aiwithwords logo

Microsoft Fixes Four Zero-Day Vulnerabilities in September Updates

Meta Llama
Microsoft Fixes Four Zero-Day Vulnerabilities in September Updates

Microsoft Fixes Four Zero-Day Vulnerabilities in September Updates

Every second Tuesday of the month, Microsoft releases a bundle of fixes for Windows. This Tuesday brings four zero-day vulnerabilities, two high-criticality vulnerabilities, and some sister patches from Adobe.

Understanding Patch Tuesday

Patch Tuesday, which Microsoft calls “Update Tuesday,” is a time when other large software companies like Adobe release major security fixes. It’s a time to launch updates across corporate networks, and it occurs during mid-morning Pacific Standard Time to keep admins and users from having to scramble at the beginning of the week or the following day.

Zero-Day Vulnerabilities Fixed

The four vulnerabilities attackers have already taken advantage of are:

  • CVE-2024-43491: a flaw in Servicing Stack in Windows 10, version 1507 that opens up Optional Components to vulnerabilities previously thought to be mitigated. Later versions of Windows 10 are not affected.
  • CVE-2024-38226: a bypass vulnerability in Microsoft Publisher.
  • CVE-2024-38217: a technique by which an attacker could evade Mark of the Web security alerts.
  • CVE-2024-38014: a vulnerability that creates improper privilege management and could grant attackers unwanted privileges.

Additional Fixes and Recommendations

In total, fixes for 79 flaws were deployed in September’s Update Tuesday. Adobe also released its own handful of fixes for various products. It’s essential for admins to ensure their Microsoft security updates are up to date to prevent potential attacks.

Related Security Articles

My Thoughts

Microsoft Fixes Four Zero-Day Vulnerabilities in September Updates – A Cause for Relief

As the second Tuesday of the month just passed, Microsoft released a bundle of fixes for Windows, tackling four zero-day vulnerabilities and several high-criticality vulnerabilities. It’s a welcome move by the tech giant, as these vulnerabilities were already being exploited by attackers.

The four zero-day vulnerabilities that were addressed include:

  • CVE-2024-43491: a flaw in Servicing Stack in Windows 10, version 1507, that made Optional Components vulnerable to previously mitigated threats.
  • CVE-2024-38226: a bypass vulnerability in Microsoft Publisher.
  • CVE-2024-38217: a technique that allowed attackers to evade Mark of the Web security alerts.
  • CVE-2024-38014: a vulnerability that created improper privilege management and could grant attackers unwanted privileges.
  • It’s reassuring to see Microsoft taking proactive steps to address these vulnerabilities and protect its users. The September updates also included fixes for 75 additional flaws, ensuring that users receive comprehensive protection against various cyber threats.

      leave a reply

      Leave a Reply

      Your email address will not be published. Required fields are marked *