Patch Tuesday Update - September 2024

By Mieng Lim

Fortra VM will include the Microsoft Patch Tuesday checks in the NIRV 4.50.0 and FVM Agent 2.11 releases.

  • Microsoft addressed 79 vulnerabilities in this release, including 7 rated as Critical and 23 Remote Code Execution vulnerabilities.
  • This release also includes fixes for four vulnerabilities that have been exploited in the wild.
    • CVE-2024-38217 and CVE-2024-38226 are Security Feature Bypass vulnerabilities and CVE-2024-38014 is an Elevation of Privilege vulnerability.
    • Microsoft Windows Update Remote Code Execution Vulnerability (CVE-2024-43491)
      • This vulnerability only affects Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB. It resulted in some previously installed security updates, related to Optional Components, to be rolled back. According to Microsoft, there is no known exploitation of CVE-2024-43491, but there is for some of the CVEs included in previous security updates that were rolled back as a result of this vulnerability.
CVE/Advisory Title Tag Microsoft Severity Rating Base Score Microsoft Impact Exploited Publicly Disclosed
CVE-2024-37338 Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability SQL Server Important 8.8 Remote Code Execution No No
CVE-2024-37966 Microsoft SQL Server Native Scoring Information Disclosure Vulnerability SQL Server Important 7.1 Information Disclosure No No
CVE-2024-37335 Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability SQL Server Important 8.8 Remote Code Execution No No
CVE-2024-37340 Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability SQL Server Important 8.8 Remote Code Execution No No
CVE-2024-37339 Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability SQL Server Important 8.8 Remote Code Execution No No
CVE-2024-37337 Microsoft SQL Server Native Scoring Information Disclosure Vulnerability SQL Server Important 7.1 Information Disclosure No No
CVE-2024-37342 Microsoft SQL Server Native Scoring Information Disclosure Vulnerability SQL Server Important 7.1 Information Disclosure No No
CVE-2024-26186 Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability SQL Server Important 8.8 Remote Code Execution No No
CVE-2024-26191 Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability SQL Server Important 8.8 Remote Code Execution No No
CVE-2024-38018 Microsoft SharePoint Server Remote Code Execution Vulnerability Microsoft Office SharePoint Critical 8.8 Remote Code Execution No No
CVE-2024-38216 Azure Stack Hub Elevation of Privilege Vulnerability Azure Stack Critical 8.2 Elevation of Privilege No No
CVE-2024-38220 Azure Stack Hub Elevation of Privilege Vulnerability Azure Stack Critical 9 Elevation of Privilege No No
CVE-2024-38188 Azure Network Watcher VM Agent Elevation of Privilege Vulnerability Azure Network Watcher Important 7.1 Elevation of Privilege No No
CVE-2024-38230 Windows Standards-Based Storage Management Service Denial of Service Vulnerability Windows Standards-Based Storage Management Service Important 6.5 Denial of Service No No
CVE-2024-38236 DHCP Server Service Denial of Service Vulnerability Windows DHCP Server Important 7.5 Denial of Service No No
CVE-2024-38240 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Windows Remote Access Connection Manager Important 8.1 Elevation of Privilege No No
CVE-2024-38241 Kernel Streaming Service Driver Elevation of Privilege Vulnerability Microsoft Streaming Service Important 7.8 Elevation of Privilege No No
CVE-2024-38242 Kernel Streaming Service Driver Elevation of Privilege Vulnerability Microsoft Streaming Service Important 7.8 Elevation of Privilege No No
CVE-2024-38249 Windows Graphics Component Elevation of Privilege Vulnerability Microsoft Graphics Component Important 7.8 Elevation of Privilege No No
CVE-2024-38250 Windows Graphics Component Elevation of Privilege Vulnerability Microsoft Graphics Component Important 7.8 Elevation of Privilege No No
CVE-2024-38252 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability Windows Win32K - ICOMP Important 7.8 Elevation of Privilege No No
