability | CVSS 6.5 | windows | - | |
CVE-2024-38257An information disclosure vulnerability exists in the AllJoyn Router Service in Microsoft Windows 10 version 10.0.19041.4170 and prior. During the initiation of an ARDP session, the service can send a reset packet that includes information from the address space of the process. An attacker can send an unauthenticated packet to trigger this vulnerability. | CVSS 7.5 | windows_10_1607 | - | |
CVE-2024-38256Windows Kernel-Mode Driver Information Disclosure Vulnerability | CVSS 5.5 | windows | - | |
CVE-2024-38254Windows Authentication Information Disclosure Vulnerability | CVSS 5.5 | Windows | - | |
CVE-2024-38253Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | CVSS 7.8 | Windows | - | |
CVE-2024-38252Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | CVSS 7.8 | Windows | - | |
CVE-2024-38250Windows Graphics Component Elevation of Privilege Vulnerability | CVSS 7.8 | office | - | |
CVE-2024-38249Windows Graphics Component Elevation of Privilege Vulnerability | CVSS 7.8 | windows | - | |
CVE-2024-38248Windows Storage Elevation of Privilege Vulnerability | CVSS 7 | windows | - | |
CVE-2024-38247Windows Graphics Component Elevation of Privilege Vulnerability | CVSS 7.8 | windows | - | |
CVE-2024-38246Win32k Elevation of Privilege Vulnerability | CVSS 7 | windows | - | |
CVE-2024-38245Kernel Streaming Service Driver Elevation of Privilege Vulnerability | CVSS 7.8 | windows | - | |
CVE-2024-38244Kernel Streaming Service Driver Elevation of Privilege Vulnerability | CVSS 7.8 | windows | - | |
CVE-2024-38243Kernel Streaming Service Driver Elevation of Privilege Vulnerability | CVSS 7.8 | windows | - | |
CVE-2024-38242Kernel Streaming Service Driver Elevation of Privilege Vulnerability | CVSS 7.8 | windows | - | |
CVE-2024-38241Kernel Streaming Service Driver Elevation of Privilege Vulnerability | CVSS 7.8 | windows | - | |
CVE-2024-38240Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | CVSS 8.1 | windows | - | |
CVE-2024-38239Windows Kerberos Elevation of Privilege Vulnerability | CVSS 7.2 | windows | - | |
CVE-2024-38238Kernel Streaming Service Driver Elevation of Privilege Vulnerability | CVSS 7.8 | windows | - | |
CVE-2024-38237Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | CVSS 7.8 | windows | - | |
CVE-2024-38236DHCP Server Service Denial of Service Vulnerability | CVSS 7.5 | dhcp | - | |
CVE-2024-38235Windows Hyper-V Denial of Service Vulnerability | CVSS 6.5 | windows | - | |
CVE-2024-38234Windows Networking Denial of Service Vulnerability | CVSS 6.5 | windows | - | |
CVE-2024-38233Windows Networking Denial of Service Vulnerability | CVSS 7.5 | windows | - | |
CVE-2024-38232Windows Networking Denial of Service Vulnerability | CVSS 7.5 | windows | - | |
CVE-2024-38231Windows Remote Desktop Licensing Service Denial of Service Vulnerability | CVSS 6.5 | windows_server | - | |
CVE-2024-38230Windows Standards-Based Storage Management Service Denial of Service Vulnerability | CVSS 6.5 | Windows | - | |
CVE-2024-38228Microsoft SharePoint Server Remote Code Execution Vulnerability | CVSS 7.2 | sharepoint_server | - | |
CVE-2024-38227Microsoft SharePoint Server Remote Code Execution Vulnerability | CVSS 7.2 | sharepoint_server | - | |
CVE-2024-38226Microsoft Publisher Security Feature Bypass Vulnerability | CVSS 7.3 | office | Sep 10, 2024 | |
CVE-2024-38225Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability | CVSS 8.8 | dynamics_365_business_central | - | |
