Share this article

Latest news

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low

Copilot in Outlook will generate personalized themes for you to customize the app

Microsoft will raise the price of its 365 Suite to include AI capabilities

Death Stranding Director’s Cut is now Xbox X|S at a huge discount

Outlook will let users create custom account icons so they can tell their accounts apart easier

With September’s Patch Tuesday Updates Microsoft fixed 79 flaws, including 4-zero day CVEs

The Patch Tuesday updates are now out.

6 min. read

Published onSeptember 11, 2024

published onSeptember 11, 2024

Share this article

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

Microsoft has released its September 2024 Patch Tuesday updates, which fix 79 flaws, including four actively exploited and one publicly disclosed zero-day vulnerability, seven of which are critical. The vulnerabilities include Elevation of Privilege, Security Feature Bypass, Remote Code Execution, Information Disclosure, Denial of Service, and Spoofing.

The four actively exploited vulnerabilities included:

CVE-2024-38014 – Windows Installer Elevation of Privilege Vulnerability with a CVSS score of 7.8 allowed attackers to gain SYSTEM privileges on Windows systems. Microsoft has not shared any details on how it was exploited in attacks.

CVE-2024-38217 – Windows Mark of the Web Security Feature Bypass Vulnerability with a CVSS score of 7.5, publicly disclosed this flaw last month, and it is believed to have been actively exploited since 2018.

CVE-2024-38226 – Microsoft Publisher Security Feature Bypass Vulnerability with a CVSS score of 7.8, bypassing the security protections against embedded macros in downloaded documents.

CVE-2024-43491 – Microsoft Windows Update Remote Code Execution Vulnerability with a CVSS score of 7.8, which only impacts Windows 10, version 1507, which reached the end of life in 2017.

The last one also impacts Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB editions, which are still under support.

This flaw caused Optional Components, such as Active Directory Lightweight Directory Services, XPS Viewer, Internet Explorer 11, LPD Print Service, IIS, and Windows Media Player to roll back to their original RTM versions. Any previous CVE could be reintroduced into the program, which posed a huge risk of exploration.

Below is a complete list of all the CVEs that Microsoft addressed withSeptember 2024’s Patch Tuesday updates.

Have you updated your Windows device?

More about the topics:patch tuesday,Windows 11,Windows Update

Flavius Floare

Tech Journalist

Flavius is a writer and a media content producer with a particular interest in technology, gaming, media, film and storytelling.

He’s always curious and ready to take on everything new in the tech world, covering Microsoft’s products on a daily basis. The passion for gaming and hardware feeds his journalistic approach, making him a great researcher and news writer that’s always ready to bring you the bleeding edge!

User forum

0 messages

Sort by:LatestOldestMost Votes

Comment*

Name*

Email*

Commenting as.Not you?

Save information for future comments

Comment

Δ

Flavius Floare

Tech Journalist

Flavius is a writer and a media content producer with a particular interest in technology, gaming, media, film and storytelling.