Vulnerability Watch

Forum Discussion

scaveza's avatar
scaveza
Product Team
2 years ago

Microsoft’s September 2024 Patch Tuesday Addresses 79 CVEs (C

Microsoft’s September 2024 Patch Tuesday Addresses 79 CVEs (CVE-2024-43491)

On September 9, Microsoft released its September 2024 Patch Tuesday release which patched 79 CVEs with 7 rated as critical, 71 rated as important and one rated as moderate. Of the 79 CVEs patched this month, four were zero-day vulnerabilities, three of which were exploited in the wild.

One of the most interesting vulnerabilities this month was CVE-2024-43491, a remote code execution vulnerability in Microsoft Windows Update affecting Optional Components on Windows 10, version 1507 (Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB). This was assigned a CVSSv3 score of 9.8, a maximum severity of critical and flagged by Microsoft as exploited in-the-wild.

This vulnerability stems from how the Servicing stack handled the applicability of Optional Components as a result of a triggered code defect. This began with a security update released on March 12, 2024 - KB5035858 (OS Build 10240.20526). The affected Optional Components were flagged as “not applicable” and reverted to their Release To Manufacturing (RTM) version.

This month’s update includes patches for:

  • Azure CycleCloud
  • Azure Network Watcher
  • Azure Stack
  • Azure Web Apps
  • Dynamics Business Central
  • Microsoft AutoUpdate (MAU)
  • Microsoft Dynamics 365 (on-premises)
  • Microsoft Graphics Component
  • Microsoft Management Console
  • Microsoft Office Excel
  • Microsoft Office Publisher
  • Microsoft Office SharePoint
  • Microsoft Office Visio
  • Microsoft Outlook for iOS
  • Microsoft Streaming Service
  • Power Automate
  • Role: Windows Hyper-V
  • SQL Server
  • Windows Admin Center
  • Windows AllJoyn API
  • Windows Authentication Methods
  • Windows DHCP Server
  • Windows Installer
  • Windows Kerberos
  • Windows Kernel-Mode Drivers
  • Windows Libarchive
  • Windows MSHTML Platform
  • Windows Mark of the Web (MOTW)
  • Windows Network Address Translation (NAT)
  • Windows Network Virtualization
  • Windows PowerShell
  • Windows Remote Access Connection Manager
  • Windows Remote Desktop Licensing Service
  • Windows Security Zone Mapping
  • Windows Setup and Deployment
  • Windows Standards-Based Storage Management Service
  • Windows Storage
  • Windows TCP/IP
  • Windows Update
  • Windows Win32K - GRFX
  • Windows Win32K - ICOMP

For more information, please visit our blog.

Cyber Exposure Alerts
No RepliesBe the first to reply

Recent Discussions