CVE-2024-38253 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability Windows Win32K - ICOMP Important 7.8 Elevation of Privilege No No
CVE-2024-38254 Windows Authentication Information Disclosure Vulnerability Windows Authentication Methods Important 5.5 Information Disclosure No No
CVE-2024-38256 Windows Kernel-Mode Driver Information Disclosure Vulnerability Windows Kernel-Mode Drivers Important 5.5 Information Disclosure No No
CVE-2024-43463 Microsoft Office Visio Remote Code Execution Vulnerability Microsoft Office Visio Important 7.8 Remote Code Execution No No
CVE-2024-43464 Microsoft SharePoint Server Remote Code Execution Vulnerability Microsoft Office SharePoint Critical 7.2 Remote Code Execution No No
CVE-2024-43467 Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability Windows Remote Desktop Licensing Service Important 7.5 Remote Code Execution No No
CVE-2024-43474 Microsoft SQL Server Information Disclosure Vulnerability SQL Server Important 7.6 Information Disclosure No No
CVE-2024-43482 Microsoft Outlook for iOS Information Disclosure Vulnerability Microsoft Outlook for iOS Important 6.5 Information Disclosure No No
CVE-2024-43492 Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability Microsoft AutoUpdate (MAU) Important 7.8 Elevation of Privilege No No
CVE-2024-43465 Microsoft Excel Elevation of Privilege Vulnerability Microsoft Office Excel Important 7.8 Elevation of Privilege No No
CVE-2024-37965 Microsoft SQL Server Elevation of Privilege Vulnerability SQL Server Important 8.8 Elevation of Privilege No No
CVE-2024-37341 Microsoft SQL Server Elevation of Privilege Vulnerability SQL Server Important 8.8 Elevation of Privilege No No
CVE-2024-38014 Windows Installer Elevation of Privilege Vulnerability Windows Installer Important 7.8 Elevation of Privilege Yes No
CVE-2024-38046 PowerShell Elevation of Privilege Vulnerability Windows PowerShell Important 7.8 Elevation of Privilege No No
CVE-2024-38217 Windows Mark of the Web Security Feature Bypass Vulnerability Windows Mark of the Web (MOTW) Important 5.4 Security Feature Bypass Yes Yes
CVE-2024-38225 Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability Dynamics Business Central Important 8.8 Elevation of Privilege No No
CVE-2024-38226 Microsoft Publisher Security Feature Bypass Vulnerability Microsoft Office Publisher Important 7.3 Security Feature Bypass Yes No
CVE-2024-38227 Microsoft SharePoint Server Remote Code Execution Vulnerability Microsoft Office SharePoint Important 7.2 Remote Code Execution No No
CVE-2024-38228 Microsoft SharePoint Server Remote Code Execution Vulnerability Microsoft Office SharePoint Important 7.2 Remote Code Execution No No
CVE-2024-38231 Windows Remote Desktop Licensing Service Denial of Service Vulnerability Windows Remote Desktop Licensing Service Important 6.5 Denial of Service No No
CVE-2024-38232 Windows Networking Denial of Service Vulnerability Windows Network Virtualization Important 7.5 Denial of Service No No
CVE-2024-38233 Windows Networking Denial of Service Vulnerability Windows Network Virtualization Important 7.5 Denial of Service No No
CVE-2024-38234 Windows Networking Denial of Service Vulnerability Windows Network Virtualization Important 6.5 Denial of Service No No
CVE-2024-38235 Windows Hyper-V Denial of Service Vulnerability Role: Windows Hyper-V Important 6.5 Denial of Service No No
CVE-2024-38237 Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability Microsoft Streaming Service Important 7.8 Elevation of Privilege No No
CVE-2024-38238 Kernel Streaming Service Driver Elevation of Privilege Vulnerability Microsoft Streaming Service Important 7.8 Elevation of Privilege No No
CVE-2024-38239 Windows Kerberos Elevation of Privilege Vulnerability Windows Kerberos Important 7.2 Elevation of Privilege No No
CVE-2024-38243 Kernel Streaming Service Driver Elevation of Privilege Vulnerability Microsoft Streaming Service Important 7.8 Elevation of Privilege No No
CVE-2024-38244 Kernel Streaming Service Driver Elevation of Privilege Vulnerability Microsoft Streaming Service Important 7.8 Elevation of Privilege No No
CVE-2024-38245 Kernel Streaming Service Driver Elevation of Privilege Vulnerability Microsoft Streaming Service Important 7.8 Elevation of Privilege No No
