September’s Security Tuesday Patch addresses four zero-day vulnerabilities
Update for Windows and Windows Installer.
Windows Hyper-V.
Windows Kernels and Graphics (GDI).
Microsoft MSHTML and Mark of the Web.
Remote Desktop (RDP) and TCP/IP components.
Update for Windows and Windows Installer.
Windows Hyper-V.
Windows Kernels and Graphics (GDI).
Microsoft MSHTML and Mark of the Web.
Remote Desktop (RDP) and TCP/IP components.
Of particular concern is that three of these vulnerabilities (CVE-2024-38014, CVE-2024-38217, and CVE-2024-43491) have already been identified as exploited. Moreover, a known vulnerability in the Windows HTML subsystem (CVE-2024-38217) has been publicly disclosed. In light of these four zero-day vulnerabilities, we strongly advise that you prioritize the installation of these Windows updates in your immediate patch release cycle.
Microsoft Office.
Microsoft has tackled two critical vulnerabilities within the SharePoint platform (CVE-2024-38018 and CVE-2024-43464) that demand prompt attention. Additionally, there are nine other important updates affecting Microsoft Office, Publisher, and Visio. Unfortunately, CVE-2024-38226 (affecting Publisher) has been confirmed as exploited in the wild by Microsoft. If your software suite does not incorporate Publisher (as many do not), then ensure that these Microsoft updates are included in your regular patch deployment cycle.
Microsoft SQL (formerly Exchange) Server.
This month sees a notably extensive update for the Microsoft SQL Server platform with 15 critical updates in total. Although there have been no reports of public disclosures or active exploits, these patches address a wide range of vulnerabilities:
About Author
