In its September 2024 Patch Tuesday release for Windows, Microsoft addressed 79 security vulnerabilities, including four actively exploited zero-day flaws, one of which has been exploited since 2018.
The zero-days include vulnerabilities in Windows Installer, Mark of the Web (MOTW), Microsoft Publisher, and the Windows Update stack, highlighting the persistent nature of cyber threats that leverage these weaknesses.
Four actively exploited flaws
The most significant of these zero-days, tracked as CVE-2024-38217, involves the “Mark of the Web” (MOTW) security feature bypass. This vulnerability, exploited for at least six years, allows attackers to evade Windows security measures like Smart App Control and SmartScreen, which normally prevent malicious files from being opened.
First reported by Joe DeSimone of Elastic Security Labs, this flaw uses a technique known as “LNK stomping,” wherein specially crafted shortcut files (LNK) bypass MOTW warnings. Once a user opens such a file, the system's security checks fail, allowing the execution of untrusted programs without user warnings.
Another zero-day, CVE-2024-38014, involves Windows Installer and allows attackers to gain SYSTEM privileges on a vulnerable device. Although Microsoft has not provided specific details about its exploitation, the flaw was uncovered by Michael Baer from the SEC Consult Vulnerability Lab. SYSTEM privileges give attackers full control over an affected system, making this a critical issue.
The third zero-day, CVE-2024-38226, targets Microsoft Publisher. This flaw allows attackers to bypass Office macro policies, which are designed to block potentially harmful macros in downloaded documents. While Microsoft has not disclosed who discovered this vulnerability, its impact is particularly concerning given that malicious macros remain a popular attack vector.
The final zero-day, CVE-2024-43491, affects the Windows Update servicing stack, allowing remote code execution. This flaw impacts older versions of Windows 10, particularly version 1507, including Windows 10 IoT Enterprise 2015 LTSB. The vulnerability reintroduced previously patched flaws in Optional Components such as Internet Explorer 11, Active Directory, and Windows Media Player, potentially exposing systems to attacks targeting these components.
Update Windows now
Microsoft urges users to install the September 2024 security updates, especially those still running affected Windows 10 versions. For Windows 11 users, the KB5043076 cumulative update addresses these security concerns alongside 19 other improvements, including enhancements to File Explorer, Narrator, and battery life management.
To install the latest security update, head to Windows Settings > Windows Update > and click on the ‘Download' button for the process to begin. After all patches have been downloaded and installed, a system restart is required for them to be applied.
In addition to applying the latest security patches, Microsoft also recommends that users regularly update security settings, particularly Smart App Control and SmartScreen for Windows 11, and enable User Account Control (UAC) to require administrator credentials for critical changes, reducing the risk of privilege escalation attacks.
Zyxel Released Emergency Fix for Dangerous Flaw in EoL NAS Devices
Leave a Reply