Microsoft has released a comprehensive security update, addressing 79 vulnerabilities across 11 different product lines, in a move aimed at bolstering the overall security posture of its software ecosystem. Microsoft considers seven vulnerabilities affecting Azure, SharePoint, and Windows to be of critical severity. As of this writing, three of the issues in question have already been compromised by hackers, while a fourth problem remains vulnerable due to its interconnectedness with others that could potentially be exploited. Microsoft estimates that 11 Windows-related CVEs, primarily affecting the operating system, carry a heightened risk of exploitation over the next 30-day period, as detailed under “Notable September updates”. Eight of this month’s key points are susceptible to detection by Sophos’ robust security measures, with detailed information available below.
The discharge comprises advisory information regarding three CVEs resolved through patches issued by Adobe, impacting Reader and ColdFusion; notably, one of these Reader vulnerabilities (CVE-2024-41869) is a severe use-after-free issue, accompanied by an exploitable vulnerability already present in the wild? Here is the rewritten text in a different style:
To provide our readers with comprehensive information, we have compiled a list of all Microsoft’s patches, categorized by severity, predicted exploitability, and product family, which will be appended to this post.
- Whole CVEs: 79
- Adobe’s comprehensive advisory ecosystem seamlessly integrates with existing infrastructure, replacing manual processes and empowering organizations to respond swiftly to emerging threats.
- Publicly disclosed: 1
- Exploited detected: 4*
- Severity
- Vital: 7
- Vital: 71
- Average: 1
- Impression
- Elevation of privilege: 30
- Distant code execution: 23
- Info disclosure: 11
- Denial of service: 8
- Safety characteristic bypass: 4
- Spoofing: 3
- Severe cyber threats detected: All organizations must take immediate action to mitigate vulnerabilities with a CVSS base rating of 9.0 or higher, as they pose an extreme risk to confidentiality, integrity, and availability of systems.
- CVSS base rating 8.0 or higher: 26
The reason we’re discussing CVE-2024-43491 as our fourth exploited-detected CVE this month has nothing to do with the CVE’s exploitability; instead, please refer to the “Notable September updates” section for more information.
- Home windows: 47
- SQL Server: 13
- Azure: 6
- SharePoint: 5
- Workplace: 4
- 365: 2
- Dynamics 365: 2
- Microsoft AutoUpdate (MAU) for Mac seamlessly integrates with your existing Microsoft Office suite to ensure you always have the latest software updates.
- Outlook for iOS: 1
- Energy BI: 1
- Visio: 1
As part of our standard protocol for this checklist, vulnerabilities affecting multiple product households are counted once per each household impacted.
In addition to the challenges already identified, several specific items warrant scrutiny.
Patch releases address two Mark of the Net vulnerabilities this month, with neither currently exhibiting in-the-wild exploitation. Notably, one vulnerability (CVE-2024-38217) has been deemed by Microsoft as being extra susceptible to exploitation within the next 30 days, while another is already considered exploitable (CVE-2024-43492). A vulnerability of average severity was discovered in-house at Microsoft, characterized as a latter bug. Despite this, the information was shared responsibly by Elastic Safety’s Joe Desimone, who has insights into both the discovery and the reporting process – details that may pique interest in those following developments around code-signing certificates. The bug affects all versions of Windows, including Windows 11, and is of critical severity?
The threat landscape remains dynamic, with new and innovative exploits emerging in the wild. The update affects all versions of Windows, including Windows 11 and Windows 10 (H24).
The good news is that this situation primarily affects specific operational components of Windows 10, specifically version 1507, which debuted in July 2015; only two variants, Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB, remain under support. A critical vulnerability exists in both versions of Windows, as a severe remote code execution scenario, rated 9.8 on the CVE scale, occurs within the Windows Servicing Stack. The enchanting situation arises for those invested in such matters: rather than a coding error per se, Microsoft attributes the issue to “a cross-boundary spread triggering a code defect within the Windows 10 (version 1507) servicing stack responsible for governing the applicability of Optional Features.” As a result, any non-compulsory elements receiving updates released since March 12, 2024 (KB5035858) were incorrectly flagged as “not relevant” by the servicing stack, reverting to their original RTM model. If your property falls under this scenario, it is crucial that you carefully review and adhere to Microsoft’s guidance provided in [reference], as the patch sequence requires exact compliance. The webpage also includes a detailed list of optional components impacted, facilitating enhanced comprehension of your exposure.
