Microsoft Publishes Critical Updates - 20240911001¶
Overview¶
CISA has added four known exploited Microsoft product vulnerabilities to the Catalog based on the evidence of active exploitation. Additionally, there is one vulnerability included within the Monthy Update release with a severity rating of 'Critical'.
What is vulnerable?¶
Known Exploited items:¶
| Vulnerability | CVE | CVSS | Severity |
|---|---|---|---|
| Windows Installer Elevation of Privilege Vulnerability | CVE-2024-38014 | 7.8 | High |
| Windows Mark of the Web Security Feature Bypass Vulnerability | CVE-2024-38217 | 5.4 | Medium |
| Microsoft Publisher Security Feature Bypass Vulnerability | CVE-2024-38226 | 7.3 | High |
| Windows Servicing Stack Rollback | CVE-2024-43491 | 9.8 | Critical |
Additional Critical items included in the Monthly Update release:¶
| Vulnerability | CVE | CVSS | Severity |
|---|---|---|---|
| Azure Stack Hub Elevation of Privilege Vulnerability | CVE-2024-38220 | 9.0 | Critical |
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of 48 hours... (refer Patch Management):
- Microsoft August 2024 Security Updates full release notes: https://msrc.microsoft.com/update-guide/releaseNote/2024-Sep