Security News Microsoft September 2024 Patch Tuesday fixes 4 zero-days, 79 flaws

Gandalf_The_Grey

Gandalf_The_Grey

Level 82
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,189
Content source
https://www.bleepingcomputer.com/news/microsoft/microsoft-september-2024-patch-tuesday-fixes-4-zero-days-79-flaws/
Today is Microsoft's September 2024 Patch Tuesday, which includes security updates for 79 flaws, including four actively exploited and one publicly disclosed zero-days.

This Patch Tuesday fixed seven critical vulnerabilities, which were either remote code execution or elevation of privileges flaws.

The number of bugs in each vulnerability category is listed below:
  • 30 Elevation of Privilege Vulnerabilities
  • 4 Security Feature Bypass Vulnerabilities
  • 23 Remote Code Execution Vulnerabilities
  • 11 Information Disclosure Vulnerabilities
  • 8 Denial of Service Vulnerabilities
  • 3 Spoofing Vulnerabilities
To learn more about the non-security updates released today, you can review our dedicated articles on the new Windows 11 KB5043076 cumulative update and Windows 10 KB5043064 update.
Click to expand...
www.bleepingcomputer.com

Microsoft September 2024 Patch Tuesday fixes 4 zero-days, 79 flaws

Today is Microsoft's September 2024 Patch Tuesday, which includes security updates for 79 flaws, including four actively exploited and one publicly disclosed zero-days.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
  • +Reputation
Reactions: harlan4096, silversurfer, Back3 and 1 other person
Gandalf_The_Grey

Gandalf_The_Grey

Level 82
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,189
The September 2024 Security Update Review
We’ve reached September and the pumpkin spice floats in the air. While they aren’t pumpkin-spiced, Microsoft and Adobe have released their latest spicy security patches – including some zesty 0-days. Take a break from your regular activities and join us as we review the details of their latest security alerts. If you’d rather watch the full video recap covering the entire release, you can check out the Patch Report webcast on our YouTube channel. It should be posted within a couple of hours after the release.
Click to expand...
Adobe Patches for September 2024

For September, Adobe released eight bulletins covering 28 CVEs in Adobe Acrobat and Reader, ColdFusion, Photoshop, Media Encoder, Audition, After Effects, Premier Pro, and Illustrator. A total of seven of these bugs came through the ZDI program. If you’re prioritizing, I would look at the ColdFusion patch first. It corrects a single code execution bug rated at CVSS 9.8. It’s unusual to see patches for Acrobat and Reader in back-to-back months, but I guess these two Critical-rated bugs were late for last month’s release. The fix for Photoshop fixes five CVEs, four of which are rated Critical. The Illustrator patch fixes six bugs, with four of those being Critical code execution bugs

The update for Premier Pro fixes one Critical and one Moderate bug. The fix for After Effects covers five bugs, including two from ZDI researcher Mat Powell. He’s also responsible for the Critical-rated bug in Audition. The final patch from Adobe covers five bugs in Media Encoder, two of which are rated Critical.

None of the bugs fixed by Adobe this month are listed as publicly known or under active attack at the time of release. Adobe categorizes these updates as a deployment priority rating of 3.
Click to expand...
Microsoft Patches for September 2024

This month, Microsoft released 79 new CVEs in Windows and Windows Components; Office and Office Components; Azure; Dynamics Business Central; SQL Server; Windows Hyper-V; Mark of the Web (MOTW); and the Remote Desktop Licensing Service. Four of these vulnerabilities were reported through the ZDI program.

Of the patches being released today, seven are rated Critical, 71 are rated Important, and one is rated Moderate in severity. The size of this release tracks with the volume we saw from Redmond last month, but again, it’s unusual to see such a high number of bugs under active attack.

One of these CVEs is listed as publicly known, and four others are listed as under active attack at the time of release. However, we at the ZDI think that number should be five. More on that later. Let’s take a closer look at some of the more interesting updates for this month, starting with the vulnerabilities currently being exploited
Click to expand...
Looking Ahead

The next Patch Tuesday of 2024 will be on October 8, and I’ll return with details and spooky patch analysis then. Until then, stay safe, happy patching, and may all your reboots be smooth and clean!
Click to expand...
www.zerodayinitiative.com

Zero Day Initiative — The September 2024 Security Update Review

We’ve reached September and the pumpkin spice floats in the air. While they aren’t pumpkin-spiced, Microsoft and Adobe have released their latest spicy security patches – including some zesty 0-days. Take a break from your regular activities and join us as we review the details of their latest secur
www.zerodayinitiative.com www.zerodayinitiative.com
 
  • Hundred Points
  • +Reputation
  • Like
Reactions: harlan4096, Azure and silversurfer
Gandalf_The_Grey

Gandalf_The_Grey

Level 82
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,189
Microsoft releases the September 2024 security updates for Windows
You may download the following Excel spreadsheet to get a list of released updates. Click on the following link to download the archive to the local device: Windows Security Updates September 2024

Executive Summary
  • Microsoft released a total of 79 security updates for various Microsoft products and 12 security updates from non-Microsoft issues (e.g. Chromium).
  • Windows clients with issues are: Windows 10, Windows 10 version 1607, Windows 11 version 21H2. 22H2, 23H2 and 24H2.
  • Windows Server clients with issues: Windows Server 2008 and Windows Server 2016.
  • Windows 11, version 22H2 will reach end of support next month for Home and Pro editions.
Click to expand...
www.ghacks.net

Microsoft releases the September 2024 security updates for Windows - gHacks Tech News

Microsoft released security updates for all supported versions of its Windows operating system and other company products on the September 24 patch day.
www.ghacks.net
 
  • Like
Reactions: harlan4096, silversurfer, oldschool and 1 other person

Similar threads

Gandalf_The_Grey
    • Like
    • +Reputation
    • Applause
Security News Microsoft July 2024 Patch Tuesday fixes 142 flaws, 4 zero-days
Replies
2
Views
3,089
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Like
    • +Reputation
Security News Microsoft August 2024 Patch Tuesday fixes 9 zero-days, 6 exploited
Replies
3
Views
2,159
Security News
Brahman
Brahman
Gandalf_The_Grey
    • Like
    • +Reputation
Security News Microsoft May 2024 Patch Tuesday fixes 3 zero-days, 61 flaws
Replies
2
Views
2,299
Security News
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top