Microsoft’s September 2024 Patch Tuesday: Critical and Exploited Vulnerabilities Patched

On 10 September 2024, Microsoft released its September security update, addressing 79 vulnerabilities. Arctic Wolf has highlighted four vulnerabilities in this bulletin that Microsoft labeled as critical or reported as actively exploited.

Vulnerabilities

Impacted Product #1: Windows

CVE-2024-43491	CVSS: 9.8 – Critical	Exploitation Detected
Microsoft Windows Update Remote Code Execution Vulnerability – This vulnerability in the Servicing Stack of Windows 10, version 1507, allows attackers to exploit previously mitigated vulnerabilities on systems that installed updates between March and August 2024. It can be resolved by installing both the September 2024 Servicing Stack and Windows security updates. The “Exploitation Detected” label means that some of the vulnerabilities previously addressed by the rolled-back fixes were known to have been exploited in the wild. However, Microsoft has not detected any direct exploitation of CVE-2024-43491 itself. Instead, the rollback re-exposed vulnerabilities in Optional Components that attackers had previously exploited before they were initially fixed.
CVE-2024-38217	CVSS: 5.4 – Medium	Exploitation Detected
Windows Mark of the Web Security Feature Bypass Vulnerability – An attacker can exploit this vulnerability by hosting a malicious file on a server they control and convincing a user to download and open it. This would bypass the Mark of the Web (MOTW) protections. This vulnerability was initially disclosed in August by a security researcher.

CVE-2024-38014	CVSS: 7.8 – High	Exploitation Detected
Windows Installer Elevation of Privilege Vulnerability – A local attacker can exploit this vulnerability to gain SYSTEM privileges.

Impacted Product #2: Microsoft Office

CVE-2024-38226	CVSS: 7.3 – High	Exploitation Detected
Microsoft Publisher Security Feature Bypass Vulnerability – An authenticated attacker could exploit this vulnerability by persuading a user to download and open a specially crafted file, bypassing security settings that restrict untrusted or harmful macros. The attack requires local access and user interaction, but the Preview Pane is not involved as an attack vector.

Recommendation

Upgrade to Latest Fixed Version

Arctic Wolf strongly recommends that customers upgrade to the latest fixed version.

Affected Product	Vulnerability	Update
Microsoft Office 2019 for 32-bit editions	CVE-2024-38226	Click to Run
Microsoft Office 2019 for 64-bit editions	CVE-2024-38226	Click to Run
Microsoft Office LTSC 2021 for 32-bit editions	CVE-2024-38226	Click to Run
Microsoft Office LTSC 2021 for 64-bit editions	CVE-2024-38226	Click to Run
Microsoft Publisher 2016 (32-bit edition)	CVE-2024-38226	5002566
Microsoft Publisher 2016 (64-bit edition)	CVE-2024-38226	5002566
Windows 10 for 32-bit Systems	CVE-2024-43491, CVE-2024-38217, CVE-2024-38014	5043083
Windows 10 for x64-based Systems	CVE-2024-43491, CVE-2024-38217, CVE-2024-38014	5043083
Windows 10 Version 1607 for 32-bit Systems	CVE-2024-38217, CVE-2024-38014	5043051
Windows 10 Version 1607 for x64-based Systems	CVE-2024-38217, CVE-2024-38014	5043051
Windows 10 Version 1809 for 32-bit Systems	CVE-2024-38217, CVE-2024-38014	5043050
Windows 10 Version 1809 for ARM64-based Systems	CVE-2024-38217, CVE-2024-38014	5043050
Windows 10 Version 1809 for x64-based Systems	CVE-2024-38217, CVE-2024-38014	5043050
Windows 10 Version 21H2 for 32-bit Systems	CVE-2024-38217, CVE-2024-38014	5043064
Windows 10 Version 21H2 for ARM64-based Systems	CVE-2024-38217, CVE-2024-38014	5043064
Windows 10 Version 21H2 for x64-based Systems	CVE-2024-38217, CVE-2024-38014	5043064
Windows 10 Version 22H2 for 32-bit Systems	CVE-2024-38217, CVE-2024-38014	5043064
Windows 10 Version 22H2 for ARM64-based Systems	CVE-2024-38217, CVE-2024-38014	5043064
Windows 10 Version 22H2 for x64-based Systems	CVE-2024-38217, CVE-2024-38014	5043064
Windows 11 version 21H2 for ARM64-based Systems	CVE-2024-38217, CVE-2024-38014	5043067
Windows 11 version 21H2 for x64-based Systems	CVE-2024-38217, CVE-2024-38014	5043067
Windows 11 Version 22H2 for ARM64-based Systems	CVE-2024-38217, CVE-2024-38014	5043076
Windows 11 Version 22H2 for x64-based Systems	CVE-2024-38217, CVE-2024-38014	5043076
Windows 11 Version 23H2 for ARM64-based Systems	CVE-2024-38217, CVE-2024-38014	5043076
Windows 11 Version 23H2 for x64-based Systems	CVE-2024-38217, CVE-2024-38014	5043076
Windows 11 Version 24H2 for ARM64-based Systems	CVE-2024-38217, CVE-2024-38014	5043080
Windows 11 Version 24H2 for x64-based Systems	CVE-2024-38217, CVE-2024-38014	5043080
Windows Server 2008 for 32-bit Systems Service Pack 2	CVE-2024-38217	5043135, 5043087
Windows Server 2008 for x64-based Systems Service Pack 2	CVE-2024-38217	5043135, 5043087
Windows Server 2008 R2 for x64-based Systems Service Pack 1	CVE-2024-38217	5043129, 5043092
Windows Server 2012	CVE-2024-38217	5043125
Windows Server 2012 R2	CVE-2024-38217	5043138
Windows Server 2016	CVE-2024-38217	5043051
Windows Server 2019	CVE-2024-38217	5043050
Windows Server 2022	CVE-2024-38217	5042881, 5042880
Windows Server 2022, 23H2 Edition	CVE-2024-38217	5043055