CVE-2024-38246 Win32k Elevation of Privilege Vulnerability Windows Win32K - GRFX Important 7 Elevation of Privilege No No
CVE-2024-38247 Windows Graphics Component Elevation of Privilege Vulnerability Microsoft Graphics Component Important 7.8 Elevation of Privilege No No
CVE-2024-38248 Windows Storage Elevation of Privilege Vulnerability Windows Storage Important 7 Elevation of Privilege No No
CVE-2024-38257 Microsoft AllJoyn API Information Disclosure Vulnerability Windows AllJoyn API Important 7.5 Information Disclosure No No
CVE-2024-38258 Windows Remote Desktop Licensing Service Information Disclosure Vulnerability Windows Remote Desktop Licensing Service Important 6.5 Information Disclosure No No
CVE-2024-38259 Microsoft Management Console Remote Code Execution Vulnerability Microsoft Management Console Important 8.8 Remote Code Execution No No
CVE-2024-38260 Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability Windows Remote Desktop Licensing Service Important 8.8 Remote Code Execution No No
CVE-2024-38263 Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability Windows Remote Desktop Licensing Service Important 7.5 Remote Code Execution No No
CVE-2024-21416 Windows TCP/IP Remote Code Execution Vulnerability Windows TCP/IP Important 8.1 Remote Code Execution No No
CVE-2024-38045 Windows TCP/IP Remote Code Execution Vulnerability Windows TCP/IP Important 8.1 Remote Code Execution No No
CVE-2024-38119 Windows Network Address Translation (NAT) Remote Code Execution Vulnerability Windows Network Address Translation (NAT) Critical 7.5 Remote Code Execution No No
CVE-2024-43454 Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability Windows Remote Desktop Licensing Service Important 7.1 Remote Code Execution No No
CVE-2024-43455 Windows Remote Desktop Licensing Service Spoofing Vulnerability Windows Remote Desktop Licensing Service Important 8.8 Spoofing No No
CVE-2024-43457 Windows Setup and Deployment Elevation of Privilege Vulnerability Windows Setup and Deployment Important 7.8 Elevation of Privilege No No
CVE-2024-43458 Windows Networking Information Disclosure Vulnerability Windows Network Virtualization Important 7.7 Information Disclosure No No
CVE-2024-43461 Windows MSHTML Platform Spoofing Vulnerability Windows MSHTML Platform Important 8.8 Spoofing No No
CVE-2024-43466 Microsoft SharePoint Server Denial of Service Vulnerability Microsoft Office SharePoint Important 6.5 Denial of Service No No
CVE-2024-43469 Azure CycleCloud Remote Code Execution Vulnerability Azure CycleCloud Important 8.8 Remote Code Execution No No
CVE-2024-43470 Azure Network Watcher VM Agent Elevation of Privilege Vulnerability Azure Network Watcher Important 7.3 Elevation of Privilege No No
CVE-2024-43475 Microsoft Windows Admin Center Information Disclosure Vulnerability Windows Admin Center Important 7.3 Information Disclosure No No
CVE-2024-43476 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Microsoft Dynamics 365 (on-premises) Important 7.6 Spoofing No No
CVE-2024-43479 Microsoft Power Automate Desktop Remote Code Execution Vulnerability Power Automate Important 8.5 Remote Code Execution No No
CVE-2024-30073 Windows Security Zone Mapping Security Feature Bypass Vulnerability Windows Security Zone Mapping Important 7.8 Security Feature Bypass No No
CVE-2024-43487 Windows Mark of the Web Security Feature Bypass Vulnerability Windows Mark of the Web (MOTW) Moderate 6.5 Security Feature Bypass No No
CVE-2024-43491 Microsoft Windows Update Remote Code Execution Vulnerability Windows Update Critical 9.8 Remote Code Execution Yes No
CVE-2024-43495 Windows libarchive Remote Code Execution Vulnerability Windows Libarchive Important 7.3 Remote Code Execution No No
CVE-2024-38194 Azure Web Apps Elevation of Privilege Vulnerability Azure Web Apps Critical 8.4 Elevation of Privilege No No
CVE-2024-37980 Microsoft SQL Server Elevation of Privilege Vulnerability SQL Server Important 8.8 Elevation of Privilege No No

Quickly Find and Fix Your Most At-Risk Weaknesses

Watch this demo to see how Fortra VM can help.

WATCH THE VIDEO

Share This