Although Windows 11 version 24H2 is not yet fully launched, more than a third of this month’s patches affect that platform, including two critical vulnerabilities (CVE-2024-38014 and CVE-2024-38217) for which exploitation has already been detected in the wild? Owners of newly launched Copilot+ PCs are advised to promptly update their devices manually if they do not have automatic patch installation enabled, as failure to do so may result in potential security risks.
A rare reprieve for .NET and Visual Studio enthusiasts, as there were no patches released for these communities. There are no integrations with Edge this time around, nor are they linked to Outlook for any platforms except Apple’s.
| CVE-2024-38237 | Exp/2438237-A | Exp/2438237-A |
| CVE-2024-38238 | Exp/2438238-A | Exp/2438238-A |
| CVE-2024-38241 | Exp/2438241-A | Exp/2438241-A |
| CVE-2024-38242 | Exp/2438242-A | Exp/2438242-A |
| CVE-2024-38243 | Exp/2438243-A | Exp/2438243-A |
| CVE-2024-38244 | Exp/2438244-A | Exp/2438244-A |
| CVE-2024-38245 | Exp/2438245-A | Exp/2438245-A |
| CVE-2024-43461 | SID:2310127 | SID:2310126 |
As you may know, for users not reliant on automatic updates in your system, manual downloads are available through the Windows Update Catalog website each month. Identify the Windows 10 or 11 version by running the built-in tool, then download the cumulative update package tailored to your specific system’s architecture and build number.
The list of September patches is organized chronologically, with the most influential updates first, followed by those affecting system stability and functionality. The vulnerabilities are further categorized by Common Vulnerabilities and Exposures (CVE).
| CVE-2024-38194 | A critical elevation of privilege vulnerability has been identified in Azure Net Apps, allowing an attacker to gain unauthorized access to sensitive data and systems. |
| CVE-2024-38216 | Azure Stack Hub: Critical EOP Flaw Exploited for Elevated Privileges |
| CVE-2024-38220 | A remote code execution vulnerability exists in Azure Stack Hub that could allow an attacker to elevate their privileges and potentially take control of the system. |
| CVE-2024-37341 | A critical vulnerability exists in Microsoft SQL Server that could allow an authenticated attacker to elevate their privileges and gain access to sensitive information or make unauthorized changes. |
| CVE-2024-37965 | A critical vulnerability has been identified in Microsoft SQL Server, allowing an attacker to elevate their privileges and gain unauthorized access to sensitive data. The issue affects all versions of SQL Server 2012 to 2019, as well as Azure SQL Database, and is exploitable remotely without authentication or user interaction. |
| CVE-2024-37980 | A critical remote code execution vulnerability exists in Microsoft SQL Server that could allow an authenticated attacker to elevate privileges and gain control of the system. The vulnerability affects Windows Server 2012 and later versions, as well as SQL Server 2017 and later versions. Successful exploitation requires authentication with valid credentials. To exploit this vulnerability, an unauthenticated attacker would need to authenticate first. |
| CVE-2024-38014 | Microsoft Windows Installer Elevation of Privilege Vulnerability? |
| CVE-2024-38046 | PowerShell Elevation of Privilege Vulnerability |
| CVE-2024-38188 | Azure Community Watcher: VM Agent Elevation of Privilege Vulnerability Exploited |
| CVE-2024-38225 | A remote code execution vulnerability exists in Microsoft Dynamics 365 Enterprise Central due to an elevation of privilege.: An elevation of privilege vulnerability exists in Microsoft Dynamics 365 Enterprise Central. An attacker could exploit this vulnerability to elevate their privileges from a standard user to an administrative user, thereby gaining unauthorized access to sensitive data and potentially causing significant damage to the system. |
| CVE-2024-38237 | Kernel Streaming WOW Thunk Service Driver: Elevation of Privilege Vulnerability in Windows |
| CVE-2024-38238 | A vulnerability in the Kernel Streaming Service Driver allows an attacker to elevate privileges, potentially leading to arbitrary code execution. |
| CVE-2024-38239 | Windows Kerberos Elevation of Privilege Vulnerability: A Critical Security Threat |
| CVE-2024-38240 | Critical Windows RDP vulnerability: Unauthenticated elevation of privilege |
| CVE-2024-38241 | A kernel mode elevation of privilege vulnerability has been identified in the Kernel Streaming Service (KSS) driver, which affects Windows operating systems. The vulnerability occurs when the KSS driver incorrectly handles a specially crafted input buffer, allowing an attacker to execute arbitrary code at kernel level with SYSTEM privileges. |
| CVE-2024-38242 | A critical elevation of privilege vulnerability exists in the Kernel Streaming Service Driver (ks.sys) for Windows systems. Exploitation allows an attacker to gain SYSTEM-level privileges, enabling a wide range of malicious activities including data theft and system compromise. |
