Webinar Library
Welcome to my September Patch Tuesday newsletter. Microsoft released updates for 107 CVE's this month. Of these 107 patches, four are zero days:
CVE-2024-43491 is exploited but has not been publicly disclosed. Of the four zero days it is the only one rated "Critical". It is a remote code execution with a CVSS score of 9.8/8.5. This is very high so I suggest you get this tested and deployed ASAP. This vulnerability allows a user to roll back vulnerabilities that have been previously updated/patched. CVE-2024-38217 is rated "Important" but it is the only one for the month that is not only exploited but also publicly disclosed. So you will want to get this updated ASAP as well. Besides CVE-2024-43491 we have 8 other critcal rated updates for the month:
So, you will definitely want to get this month's updates tested and deployed as soon as you can. It looks like the bad guys have been busy so please update soon to remediate these recent vulnerabilities.
Patch data provided by:
Technology
Products Affected
Severity
Reference
Workaround/ Exploited / Publicly Disclosed
Vulnerability Info
Windows
Windows 10, 11
Server 2008 SP2, 2008 R2 SP1, 2012, 2012 R2, 2016, 2019, 2022 including Server Core Installations
Critical
CVE-2024-21416 CVE-2024-30073 CVE-2024-38014 CVE-2024-38045 CVE-2024-38046 CVE-2024-38119 CVE-2024-38217* CVE-2024-38230 CVE-2024-38231 CVE-2024-38232 CVE-2024-38233 CVE-2024-38234 CVE-2024-38235 CVE-2024-38236 CVE-2024-38237 CVE-2024-38238 CVE-2024-38239 CVE-2024-38240 CVE-2024-38241 CVE-2024-38242 CVE-2024-38243 CVE-2024-38244 CVE-2024-38245 CVE-2024-38246 CVE-2024-38247 CVE-2024-38248 CVE-2024-38249 CVE-2024-38250 CVE-2024-38252 CVE-2024-38253 CVE-2024-38254 CVE-2024-38256 CVE-2024-38257 CVE-2024-38258 CVE-2024-38259 CVE-2024-38260 CVE-2024-38263 CVE-2024-43454 CVE-2024-43455 CVE-2024-43457 CVE-2024-43458 CVE-2024-43461 CVE-2024-43467 CVE-2024-43475 CVE-2024-43487 CVE-2024-43491 CVE-2024-43495
Denial of Service
Elevation of Privilege
Information Disclosure
Remote Code Execution Security Feature Bypass Spoofing
Edge
Chromium-based For Android
Moderate
CVE-2024-38207 CVE-2024-38208 CVE-2024-38209 CVE-2024-38210 CVE-2024-41879 CVE-2024-43472 CVE-2024-7964 CVE-2024-7965 CVE-2024-7966 CVE-2024-7967 CVE-2024-7968 CVE-2024-7969 CVE-2024-7971 CVE-2024-7972 CVE-2024-7973 CVE-2024-7974 CVE-2024-7975 CVE-2024-7976 CVE-2024-7977 CVE-2024-7978 CVE-2024-7979 CVE-2024-7980 CVE-2024-7981 CVE-2024-8033 CVE-2024-8034 CVE-2024-8035
Workaround: No Exploited: No Public: No
Elevation of Privilege Remote Code Execution Spoofing
Office
365 Apps for Enterprise AutoUpdate for Mac Office 2019, LTSC 2021 LTSC for Mac 2021 Excel/Publisher/Visio 2016 Office for Android/Universal Online Server Outlook for iOS
Important
CVE-2024-38226 CVE-2024-38250 CVE-2024-43463 CVE-2024-43465 CVE-2024-43482 CVE-2024-43492
Elevation of Privilege Information Disclosure Remote Code Execution Security Feature Bypass
SharePoint
Enterprise Server 2016 Server 2019 Server Subscription Edition
CVE-2024-38018 CVE-2024-38227 CVE-2024-38228 CVE-2024-43464 CVE-2024-43466
Denial of Service Remote Code Execution
Dynamics 365 Business Central
365 Business Central 2023 Release Wave 1 365 Business Central 2023 Release Wave 2 365 Business Central 2024 Release Wave 1 365 (on-premises) version 9.1 Power Automate for Desktop
CVE-2024-38225 CVE-2024-43476 CVE-2024-43479
SQL Server
2016 SP3 GDR 2016 SP3 Azure Connect Feature Pack 2017 CU31/GDR 2019 CU28/GDR 2022 CU14/GDR
CVE-2024-26186 CVE-2024-26191 CVE-2024-37335 CVE-2024-37337 CVE-2024-37338 CVE-2024-37339 CVE-2024-37340 CVE-2024-37341 CVE-2024-37342 CVE-2024-37965 CVE-2024-37966 CVE-2024-37980 CVE-2024-43474
Azure
CycleCloud 8.0.0 - 8.6.3 Managed Instance for Apache Cassandra Network Watcher VM Extension for Windows Stack Hub Web Apps Microsoft Entra ID
CVE-2024-38175 CVE-2024-38188 CVE-2024-38194 CVE-2024-38216 CVE-2024-38220 CVE-2024-43469 CVE-2024-43470 CVE-2024-43477
Elevation of Privilege Remote Code Execution