⚡ TL;DR | Go Straight to the September 2024 Patch Tuesday Audit Report
Patch Tuesday is once again upon us. As always, our team has put together the monthly Patch Tuesday Report to help you manage your update progress. The audit report gives you a quick and clear overview of your Windows machines and their patching status. The September 2024 edition of Patch Tuesday brings us 79 new fixes, with 7 rated as critical and 6 exploited. We’ve listed the most important changes below.
Microsoft Windows Update Remote Code Execution Vulnerability
The most dangerous vulnerability this month is CVE-2024-43491 with a CVSS base score of 9.8 and it is known to be exploited. Microsoft identified this vulnerability in the Servicing Stack that has reversed the fixes for certain vulnerabilities impacting Optional Components in Windows 10, version 1507 (the original version released in July 2015).
Only Windows 10 (version 1507), including Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB, with the following Optional Components enabled, are vulnerable. All other Windows 10 versions released since November 2015 are not affected.
- .NET Framework 4.6 Advanced Services \ ASP.NET 4.6
- Active Directory Lightweight Directory Services
- Administrative Tools
- Internet Explorer 11
- Internet Information Services \ World Wide Web Services
- LPD Print Service
- Microsoft Message Queue (MSMQ) Server Core
- MSMQ HTTP Support
- MultiPoint Connector
- SMB 1.0/CIFS File Sharing Support
- Windows Fax and Scan
- Windows Media Player
- Work Folders Client
- XPS Viewer
Windows Installer Elevation of Privilege Vulnerability
The second exploited vulnerability is more broad. CVE-2024-38014 got a CVSS base score of 7.8 but doesn’t have a lot of additional information. Microsoft does list that an attacker who successfully exploits this vulnerability can gain SYSTEM privileges.
Microsoft Publisher Security Feature Bypass Vulnerability
The third exploited vulnerability is CVE-2024-38226 with a CVSS base score of 7.3. If exploited, an attacker could bypass Office macro policies used to block untrusted or malicious files. Again, Microsoft it keeping most details for themselves to prevent more exploitation.
Microsoft SharePoint Server Vulnerabilities
A whole range of updates were released for Microsoft SharePoint Server. Ranging from a CVSS base score of 6.5 to 8.8 including one Denial of Service and four Remote Code Execution vulnerabilities.
Microsoft released the following updates to fix these vulnerabilities for Microsoft SharePoint Server Subscription Edition, Microsoft SharePoint Server 2019, and Microsoft SharePoint Enterprise Server 2016
Run the Patch Tuesday September 2024 Audit
To help manage your update progress, we’ve created the Patch Tuesday Audit that checks if the assets in your network are on the latest patch updates. The report has been color-coded to see which machines are up-to-date and which ones still need to be updated. As always, system administrators are urged to update their environment as soon as possible to ensure all endpoints are secured.
The Lansweeper Patch Tuesday report is automatically added to your Lansweeper Site. Lansweeper Sites is included in all our licenses without any additional cost and allows you to federate all your installations into one single view so all you need to do is look at one report, automatically added every patch Tuesday!
Patch Tuesday September 2024 CVE Codes & Titles
| CVE Number | CVE Title |
| CVE-2024-43495 | Windows libarchive Remote Code Execution Vulnerability |
| CVE-2024-43492 | Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability |
| CVE-2024-43491 | Microsoft Windows Update Remote Code Execution Vulnerability |
| CVE-2024-43487 | Windows Mark of the Web Security Feature Bypass Vulnerability |
| CVE-2024-43482 | Microsoft Outlook for iOS Information Disclosure Vulnerability |
| CVE-2024-43479 | Microsoft Power Automate Desktop Remote Code Execution Vulnerability |
| CVE-2024-43476 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
| CVE-2024-43475 | Microsoft Windows Admin Center Information Disclosure Vulnerability |
| CVE-2024-43474 | Microsoft SQL Server Information Disclosure Vulnerability |
| CVE-2024-43470 | Azure Network Watcher VM Agent Elevation of Privilege Vulnerability |
| CVE-2024-43469 | Azure CycleCloud Remote Code Execution Vulnerability |
| CVE-2024-43467 | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability |
| CVE-2024-43466 | Microsoft SharePoint Server Denial of Service Vulnerability |
| CVE-2024-43465 | Microsoft Excel Elevation of Privilege Vulnerability |
| CVE-2024-43464 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| CVE-2024-43463 | Microsoft Office Visio Remote Code Execution Vulnerability |
| CVE-2024-43461 | Windows MSHTML Platform Spoofing Vulnerability |
| CVE-2024-43458 | Windows Networking Information Disclosure Vulnerability |