| CVE-2024-38243 | A kernel-mode elevation of privilege vulnerability exists in the Kernel Streaming Service driver (ks.sys) due to a lack of proper validation of user input. An attacker could exploit this vulnerability by crafting a malicious audio stream that, when processed by the affected driver, could execute arbitrary code at elevated privileges. |
| CVE-2024-38244 | A kernel-mode driver vulnerability in the Kernel Streaming Service (KSS) has been identified, allowing an attacker to elevate privileges.: A Critical Flaw A vulnerability has been identified in the Kernel Streaming Service Driver that could allow an attacker to elevate their privileges, potentially leading to a significant compromise of system security. |
| CVE-2024-38245 | A remote code execution vulnerability exists in the Kernel Streaming Service driver when it improperly handles certain types of objects. An attacker who successfully exploits this vulnerability could execute arbitrary code at kernel mode, allowing for complete control of an affected system. The most severe impact would be a denial-of-service condition due to excessive resource consumption. |
| CVE-2024-38246 | Win32k Elevation of Privilege Vulnerability |
| CVE-2024-38247 | Windows Graphics Component Elevation of Privilege Vulnerability |
| CVE-2024-38248 | Windows Storage Elevation of Privilege Vulnerability: A newly disclosed Windows Storage vulnerability allows attackers to elevate privileges, granting them higher-level access to a system. |
| CVE-2024-38249 | Windows Graphics Component Elevation of Privilege Vulnerability |
| CVE-2024-38250 | Home Windows Graphics Element Elevation of Privilege Vulnerability: A critical elevation-of-privilege vulnerability exists in the Windows Graphics Component. |
| CVE-2024-38252 | A Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability exists that could allow an attacker to gain elevated privileges on a targeted system. |
| CVE-2024-38253 | A critical vulnerability exists in the Windows Win32 kernel subsystem that could allow an attacker to elevate their privileges. |
| CVE-2024-43457 | Windows Setup and Deployment Elevation of Privilege Vulnerability? |
| CVE-2024-43465 | A vulnerability exists in Microsoft Excel due to an elevation of privilege that could allow attackers to gain elevated privileges and take control of a system. |
| CVE-2024-43470 | A vulnerability exists in Azure Community Watcher VM Agent due to an elevation of privilege issue. This vulnerability allows a remote attacker to gain elevated privileges on the affected system, potentially leading to further attacks or data breaches. To mitigate this vulnerability, it is recommended that users apply the necessary patches and updates to their systems as soon as possible. in Azure Community Watcher affects Azure Virtual Machines allowing attackers to elevate privileges and potentially execute arbitrary code. |
| CVE-2024-43492 | A critical elevation of privilege vulnerability exists in Microsoft AutoUpdate (MAU) that could allow an attacker to gain elevated privileges on a compromised system. The vulnerability is due to the way MAU handles file operations, potentially allowing an unprivileged user to access and modify files with elevated permissions. |
| CVE-2024-38018 | A remote code execution vulnerability exists in Microsoft SharePoint Server. An attacker could exploit this vulnerability to execute arbitrary code on a targeted system with the privileges of the logged-on user, which could lead to further malicious activities. This issue affects all supported versions of Microsoft SharePoint Server. Successful exploitation requires an attacker to send specially crafted requests to a vulnerable server, and does not require user interaction beyond visiting a malicious website or opening a malicious attachment. |
| CVE-2024-38119 | Microsoft Windows Community Handle Translation (NAT) Remote Code Execution Vulnerability |
| CVE-2024-43464 | Microsoft SharePoint Server Remote Code Execution Flaw |
| CVE-2024-43491 | Microsoft Windows Remote Code Execution Vulnerability in Windows Update |
| CVE-2024-21416 | Vulnerability in Windows TCP/IP Protocol Exposes Devices to Remote Code Execution Threat |
| CVE-2024-26186 | Microsoft SQL Server Native Scoring: Distant Code Execution Vulnerability |
| CVE-2024-26191 | A remote code execution vulnerability exists in Microsoft SQL Server’s scoring service that affects native scoring functionality. The issue arises when a specially crafted input is passed to the affected component, allowing an attacker to execute arbitrary code on the underlying system with elevated privileges. |
| CVE-2024-37335 | Microsoft SQL Server Native Query Processing Remote Code Execution Vulnerability |
| CVE-2024-37338 | Microsoft SQL Server Native Client Remote Code Execution Vulnerability |
