Microsoft has released its September 2024 patch update, addressing 79 vulnerabilities across its products, including seven critical and 71 high-severity flaws. The company has also resolved four actively exploited zero-day vulnerabilities.
The National Cyber Security Monitoring Center, under the Authority of Information Security, assessed that these vulnerabilities could have a high and severe impact. Attackers can exploit them to perform illegal actions, leading to potential information security risks and affecting the information systems of agencies, organizations, and businesses.
The vulnerabilities affect multiple Microsoft products, including Microsoft Office and Components, Windows Hyper-V, Windows DHCP Server, Microsoft Streaming Service, Microsoft Management Console, Windows MSHTML Platform, and Microsoft Dynamics 365 (on-premise).
This month’s release particularly highlights high-impact and severe vulnerabilities. The National Cyber Security Monitoring Center has identified 13 critical and high-severity security flaws that agencies, organizations, and businesses nationwide should pay close attention to.
Specifically, there are eight security flaws that allow remote code execution, including:
– CVE-2024-43491 in Microsoft Windows Update
– Four flaws in Microsoft SharePoint Server: CVE-2024-38018, CVE-2024-38227, CVE-2024-38228, and CVE-2024-43464
– Two flaws in Windows TCP/IP: CVE-2024-21416 and CVE-2024-38045
– CVE-2024-43463 in Microsoft Office Visio
CVE-2024-43491, CVE-2024-38018, CVE-2024-38227, CVE-2024-38228, and CVE-2024-43464 are critical vulnerabilities. CVE-2024-43491 affects Windows 10, while the SharePoint Server flaws affect Microsoft SharePoint Server 2019, Microsoft SharePoint Enterprise Server 2016, and Microsoft SharePoint Server Subscription Edition.
Additionally, there are five other high-severity and critical flaws in Microsoft products that deserve attention:
– CVE-2024-43461 in Windows MSHTML Platform, which allows spoofing attacks
– CVE-2024-38014 in Windows Installer, enabling privilege escalation
– Two flaws in Windows Mark of the Web (CVE-2024-38217 and CVE-2024-43487) and CVE-2024-38226 in Microsoft Publisher, which allow for protection mechanism bypass
The impact of these vulnerabilities is far-reaching, affecting Windows 10, Windows 11, and multiple versions of Windows Server.
Notably, five of these flaws are currently being exploited in the wild: CVE-2024-43491, CVE-2024-38014, CVE-2024-43463, CVE-2024-38226, and CVE-2024-38217 and CVE-2024-43487.
To ensure the safety and security of their systems, the National Cyber Security Monitoring Center recommends that organizations and businesses nationwide study the advised security flaws, review their information security networks, and implement the necessary patches as guided by Microsoft.
Experts also advise organizations to enhance their monitoring efforts and be prepared to respond to any signs of network attacks. Staying updated with alerts from relevant authorities and major information security organizations is crucial for the timely detection of potential network attack risks.
Finally, organizations should inspect their systems, particularly those running the Windows operating system, to identify any potential vulnerabilities. The best remedy is to apply the security patches provided by Microsoft to address these issues comprehensively.
Urgent Action Required: Apple Warns iPhone Users
According to Cnet, iPhone users should do this ASAP.