| CVE-2024-43457 | Windows Setup and Deployment Elevation of Privilege Vulnerability |
| CVE-2024-43455 | Windows Remote Desktop Licensing Service Spoofing Vulnerability |
| CVE-2024-43454 | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability |
| CVE-2024-38263 | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability |
| CVE-2024-38260 | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability |
| CVE-2024-38259 | Microsoft Management Console Remote Code Execution Vulnerability |
| CVE-2024-38258 | Windows Remote Desktop Licensing Service Information Disclosure Vulnerability |
| CVE-2024-38257 | Microsoft AllJoyn API Information Disclosure Vulnerability |
| CVE-2024-38256 | Windows Kernel-Mode Driver Information Disclosure Vulnerability |
| CVE-2024-38254 | Windows Authentication Information Disclosure Vulnerability |
| CVE-2024-38253 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability |
| CVE-2024-38252 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability |
| CVE-2024-38250 | Windows Graphics Component Elevation of Privilege Vulnerability |
| CVE-2024-38249 | Windows Graphics Component Elevation of Privilege Vulnerability |
| CVE-2024-38248 | Windows Storage Elevation of Privilege Vulnerability |
| CVE-2024-38247 | Windows Graphics Component Elevation of Privilege Vulnerability |
| CVE-2024-38246 | Win32k Elevation of Privilege Vulnerability |
| CVE-2024-38245 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability |
| CVE-2024-38244 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability |
| CVE-2024-38243 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability |
| CVE-2024-38242 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability |
| CVE-2024-38241 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability |
| CVE-2024-38240 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability |
| CVE-2024-38239 | Windows Kerberos Elevation of Privilege Vulnerability |
| CVE-2024-38238 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability |
| CVE-2024-38237 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability |
| CVE-2024-38236 | DHCP Server Service Denial of Service Vulnerability |
| CVE-2024-38235 | Windows Hyper-V Denial of Service Vulnerability |
| CVE-2024-38234 | Windows Networking Denial of Service Vulnerability |
| CVE-2024-38233 | Windows Networking Denial of Service Vulnerability |
| CVE-2024-38232 | Windows Networking Denial of Service Vulnerability |
| CVE-2024-38231 | Windows Remote Desktop Licensing Service Denial of Service Vulnerability |
| CVE-2024-38230 | Windows Standards-Based Storage Management Service Denial of Service Vulnerability |
| CVE-2024-38228 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| CVE-2024-38227 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| CVE-2024-38226 | Microsoft Publisher Security Feature Bypass Vulnerability |
| CVE-2024-38225 | Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability |
| CVE-2024-38220 | Azure Stack Hub Elevation of Privilege Vulnerability |
| CVE-2024-38217 | Windows Mark of the Web Security Feature Bypass Vulnerability |
| CVE-2024-38216 | Azure Stack Hub Elevation of Privilege Vulnerability |
| CVE-2024-38194 | Azure Web Apps Elevation of Privilege Vulnerability |
| CVE-2024-38188 | Azure Network Watcher VM Agent Elevation of Privilege Vulnerability |
| CVE-2024-38119 | Windows Network Address Translation (NAT) Remote Code Execution Vulnerability |
| CVE-2024-38046 | PowerShell Elevation of Privilege Vulnerability |
| CVE-2024-38045 | Windows TCP/IP Remote Code Execution Vulnerability |
| CVE-2024-38018 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| CVE-2024-38014 | Windows Installer Elevation of Privilege Vulnerability |
| CVE-2024-37980 | Microsoft SQL Server Elevation of Privilege Vulnerability |
| CVE-2024-37966 | Microsoft SQL Server Native Scoring Information Disclosure Vulnerability |
| CVE-2024-37965 | Microsoft SQL Server Elevation of Privilege Vulnerability |
| CVE-2024-37342 | Microsoft SQL Server Native Scoring Information Disclosure Vulnerability |
| CVE-2024-37341 | Microsoft SQL Server Elevation of Privilege Vulnerability |
| CVE-2024-37340 | Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability |
| CVE-2024-37339 | Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability |
| CVE-2024-37338 | Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability |
| CVE-2024-37337 | Microsoft SQL Server Native Scoring Information Disclosure Vulnerability |
| CVE-2024-37335 | Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability |
| CVE-2024-30073 | Windows Security Zone Mapping Security Feature Bypass Vulnerability |
| CVE-2024-26191 | Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability |
| CVE-2024-26186 | Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability |
| CVE-2024-21416 | Windows TCP/IP Remote Code Execution Vulnerability |