Microsoft Releases Updates for 79 Vulnerabilities, Including 3 Actively Exploited Windows Vulnerabilities

AndyC 11 September 2024

September 11, 2024Ravie LakshmananWindows Security / Vulnerability

Microsoft revealed on Tuesday that three fresh security vulnerabilities affecting the Windows platform have been actively exploited as part of its September 2024 Patch Tuesday upd

Microsoft Issues Patches for 79 Flaws, Including 3 Actively Exploited Windows Flaws

September 11, 2024Ravie LakshmananWindows Security / Vulnerability

Microsoft Issues Patches for 79 Flaws, Including 3 Actively Exploited Windows Flaws

Microsoft revealed on Tuesday that three fresh security vulnerabilities affecting the Windows platform have been actively exploited as part of its September 2024 Patch Tuesday update.

The monthly security patch addresses a total of 79 vulnerabilities, consisting of seven Critical, 71 Important, and one Moderate in severity. Additionally, Microsoft cleared 26 flaws in its Edge browser based on Chromium since the previous Patch Tuesday release.

The three vulnerabilities currently exploited in a malicious manner are as follows, along with a bug treated as exploited by Microsoft –

  • CVE-2024-38014 (CVSS score: 7.8) – Windows Installer Elevation of Privilege Vulnerability
  • CVE-2024-38217 (CVSS score: 5.4) – Windows Mark-of-the-Web (MotW) Security Feature Bypass Vulnerability
  • CVE-2024-38226 (CVSS score: 7.3) – Microsoft Publisher Security Feature Bypass Vulnerability
  • CVE-2024-43491 (CVSS score: 9.8) – Microsoft Windows Update Remote Code Execution Vulnerability

“The exploitation of CVE-2024-38226 and CVE-2024-38217 can result in bypassing critical security mechanisms that prevent Microsoft Office macros from executing,” stated Satnam Narang, senior staff research engineer at Tenable.

Cybersecurity

“In both scenarios, the target must be persuaded to open a specially crafted file from a server controlled by the attacker. The difference between them lies in the fact that an attacker would require authentication and local access to exploit CVE-2024-38226.”

As revealed by Elastic Security Labs in the past month, CVE-2024-38217 – also known as LNK Stomping – has reportedly been exploited since February 2018.

CVE-2024-43491, on the other hand, is noteworthy because of its similarity to the downgrade attack disclosed by cybersecurity firm SafeBreach earlier last month details about.

“Microsoft has detected a vulnerability in the Servicing Stack that has reverted the fixes for certain vulnerabilities impacting Optional Components on Windows 10, version 1507 (original version released in July 2015),” noted Redmond.

“Consequently, an attacker could exploit these previously patched vulnerabilities on Windows 10, version 1507 (Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB) systems that have applied the Windows security update from March 12, 2024 — KB5035858 (OS Build 10240.20526) or other subsequent updates until August 2024.”

Microsoft stated that the issue can be resolved by first installing the September 2024 Servicing Stack update (SSU KB5043936) followed by the September 2024 Windows security update (KB5043083).

It should be noted that Microsoft’s “Exploitation Detected” evaluation of CVE-2024-43491 is due to the rollback of fixes addressing vulnerabilities in certain Optional Components for Windows 10 (version 1507) that have been previously exploited.

“No instances of exploitation of CVE-2024-43491 itself have been observed,” the company mentioned. “Additionally, Microsoft’s Windows product team identified this issue, and no evidence suggests that it has been publicly disclosed.”

Cybersecurity

Product Updates from Various Providers

Aside from Microsoft, other vendors have also rolled out security patches over the recent weeks to address several vulnerabilities, including —

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , ,

More Stories

WatchGuard Warns of Active Exploitation of Critical Fireware OS VPN Vulnerability

WatchGuard Warns of Active Exploitation of Critical Fireware OS VPN Vulnerability

AndyC 20 December 2025
Nigeria Arrests RaccoonO365 Phishing Developer Linked to Microsoft 365 Attacks

Nigeria Arrests RaccoonO365 Phishing Developer Linked to Microsoft 365 Attacks

AndyC 20 December 2025
New UEFI Flaw Enables Early-Boot DMA Attacks on ASRock, ASUS, GIGABYTE, MSI Motherboards

New UEFI Flaw Enables Early-Boot DMA Attacks on ASRock, ASUS, GIGABYTE, MSI Motherboards

AndyC 20 December 2025
China-Aligned Threat Group Uses Windows Group Policy to Deploy Espionage Malware

China-Aligned Threat Group Uses Windows Group Policy to Deploy Espionage Malware

AndyC 19 December 2025
HPE OneView Flaw Rated CVSS 10.0 Allows Unauthenticated Remote Code Execution

HPE OneView Flaw Rated CVSS 10.0 Allows Unauthenticated Remote Code Execution

AndyC 19 December 2025
ThreatsDay Bulletin: WhatsApp Hijacks, MCP Leaks, AI Recon, React2Shell Exploit and 15 More Stories

ThreatsDay Bulletin: WhatsApp Hijacks, MCP Leaks, AI Recon, React2Shell Exploit and 15 More Stories

AndyC 19 December 2025

You may have missed

China-linked APT UAT-9686 is targeting Cisco Secure Email Gateway and Secure Email and Web Manager

AndyC 20 December 2025
What is Spoofing and a Spoofing Attack? Types & Prevention

How should Your Business Deal with Email Impersonation Attacks in 2025?

AndyC 20 December 2025
What is Spoofing and a Spoofing Attack? Types & Prevention

Best Vulnerability Scanning Tool for 2026- Top 10 List

AndyC 20 December 2025
WatchGuard Warns of Active Exploitation of Critical Fireware OS VPN Vulnerability

WatchGuard Warns of Active Exploitation of Critical Fireware OS VPN Vulnerability

AndyC 20 December 2025
Nigeria Arrests RaccoonO365 Phishing Developer Linked to Microsoft 365 Attacks

Nigeria Arrests RaccoonO365 Phishing Developer Linked to Microsoft 365 Attacks

AndyC 20 December 2025

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.