On 10 September 2024, Microsoft released its September security update, addressing 79 vulnerabilities. Arctic Wolf has highlighted four vulnerabilities in this bulletin that Microsoft labeled as critical or reported as actively exploited.
Vulnerabilities
Impacted Product #1: Windows
| CVE-2024-43491 | CVSS: 9.8 – Critical | Exploitation Detected |
Microsoft Windows Update Remote Code Execution Vulnerability – This vulnerability in the Servicing Stack of Windows 10, version 1507, allows attackers to exploit previously mitigated vulnerabilities on systems that installed updates between March and August 2024. It can be resolved by installing both the September 2024 Servicing Stack and Windows security updates.
|
||
| CVE-2024-38217 | CVSS: 5.4 – Medium | Exploitation Detected |
Windows Mark of the Web Security Feature Bypass Vulnerability – An attacker can exploit this vulnerability by hosting a malicious file on a server they control and convincing a user to download and open it. This would bypass the Mark of the Web (MOTW) protections.
|
||
| CVE-2024-38014 | CVSS: 7.8 – High | Exploitation Detected |
| Windows Installer Elevation of Privilege Vulnerability – A local attacker can exploit this vulnerability to gain SYSTEM privileges. | ||
Impacted Product #2: Microsoft Office
| CVE-2024-38226 | CVSS: 7.3 – High | Exploitation Detected |
| Microsoft Publisher Security Feature Bypass Vulnerability – An authenticated attacker could exploit this vulnerability by persuading a user to download and open a specially crafted file, bypassing security settings that restrict untrusted or harmful macros. The attack requires local access and user interaction, but the Preview Pane is not involved as an attack vector. | ||
Recommendation
Upgrade to Latest Fixed Version
Arctic Wolf strongly recommends that customers upgrade to the latest fixed version.
| Affected Product | Vulnerability | Update |
| Microsoft Office 2019 for 32-bit editions | CVE-2024-38226 | Click to Run |
| Microsoft Office 2019 for 64-bit editions | CVE-2024-38226 | Click to Run |
| Microsoft Office LTSC 2021 for 32-bit editions | CVE-2024-38226 | Click to Run |
| Microsoft Office LTSC 2021 for 64-bit editions | CVE-2024-38226 | Click to Run |
| Microsoft Publisher 2016 (32-bit edition) | CVE-2024-38226 | 5002566 |
| Microsoft Publisher 2016 (64-bit edition) | CVE-2024-38226 | 5002566 |
| Windows 10 for 32-bit Systems | CVE-2024-43491, CVE-2024-38217, CVE-2024-38014 | 5043083 |
| Windows 10 for x64-based Systems | CVE-2024-43491, CVE-2024-38217, CVE-2024-38014 | 5043083 |
| Windows 10 Version 1607 for 32-bit Systems | CVE-2024-38217, CVE-2024-38014 | 5043051 |
| Windows 10 Version 1607 for x64-based Systems | CVE-2024-38217, CVE-2024-38014 | 5043051 |
| Windows 10 Version 1809 for 32-bit Systems | CVE-2024-38217, CVE-2024-38014 | 5043050 |
| Windows 10 Version 1809 for ARM64-based Systems | CVE-2024-38217, CVE-2024-38014 | 5043050 |
| Windows 10 Version 1809 for x64-based Systems | CVE-2024-38217, CVE-2024-38014 | 5043050 |
| Windows 10 Version 21H2 for 32-bit Systems | CVE-2024-38217, CVE-2024-38014 | 5043064 |
| Windows 10 Version 21H2 for ARM64-based Systems | CVE-2024-38217, CVE-2024-38014 | 5043064 |
| Windows 10 Version 21H2 for x64-based Systems | CVE-2024-38217, CVE-2024-38014 | 5043064 |
| Windows 10 Version 22H2 for 32-bit Systems | CVE-2024-38217, CVE-2024-38014 | 5043064 |
| Windows 10 Version 22H2 for ARM64-based Systems | CVE-2024-38217, CVE-2024-38014 | 5043064 |
| Windows 10 Version 22H2 for x64-based Systems | CVE-2024-38217, CVE-2024-38014 | 5043064 |
| Windows 11 version 21H2 for ARM64-based Systems | CVE-2024-38217, CVE-2024-38014 | 5043067 |
| Windows 11 version 21H2 for x64-based Systems | CVE-2024-38217, CVE-2024-38014 | 5043067 |
| Windows 11 Version 22H2 for ARM64-based Systems | CVE-2024-38217, CVE-2024-38014 | 5043076 |
| Windows 11 Version 22H2 for x64-based Systems | CVE-2024-38217, CVE-2024-38014 | 5043076 |
| Windows 11 Version 23H2 for ARM64-based Systems | CVE-2024-38217, CVE-2024-38014 | 5043076 |
| Windows 11 Version 23H2 for x64-based Systems | CVE-2024-38217, CVE-2024-38014 | 5043076 |
| Windows 11 Version 24H2 for ARM64-based Systems | CVE-2024-38217, CVE-2024-38014 | 5043080 |
| Windows 11 Version 24H2 for x64-based Systems | CVE-2024-38217, CVE-2024-38014 | 5043080 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | CVE-2024-38217 | 5043135, 5043087 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | CVE-2024-38217 | 5043135, 5043087 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | CVE-2024-38217 | 5043129, 5043092 |
| Windows Server 2012 | CVE-2024-38217 | 5043125 |
| Windows Server 2012 R2 | CVE-2024-38217 | 5043138 |
| Windows Server 2016 | CVE-2024-38217 | 5043051 |
| Windows Server 2019 | CVE-2024-38217 | 5043050 |
| Windows Server 2022 | CVE-2024-38217 | 5042881, 5042880 |
| Windows Server 2022, 23H2 Edition | CVE-2024-38217 | 5043055 |
Please follow your organisation’s patching and testing guidelines to avoid any operational impact.
References
