[Zero-day] Microsoft's September 2024 Patch Tuesday fixes 4 zero-day vulnerabilities

[Zero-day] Microsoft's September 2024 Patch Tuesday fixes 4 zero-day vulnerabilities

Hello folks,

This is to notify you that zero-day vulnerabilities have been fixed in this month's Patch Tuesday. Below, you can find the CVE and Patch ID details.

Vulnerable Component
Impact
CVE ID
Windows Mark of the Web (MOTW)
Security feature bypass
CVE-2024-38217
Microsoft Publisher
Security feature bypass
CVE-2024-38226
Windows Installer
Elevation of privilege
CVE-2024-38014
Microsoft Windows Update
Remote Code Execution Vulnerability  
CVE-2024-43491

These patches can be deployed to your endpoints seamlessly, using one of the following methods:

Note: Kindly ensure that a Vulnerability DB sync has been initiated and completed successfully before proceeding.

Method 1:

a. On the console, navigate to Patches > Missing Patches and create a filter.

b. The criterion for the filter should be: CVE ID - equal - <CVE ID of the respective vulnerability>.

c. Once done, the missing patches in your network, corresponding to the particular CVE ID will be listed below.


Method 2:

a. Navigate to Patches > Top-Priority Patches.

b. Select the required patches via the Patch ID.

c. Click on Install/Publish Patches to deploy them.


Here is a list of the patch IDs corresponding to the vulnerabilities:

CVE-2024-38217 and CVE-2024-38014

Patch IDBulletin IDDescription
39634MS24-SEP22024-09 Security Only Quality Update for Windows Server 2008 R2 for x64-based Systems (KB5043092) (ESU) (CVE-2024-38217) (CVE-2024-38014)
39635MS24-SEP22024-09 Security Only Quality Update for Windows Server 2008 for x64-based Systems (KB5043087) (ESU) (CVE-2024-38217) (CVE-2024-38014)
39636MS24-SEP22024-09 Security Only Quality Update for Windows Server 2008 for x86-based Systems (KB5043087) (ESU) (CVE-2024-38217) (CVE-2024-38014)
39637MS24-SEP32024-09 Cumulative Update for Windows 11 Version 22H2 for x64-based Systems (KB5043076) (CVE-2024-38217) (CVE-2024-38014)
39640MS24-SEP32024-09 Cumulative Update for Windows 11 Version 23H2 for x64-based Systems (KB5043076) (CVE-2024-38217) (CVE-2024-38014)
39641MS24-SEP32024-09 Cumulative Update for Windows 10 Version 22H2 for x86-based Systems (KB5043064) (CVE-2024-38217) (CVE-2024-38014)
39642MS24-SEP32024-09 Cumulative Update for Windows 10 Version 22H2 for x64-based Systems (KB5043064) (CVE-2024-38217) (CVE-2024-38014)
39643MS24-SEP32024-09 Cumulative Update for Windows 10 Version 21H2 for x86-based Systems (KB5043064) (CVE-2024-38217) (CVE-2024-38014)
39644MS24-SEP32024-09 Cumulative Update for Windows 10 Version 21H2 for x64-based Systems (KB5043064) (CVE-2024-38217) (CVE-2024-38014)
39646MS24-SEP32024-09 Cumulative Update for Windows 11 for x64-based Systems (KB5043067) (CVE-2024-38217) (CVE-2024-38014)
39647MS24-SEP32024-09 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5042881) (CVE-2024-38217) (CVE-2024-38014)
39648MS24-SEP32024-09 Cumulative Update for Windows Server 2019 for x64-based Systems (KB5043050) (CVE-2024-38217) (CVE-2024-38014)
39649MS24-SEP32024-09 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB5043050) (CVE-2024-38217) (CVE-2024-38014)
39650MS24-SEP32024-09 Cumulative Update for Windows 10 Version 1809 for x86-based Systems (KB5043050) (CVE-2024-38217) (CVE-2024-38014)
39651MS24-SEP32024-09 Cumulative Update for Windows Server 2016 for x64-based Systems (KB5043051) (CVE-2024-38217) (CVE-2024-38014)
39652MS24-SEP32024-09 Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB5043051) (CVE-2024-38217) (CVE-2024-38014)
39653MS24-SEP32024-09 Cumulative Update for Windows 10 Version 1607 for x86-based Systems (KB5043051) (CVE-2024-38217) (CVE-2024-38014)
39654MS24-SEP32024-09 Cumulative Update for Windows 10 Version 1507 for x64-based Systems (KB5043083) (CVE-2024-43491) (CVE-2024-38217) (CVE-2024-38014)
39655MS24-SEP32024-09 Cumulative Update for Windows 10 Version 1507 for x86-based Systems (KB5043083) (CVE-2024-38217) (CVE-2024-38014) (CVE-2024-43491)
39656MS24-SEP62024-09 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems (KB5043129) (ESU) (CVE-2024-38217) (CVE-2024-38014)
39657MS24-SEP62024-09 Security Monthly Quality Rollup for Windows Server 2008 for x86-based Systems (KB5043135) (ESU) (CVE-2024-38217) (CVE-2024-38014)
39658MS24-SEP62024-09 Security Monthly Quality Rollup for Windows Server 2008 for x64-based Systems (KB5043135) (ESU) (CVE-2024-38217) (CVE-2024-38014)
39659MS24-SEP62024-09 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems (KB5043138) (ESU) (CVE-2024-38217) (CVE-2024-38014)
39660MS24-SEP62024-09 Security Monthly Quality Rollup for Windows Server 2012 for x64-based Systems (KB5043125) (ESU) (CVE-2024-38217) (CVE-2024-38014)

