Security Guidance

Microsoft Patch Tuesday: September 2024

September 12, 2024

Microsoft Patch Tuesday: September 2024

September’s Patch Tuesday instalment patches 79 vulnerabilities, a decrease from the 91 in August. This month sees 7 critical vulnerabilities along with 1 publicly disclosed and 4 exploited in the wild patched.

CVE-2024-43491: Microsoft Windows Update Remote Code Execution Vulnerability

A critical vulnerability within Windows Update has been exploited in the wild. Microsoft has stated that it was aware of a vulnerability in Servicing Stack that has rolled back the fixes for some vulnerabilities affecting Optional Components on Windows 10, version 150. This means that an attacker could exploit these previously mitigated vulnerabilities on Windows 10, version 1507 (Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB) systems that have installed the Windows security update released on March 12, 2024—KB5035858 (OS Build 10240.20526) or other updates released until August 2024. All later versions of Windows 10 are not impacted by this vulnerability.

CVE-2024-43464: Microsoft SharePoint Server Remote Code Execution Vulnerability

A second critical vulnerability in SharePoint Server could allow an authenticated attacker with Site Owner permissions or higher to upload a specially crafted file to a targeted SharePoint Server and craft specialized API requests to trigger the deserialization of the file's parameters. This would enable the attacker to perform remote code execution in the context of the SharePoint Server.

CVE-2024-38018: Microsoft SharePoint Server Remote Code Execution Vulnerability

In a network-based attack, a critical vulnerability in SharePoint Server could result in remote code execution if the attacker gained a minimum of Site Member permissions. No further information about this vulnerability has been released and there is no evidence of this being used in active attacks.

CVE-2024-38216 & CVE-2024-38220: Azure Stack Hub Elevation of Privilege Vulnerabilities

Two critical vulnerabilities in Azure Stack Hub could result in remote code execution. An authenticated attacker who successfully exploited this vulnerability could gain unauthorized access to system resources, potentially allowing them to perform actions with the same privileges as the compromised process. This could lead to further system compromise and unauthorized actions within the network or other tenants’ applications and content.

CVE-2024-38119: Windows Network Address Translation (NAT) Remote Code Execution Vulnerability

Network Address Translation (NAT) permits one public IP address to be shared between multiple devices or private networks. The only information released about this vulnerability is that an attacker would first need to gain access to the restricted target network before attempting to exploit this vulnerability and will then be required to win a race condition.

CVE-2024-38194: Azure Web Apps Elevation of Privilege Vulnerability

Azure Web Apps is a cloud computing platform used to host web applications written in various programming languages including .NET, Java, Node. js, Python, and PHP along with providing automatic scaling, load balancing, and high availability. Microsoft reported that an authenticated attacker could exploit an improper authorization vulnerability in Azure Web Apps to elevate privileges over a network and facilitate further malicious actions.

For a full list of this month’s updates please see the links below:

Patch Tuesday release notes: https://msrc.microsoft.com/update-guide/releaseNote/2024-Sep

Security update guide: https://msrc.microsoft.com/update-guide/

Author

Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.

Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.

Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.

SUBSCRIBE

Ironshare is a provider of Information and Cyber Security services.

we went with; wizard pi