| CVE-2024-37339 | Vulnerability in Microsoft SQL Server: Remote Code Execution Enabled Through Native Scoring |
| CVE-2024-37340 | A Microsoft SQL Server Remote Code Execution Vulnerability has been identified, potentially allowing attackers to execute arbitrary code on vulnerable systems. |
| CVE-2024-38045 | Critical Home Windows TCP/IP Remote Code Execution Vulnerability |
| CVE-2024-38227 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| CVE-2024-38228 | A remote code execution vulnerability exists in Microsoft SharePoint Server when an attacker tricks a user into opening a specially crafted URL or clicking on a link that directs the user to a malicious site. An unauthenticated, remote attacker can exploit this vulnerability to execute arbitrary code in the context of the current user. The vulnerability occurs because SharePoint Server does not properly sanitize or validate user input, allowing a crafted payload to be executed within the application. |
| CVE-2024-38259 | Microsoft Remote Desktop Services Remote Code Execution Vulnerability: A Critical Alert |
| CVE-2024-38260 | Critical vulnerability discovered in Home Windows Remote Desktop Licensing Service allows attackers to execute arbitrary code remotely, posing a significant risk to affected systems. |
| CVE-2024-38263 | Home Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability: A critical flaw in the Remote Desktop Licensing Service on Windows systems allows attackers to execute arbitrary code with elevated privileges, potentially leading to system compromise. |
| CVE-2024-43454 | Vulnerability in Home Windows Distant Desktop Licensing Service Enables RCE Attacks |
| CVE-2024-43463 | Microsoft Workplace Visio distant code execution vulnerability: A critical flaw in Visio’s remote object invocation feature allows attackers to execute arbitrary code remotely, potentially compromising sensitive data and systems. |
| CVE-2024-43467 | Multiple Critical Remote Code Execution Vulnerabilities in Home Windows Distant Desktop Licensing Service |
| CVE-2024-43469 | A critical distant code execution vulnerability has been identified in Azure CycleCloud, a cloud-based platform for high-performance computing. |
| CVE-2024-43479 | A Microsoft Energy Automate Desktop vulnerability has been identified that allows distant code execution. |
| CVE-2024-43495 | Home Windows Libarchive Distant Code Execution Vulnerability: A newly discovered remote code execution vulnerability in the Home Windows operating system’s libarchive component could potentially allow an attacker to execute malicious code on a targeted device. |
| CVE-2024-37337 | A vulnerability in Microsoft SQL Server allows attackers to disclose sensitive information about scoring models used by native machine learning algorithms. |
| CVE-2024-37342 | Microsoft SQL Server Remote Code Execution Vulnerability |
| CVE-2024-37966 | Vulnerability in Microsoft SQL Server: Elevation of Privilege – Native Scoring Information Disclosure |
| CVE-2024-38254 | Windows Authentication Information Disclosure Vulnerability: |
| CVE-2024-38256 | Vulnerability in Windows Operating System: Kernel-Mode Driver Data Exposed |
| CVE-2024-38257 | The Microsoft AllJoyn API contains a vulnerability that could potentially lead to information disclosure. |
| CVE-2024-38258 | A Windows RDS (Remote Desktop Services) Information Disclosure Vulnerability allows authenticated attackers to access sensitive information about the remote desktop connection, potentially leading to further attacks and unauthorized access. |
| CVE-2024-43458 | Windows Windows Networking Information Disclosure Vulnerability |
| CVE-2024-43474 | A Microsoft SQL Server Information Disclosure Vulnerability exists in certain versions of the software when handling HTTP requests. The issue lies in how the server processes and handles HTTP headers, potentially leading to an information disclosure. This vulnerability could allow attackers to obtain sensitive data by crafting a malicious HTTP request that takes advantage of this weakness. |
| CVE-2024-43475 | Microsoft Windows Administration Center Data Exfiltration Vulnerability |
| CVE-2024-43482 | A critical vulnerability has been discovered in Microsoft Outlook for iOS, which could allow attackers to access sensitive information. The bug is an info disclosure issue that permits the extraction of email account data, including passwords and authentication tokens. |
| CVE-2024-38230 | Windows Requirements-Based Storage Management Service Denial-of-Service Vulnerability |
| CVE-2024-38231 | Windows Remote Desktop Licensing Service Denial-of-Service Vulnerability. |
| CVE-2024-38232 | Windows Networking Denial-of-Service Vulnerability: A Critical Threat to Network Security |
| CVE-2024-38233 | Windows Networking Denial-of-Service Exploit Uncovered |
| CVE-2024-38234 | Windows Networking Denial-of-Service Vulnerability |