Please follow your organisation’s patching and testing guidelines to avoid any operational impact.

References

Microsoft Patch Tuesday (September 2024)

CVE-2024-43491

CVE-2024-38226

CVE-2024-38217

CVE-2024-38014

CVE-2024-38217 Disclosure

© 2025 Arctic Wolf Networks Inc. All Rights Reserved.
Privacy Notice	Terms of Use	Cookie Policy	Customer Portal Policy	Accessibility Statement	Sustainability Statement	Information Security	Cookies Settings

Platform

Concierge

Journey

Reduce Attack Frequency

Reduce Attack Severity

Transfer Risk

Get Started

Why Arctic Wolf

Expertise by Topic

Expertise by Industry

Resource Centre

Trending Resources

NIS2 aims to make the EU as a whole more resilient to cyber threats and strengthen cooperation between Member States on cybersecurity.

The 2024 Gartner® Market Guide for MDR Services provides a comprehensive overview of the evolving MDR landscape.

The Arctic Wolf Threat Report draws upon the first-hand experience of our security experts, augmented by research from our threat intelligence team.

Security Bulletins

Arctic Wolf Observes Exploitation of Path Traversal Vulnerability in Samsung MagicINFO 9 Server (CVE-2024-7399)

Follow-Up: SonicWall Updates Advisories for Actively Exploited Vulnerabilities

CVE-2025-31324: Maximum-Severity File Upload Vulnerability in SAP NetWeaver Exploited in the Wild

Company

Careers

Press

Microsoft’s September 2024 Patch Tuesday: Critical and Exploited Vulnerabilities Patched

Vulnerabilities

Impacted Product #1: Windows

Impacted Product #2: Microsoft Office

Recommendation

Upgrade to Latest Fixed Version

References

Popular Topics

Share this post:

What to read next

3 min read

Arctic Wolf Observes Exploitation of Path Traversal Vulnerability in Samsung MagicINFO 9 Server (CVE-2024-7399)

8 min read

Uptick in Ransomware Threat Activity Targeting Retailers in the UK

6 min read

Follow-Up: SonicWall Updates Advisories for Actively Exploited Vulnerabilities

4 min read

CVE-2025-34028: PoC Released for Critical RCE Vulnerability in Commvault Command Center

Earl Grey House 77 Grey St. 3rd Floor Newcastle upon TyneNE1 6EF UK

© 2025 Arctic Wolf Networks Inc. All Rights Reserved.

Earl Grey House
77 Grey St. 3rd Floor
Newcastle upon Tyne
NE1 6EF
UK