CVE-2024-38222Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | CVSS 6.5 | edge | - | |
CVE-2024-38221Microsoft Edge (Chromium-based) Spoofing Vulnerability | CVSS 4.3 | edge | - | |
CVE-2024-38220Azure Stack Hub Elevation of Privilege Vulnerability | CVSS 9 | azure_stack_hub | - | |
CVE-2024-38217Windows Mark of the Web Security Feature Bypass Vulnerability | CVSS 5.4 | windows | Sep 10, 2024 | |
CVE-2024-38216Azure Stack Hub Elevation of Privilege Vulnerability | CVSS 8.2 | azure_stack_hub | - | |
CVE-2024-38194<p>An authenticated attacker can exploit an improper authorization vulnerability in Azure Web Apps to elevate privileges over a network.</p>
| CVSS 8.4 | azure | - | |
CVE-2024-38188Azure Network Watcher VM Agent Elevation of Privilege Vulnerability | CVSS 7.1 | azure_network_watcher | - | |
CVE-2024-38183<p>An improper access control vulnerability in <a href="https://groupme.com/">GroupMe</a> allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link.</p>
| CVSS 8.8 | groupme | - | |
CVE-2024-38119Windows Network Address Translation (NAT) Remote Code Execution Vulnerability | CVSS 7.5 | windows | Sep 11, 2024 | |
CVE-2024-38046PowerShell Elevation of Privilege Vulnerability | CVSS 7.8 | powershell | - | |
CVE-2024-38045Windows TCP/IP Remote Code Execution Vulnerability | CVSS 8.1 | windows | - | |
CVE-2024-38018Microsoft SharePoint Server Remote Code Execution Vulnerability | CVSS 8.8 | sharepoint_server | Sep 11, 2024 | |
CVE-2024-38016Microsoft Office Visio Remote Code Execution Vulnerability | CVSS 7.8 | 365_apps | - | |
CVE-2024-38014Windows Installer Elevation of Privilege Vulnerability | CVSS 7.8 | windows | Sep 10, 2024 | |
CVE-2024-37980Microsoft SQL Server Elevation of Privilege Vulnerability | CVSS 8.8 | sql_server | - | |
CVE-2024-37966Microsoft SQL Server Native Scoring Information Disclosure Vulnerability | CVSS 7.1 | sql_server | - | |
CVE-2024-37965Microsoft SQL Server Elevation of Privilege Vulnerability | CVSS 8.8 | sql_server | - | |
CVE-2024-37342Microsoft SQL Server Native Scoring Information Disclosure Vulnerability | CVSS 7.1 | sql_2016_azure_connect_feature_pack | - | |
CVE-2024-37341Microsoft SQL Server Elevation of Privilege Vulnerability | CVSS 8.8 | sql_2016_azure_connect_feature_pack | - | |
CVE-2024-37340Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability | CVSS 8.8 | sql_2016_azure_connect_feature_pack | - | |
CVE-2024-37339Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability | CVSS 8.8 | sql_2016_azure_connect_feature_pack | - | |
CVE-2024-37338Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability | CVSS 8.8 | sql_2016_azure_connect_feature_pack | - | |
CVE-2024-37337Microsoft SQL Server Native Scoring Information Disclosure Vulnerability | CVSS 7.1 | sql_2016_azure_connect_feature_pack | - | |
CVE-2024-37335Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability | CVSS 8.8 | sql_2016_azure_connect_feature_pack | - | |
CVE-2024-30073Windows Security Zone Mapping Security Feature Bypass Vulnerability | CVSS 7.8 | windows | - | |
CVE-2024-26191Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability | CVSS 8.8 | sql_2016_azure_connect_feature_pack | - | |
CVE-2024-26186Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability | CVSS 8.8 | sql_2016_azure_connect_feature_pack | - | |
CVE-2024-21416Windows TCP/IP Remote Code Execution Vulnerability | CVSS 8.1 | windows | - |
