In Patch Tuesday in September 2024, Microsoft released fixes for 79 issues, including patches four actively exploited zero-day vulnerabilities affecting multiple Windows components. These vulnerabilities have serious security implications for administrators and users alike. Below are short summaries of the issues and what to do.
CVE-2024-38014 (Windows Installer Elevation of Privilege): This flaw allows attackers to gain system level privileges, making it easier to execute malicious code. The attacker could take complete control of affected systems without user interaction. Microsoft has not released any information thus far on how it’s being used for zero-day attacks.
CVE-2024-38226 (Microsoft Publisher Macro Policy Bypass): This vulnerability allows attackers to bypass Microsoft Office macro restrictions by tricking users into opening malicious files. Macros are a known vector for malware, so bypassing macro policies can lead to remote attacks on systems where Publisher is installed?.
CVE-2024-38217 (Windows Mark of the Web Security Bypass): This vulnerability, publicly disclosed before patching, enables attackers to bypass security warnings for downloaded files by manipulating the Mark of the Web feature. This exposes users to phishing and malware attacks, as Microsoft’s Smart App Control ssecurity prompts can be easily circumvented.
CVE-2024-43491 (Windows Update Remote Code Execution): This critical flaw affects older versions of Windows, allowing attackers to execute code remotely by exploiting issues with Windows Update. The vulnerability can undo previously applied security fixes, making systems vulnerable again?.
To mitigate risks, users should install the latest patches immediately. In fact, if it makes sense to do so, click on the automatic update feature. Administrators are encouraged to disable macros from unknown sources and users are encouraged never to enable macros by default. In fact, if you don’t know who created the macros, it’s always safer not to allow them.
As always, ensure anti-virus/anti-malware software is installed and kept updated at all times. While it won’t protect any system 100%, it lessens the chances something will get through that no one wants on their device.
Just a reminder that a zero-day exploit is one for which it’s known, but for which there is no fix. These are particularly dangerous since attackers often jump on those opportunities to take advantage of victims. Patching immediately reduces the risk they will find your system’s vulnerabilities before you have a chance to block them.
SUBSCRIBE TO WEEKLY NEWSLETTER