CVE-2024-43491

Patch IDBulletin IDDescription
39654MS24-SEP32024-09 Cumulative Update for Windows 10 Version 1507 for x64-based Systems (KB5043083) (CVE-2024-43491) (CVE-2024-38217) (CVE-2024-38014)
39655MS24-SEP32024-09 Cumulative Update for Windows 10 Version 1507 for x86-based Systems (KB5043083) (CVE-2024-38217) (CVE-2024-38014) (CVE-2024-43491)

CVE-2024-38226

Patch IDBulletin IDDescription
39682MS24-SEP7Security Update for Microsoft Publisher 2016 (KB5002566) 64-Bit Edition
39683MS24-SEP7Security Update for Microsoft Publisher 2016 (KB5002566) 32-Bit Edition
39690MS21-O365CUpdate for Microsoft 365 Apps for Business Current Channel for x64 2408 of version (17928.20156)
39692MS21-O365CUpdate for Microsoft 365 Apps for Business Current Channel for x86 2408 of version (17928.20156)
39694MS21-O365CUpdate for Microsoft 365 Apps for Enterprise Current Channel for x64 2408 of version (17928.20156)
39696MS21-O365CUpdate for Microsoft 365 Apps for Enterprise Current Channel for x86 2408 of version (17928.20156)
39698MS21-O365MUpdate for Microsoft 365 Apps for Monthly Enterprise Channel for x64 2407 of version (17830.20210)
39700MS21-O365MUpdate for Microsoft 365 Apps for Monthly Enterprise Channel for x86 version 2407 (17830.20210)
39702MS21-O365MUpdate for Microsoft 365 Apps for Business Monthly Enterprise Channel for x64 2407 of version (17830.20210)
39704MS21-O365MUpdate for Microsoft 365 Apps for Business Monthly Enterprise Channel for x86 version 2407 (17830.20210)
39706MS21-O365SUpdate for Microsoft 365 Apps for Business Semi Annual Channel for x64 2402 of version (17328.20588)
39708MS21-O365SUpdate for Microsoft 365 Apps for Business Semi Annual Channel for x86 2402 of version (17328.20588)
39710MS21-O365SUpdate for Microsoft 365 Apps for Enterprise Semi Annual Channel for x64 2402 of version (17328.20588)
39712MS21-O365SUpdate for Microsoft 365 Apps for Enterprise Semi Annual Channel for x86 2402 of version (17328.20588)
39714MS21-O365SPUpdate for Microsoft 365 Apps for Enterprise Semi Annual Preview Channel for x64 2408 of version (17928.20156)
39716MS21-O365SPUpdate for Microsoft 365 Apps for Enterprise Semi Annual Preview Channel for x86 2408 of version (17928.20156)
39718MS21-O2019VUpdate for Office 2019 for x64 1808 of volume version (10414.20002)
39720MS21-O2019VUpdate for Office 2019 for x86 1808 of volume version (10414.20002)
39722MS21-O2019RUpdate for Office 2019 for x64 2408 Retail Version (17928.20156)
39724MS21-O2019RUpdate for Office 2019 for x86 2408 Retail Version (17928.20156)
39726MS21-O2021VUpdate for Office 2021 for x64 2108 of volume version (14332.20771)
39728MS21-O2021VUpdate for Office 2021 for x86 2108 of volume version (14332.20771)
39730MS21-O2021RUpdate for Office 2021 for x64 2408 of Retail Version (17928.20156)
39732MS21-O2021RUpdate for Office 2021 for x86 2408 of Retail Version (17928.20156)
39734MS24-O2016HUpdate for Office 2016 for x86 2408 Retail Version (17928.20156)
39736MS24-O2016HUpdate for Office 2016 for x64 2408 Retail Version (17928.20156)

Cheers,
The ManageEngine Team

                  New to ADSelfService Plus?