Today’s VERT Alert addresses Microsoft’s September 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1123 as soon as coverage is completed.
In-The-Wild & Disclosed CVEs
Windows uses the Mark of the Web (MoTW) to identify files downloaded from the Internet. This is done by setting the NTFS Zone.Identifier alternate Data Stream (ADS). This mark is used to notify users via SmartScreen that they are about to run a potentially dangerous file. This publicly disclosed vulnerability allows malicious files to bypass SmartScreen. Microsoft has reported this vulnerability as Exploitation Detected.
A vulnerability in the Windows Installer could allow an attacker to elevate privileges and gain SYSTEM level access. Microsoft has reported this vulnerability as Exploitation Detected.
A vulnerability in Microsoft Publisher could allow attackers to bypass the Office macro policies that are used to block macros in untrusted or malicious files. Microsoft has reported this vulnerability as Exploitation Detected.
This is an interesting vulnerability that was discovered internally at Microsoft. An update released in March 2024 caused certain optional components on Windows 10 1507 to roll back to their RTM versions. The components affected includes:
- .NET Framework 4.6 Advanced Services \ ASP.NET 4.6
- Active Directory Lightweight Directory Services
- Administrative Tools
- Internet Explorer 11
- IIS\WWW Services
- LPD Print Service
- MSMQ Server Core
- MSMQ HTTP Support
- SMB 1.0/CIFS File Sharing Support
- Windows Fax and Scan
- Windows Media Player
- Work Folders Client
- XPS Viewer
It is important to note that KB5043936, the Servicing Stack Update, must be installed before KB5043083, the September Cumulative Update. Microsoft has reported this vulnerability as Exploitation Detected, however this is due to the optional component vulnerabilities that were rolled back to unpatched versions and not CVE-2024-43491.
CVE Breakdown by Tag
While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis. Vulnerabilities are also color coded to aid with identifying key issues.
- Traditional Software
- Mobile Software
- Cloud or Cloud Adjacent
- Vulnerabilities that are being exploited or that have been disclosed will be highlighted
| Tag | CVE Count | CVEs |
| SQL Server | 13 | CVE-2024-37338, CVE-2024-37966, CVE-2024-37335, CVE-2024-37340, CVE-2024-37339, CVE-2024-37337, CVE-2024-37342, CVE-2024-26186, CVE-2024-26191, CVE-2024-43474, CVE-2024-37965, CVE-2024-37341, CVE-2024-37980 |
| Microsoft Office SharePoint | 5 | CVE-2024-38018, CVE-2024-43464, CVE-2024-38227, CVE-2024-38228, CVE-2024-43466 |
| Azure Stack | 2 | CVE-2024-38216, CVE-2024-38220 |
| Azure Network Watcher | 2 | CVE-2024-38188, CVE-2024-43470 |
| Windows Standards-Based Storage Management Service | 1 | CVE-2024-38230 |
| Windows DHCP Server | 1 | CVE-2024-38236 |
| Windows Remote Access Connection Manager | 1 | CVE-2024-38240 |
| Microsoft Streaming Service | 7 | CVE-2024-38241, CVE-2024-38242, CVE-2024-38237, CVE-2024-38238, CVE-2024-38243, CVE-2024-38244, CVE-2024-38245 |
| Microsoft Graphics Component | 3 | CVE-2024-38249, CVE-2024-38250, CVE-2024-38247 |
| Windows Win32K - ICOMP | 2 | CVE-2024-38252, CVE-2024-38253 |
| Windows Authentication Methods | 1 | CVE-2024-38254 |
| Windows Kernel-Mode Drivers | 1 | CVE-2024-38256 |
| Microsoft Office Visio | 1 | CVE-2024-43463 |
| Windows Remote Desktop Licensing Service | 7 | CVE-2024-43467, CVE-2024-38231, CVE-2024-38258, CVE-2024-38260, CVE-2024-38263, CVE-2024-43454, CVE-2024-43455 |
| Microsoft Outlook for iOS | 1 | CVE-2024-43482 |
| Microsoft AutoUpdate (MAU) | 1 | CVE-2024-43492 |
| Microsoft Office Excel | 1 | CVE-2024-43465 |
| Windows Installer | 1 | CVE-2024-38014 |
| Windows PowerShell | 1 | CVE-2024-38046 |
| Windows Mark of the Web (MOTW) | 2 | CVE-2024-38217, CVE-2024-43487 |
| Dynamics Business Central | 1 | CVE-2024-38225 |
| Microsoft Office Publisher | 1 | CVE-2024-38226 |
| Windows Network Virtualization | 4 | CVE-2024-38232, CVE-2024-38233, CVE-2024-38234, CVE-2024-43458 |
| Role: Windows Hyper-V | 1 | CVE-2024-38235 |
| Windows Kerberos | 1 | CVE-2024-38239 |
| Windows Win32K - GRFX | 1 | CVE-2024-38246 |
| Windows Storage | 1 | CVE-2024-38248 |
| Windows AllJoyn API | 1 | CVE-2024-38257 |
| Microsoft Management Console | 1 | CVE-2024-38259 |
| Windows TCP/IP | 2 | CVE-2024-21416, CVE-2024-38045 |
| Windows Network Address Translation (NAT) | 1 | CVE-2024-38119 |
| Windows Setup and Deployment | 1 | CVE-2024-43457 |
| Windows MSHTML Platform | 1 | CVE-2024-43461 |
| Azure CycleCloud | 1 | CVE-2024-43469 |
| Windows Admin Center | 1 | CVE-2024-43475 |
| Microsoft Dynamics 365 (on-premises) | 1 | CVE-2024-43476 |
| Power Automate | 1 | CVE-2024-43479 |
| Windows Security Zone Mapping | 1 | CVE-2024-30073 |
| Windows Update | 1 | CVE-2024-43491 |
| Windows Libarchive | 1 | CVE-2024-43495 |
| Azure Web Apps | 1 | CVE-2024-38194 |
Other Information
At the time of publication, there were no new advisories included with the September Security Guidance.
Meet Fortra™ Your Cybersecurity Ally™
Fortra is creating a simpler, stronger, and more straightforward future for cybersecurity by offering a portfolio of integrated and scalable solutions. Learn more about how Fortra’s portfolio of solutions can benefit your business.
