Microsoft on Tuesday disclosed that three new safety flaws impacting the Home windows platform have come beneath lively exploitation as a part of its Patch Tuesday replace for September 2024.
The month-to-month safety launch addresses a complete of 79 vulnerabilities, of which seven are rated Crucial, 71 are rated Vital, and one is rated Reasonable in severity. That is except for 26 flaws that the tech large resolved in its Chromium-based Edge browser since final month’s Patch Tuesday launch.
The three vulnerabilities which were weaponized in a malicious context are listed under, alongside a bug that Microsoft is treating as exploited –
- CVE-2024-38014 (CVSS rating: 7.8) – Home windows Installer Elevation of Privilege Vulnerability
- CVE-2024-38217 (CVSS rating: 5.4) – Home windows Mark-of-the-Internet (MotW) Safety Characteristic Bypass Vulnerability
- CVE-2024-38226 (CVSS rating: 7.3) – Microsoft Writer Safety Characteristic Bypass Vulnerability
- CVE-2024-43491 (CVSS rating: 9.8) – Microsoft Home windows Replace Distant Code Execution Vulnerability
“Exploitation of both CVE-2024-38226 and CVE-2024-38217 can lead to the bypass of important security features that block Microsoft Office macros from running,” Satnam Narang, senior workers analysis engineer at Tenable, stated in an announcement.
“In both cases, the target needs to be convinced to open a specially crafted file from an attacker-controlled server. Where they differ is that an attacker would need to be authenticated to the system and have local access to it to exploit CVE-2024-38226.”
As disclosed by Elastic Safety Labs final month, CVE-2024-38217 – additionally known as LNK Stomping – is alleged to have been abused within the wild way back to February 2018.
CVE-2024-43491, then again, is notable for the truth that it is just like the downgrade assault that cybersecurity firm SafeBreach detailed early final month.
“Microsoft is aware of a vulnerability in Servicing Stack that has rolled back the fixes for some vulnerabilities affecting Optional Components on Windows 10, version 1507 (initial version released July 2015),” Redmond famous.
“This means that an attacker could exploit these previously mitigated vulnerabilities on Windows 10, version 1507 (Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB) systems that have installed the Windows security update released on March 12, 2024 — KB5035858 (OS Build 10240.20526) or other updates released until August 2024.”
The Home windows maker additional stated it may be resolved by putting in the September 2024 Servicing stack replace (SSU KB5043936) and the September 2024 Home windows safety replace (KB5043083), in that order.
It is also price mentioning that Microsoft’s “Exploitation Detected” evaluation for CVE-2024-43491 stems from the rollback of fixes that addressed vulnerabilities impacting some Elective Elements for Home windows 10 (model 1507) which were beforehand exploited.
“No exploitation of CVE-2024-43491 itself has been detected,” the corporate stated. “In addition, the Windows product team at Microsoft discovered this issue, and we have seen no evidence that it is publicly known.”
Software program Patches from Different Distributors
Along with Microsoft, safety updates have additionally been launched by different distributors over the previous few weeks to rectify a number of vulnerabilities, together with —
- Adobe
- Arm
- Bosch
- Broadcom (together with VMware)
- Cisco
- Citrix
- CODESYS
- D-Hyperlink
- Dell
- Drupal
- F5
- Fortinet
- Fortra
- GitLab
- Google Android and Pixel
- Google Chrome
- Google Cloud
- Google Put on OS
- Hitachi Vitality
- HP
- HP Enterprise (together with Aruba Networks)
- IBM
- Intel
- Ivanti
- Lenovo
- Linux distributions Amazon Linux, Debian, Oracle Linux, Pink Hat, Rocky Linux, SUSE, and Ubuntu
- MediaTek
- Mitsubishi Electrical
- MongoDB
- Mozilla Firefox, Firefox ESR, Focus and Thunderbird
- NVIDIA
- ownCloud
- Palo Alto Networks
- Progress Software program
- QNAP
- Qualcomm
- Rockwell Automation
- Samsung
- SAP
- Schneider Electrical
- Siemens
- SolarWinds
- SonicWall
- Spring Framework
- Synology
- Veeam
- Zimbra
- Zoho ManageEngine ServiceDesk Plus, SupportCenter Plus, and ServiceDesk Plus MSP
- Zoom, and
- Zyxel