Microsoft's September 2024 Patch Fixes 79 Flaws

(RTTNews) - Microsoft (MSFT) has released patch updates for September 2024, addressing a total of 79 vulnerabilities, of which seven are rated Critical, 71 are Important, and one is Moderate in severity.

The update also included actively exploited zero-day vulnerabilities, such as CVE-2024-38014 - Windows Installer Elevation of Privilege Vulnerability, CVE-2024-38217 - Windows Mark of the Web Security Feature Bypass Vulnerability, and CVE-2024-38226 - Microsoft Publisher Security Feature Bypass Vulnerability.

"Exploitation of both CVE-2024-38226 and CVE-2024-38217 can lead to the bypass of important security features that block Microsoft Office macros from running," Satnam Narang, senior staff research engineer at Tenable, said in a statement.

"In both cases, the target needs to be convinced to open a specially crafted file from an attacker-controlled server. Where they differ is that an attacker would need to be authenticated to the system and have local access to it to exploit CVE-2024-38226".

The tech company assessed 19 of the CVEs in its latest updates as vulnerabilities with a higher likelihood of exploitation. These vulnerabilities are concerning because they enable remote code execution, involve low complexity attacks, require no user interaction, and exist in widely deployed products, among other factors.