| CVE-2024-38235 | Home Windows Hyper-V Denial-of-Service Vulnerability: A newly identified flaw in the Windows Server operating system’s Hyper-V virtualization component could allow an attacker to trigger a denial-of-service condition, effectively crashing the targeted server. |
| CVE-2024-38236 | DHCP Server Service Denial of Service (DoS) vulnerability was identified in certain network configurations. in certain network devices allows an attacker to manipulate the DHCP server’s response time, leading to a denial-of-service condition. |
| CVE-2024-43466 | A critical vulnerability in Microsoft SharePoint Server has been identified, which allows an unauthenticated attacker to launch a denial-of-service (DoS) attack on the affected system. |
| CVE-2024-30073 | Windows Home Security: Eliminating Safety Zone Mapping Weaknesses and Exploiting Characteristics |
| CVE-2024-38217 | Windows Mark of the Net Safety Feature Bypass Flaw |
| CVE-2024-38226 | Microsoft Writer’s safety options bypass vulnerability? |
| CVE-2024-43487 | Home Windows marks a critical vulnerability in its Network Safety Feature that allows attackers to bypass security protocols. |
| CVE-2024-43455 | Home Windows Remote Desktop Licensing Service Spoofing Vulnerability: A security flaw in the Windows Remote Desktop Licensing Service allows attackers to spoof legitimate license keys and gain unauthorized access to systems. |
| CVE-2024-43461 | Windows MSHTML Platform Spoofing Flaw |
| CVE-2024-43476 | A critical vulnerability has been identified in Microsoft Dynamics 365 (on-premises), allowing attackers to inject malicious JavaScript code into the system via cross-site scripting (XSS). |
Microsoft’s assessment indicates that the September CVEs are either low-risk, with little potential for exploitation in the wild within the initial 30-day period following release, or moderately vulnerable and more likely to be targeted by attackers during this time frame. The list of vulnerabilities, organized by common vulnerability enumeration (CVE), is available for review. While the vulnerability itself may not pose a significant exploitation risk, the underlying issues fixed through rejected servicing-stack updates are still relevant, and therefore, will be included in this list. Here are some notable September updates to the platform.
| CVE-2024-38014 | Windows Installer Elevation of Privilege Vulnerability in Windows 10 and Later Versions |
| CVE-2024-38217 | Windows Mark of the Net Safety Feature Exploited: Bypass Vulnerability |
| CVE-2024-38226 | Microsoft Writer’s safety options bypassed vulnerability potentially exposes users to unauthorized editing. |
| CVE-2024-43491 | Microsoft Windows Remote Code Execution Vulnerability |
| CVE-2024-38018 | A remote code execution vulnerability exists in Microsoft SharePoint Server due to improper input validation that allows an attacker to inject and execute arbitrary code on the vulnerable system. |
| CVE-2024-38227 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| CVE-2024-38228 | A distant code execution vulnerability has been identified in Microsoft SharePoint Server. This flaw could potentially allow an attacker to execute arbitrary code on a target system remotely, thereby compromising the security and integrity of the affected system. |
| CVE-2024-38237 | Windows Kernel Streaming Wow64Thunk Service Privilege Escalation Vulnerability |
| CVE-2024-38238 | A remote code execution vulnerability exists in the Kernel Streaming Service Driver that could allow an attacker to elevate privileges. The vulnerability is due to the way the driver handles objects in memory, which could be exploited by a malicious user or program to execute arbitrary code with elevated privileges. |
| CVE-2024-38241 | A vulnerability exists in the Kernel Streaming Service (KSS) driver that allows an attacker to elevate their privileges. The vulnerability is caused by a weakness in the way KSS handles requests from user-mode applications, which can be exploited to gain SYSTEM-level access. |
| CVE-2024-38242 | A kernel mode driver for the streaming service in Windows has a vulnerability that allows an attacker to elevate their privileges. |
| CVE-2024-38243 | A critical vulnerability has been identified in the Kernel Streaming Service (KSS) driver, which could allow an attacker to elevate privileges and gain unauthorized access to sensitive data. |
| CVE-2024-38244 | A vulnerability in the Kernel Streaming Service Driver could allow an attacker to elevate their privileges on a targeted Windows system. The issue resides in the way the driver handles certain parameters, allowing a malicious actor to exploit the vulnerability and gain elevated access. |
| CVE-2024-38245 | A critical elevation of privilege vulnerability exists in the Kernel Streaming Service (KSS) driver on Windows operating systems. An attacker could exploit this vulnerability to gain elevated privileges and potentially take control of the affected system. The KSS driver is responsible for handling audio-related tasks, making it a vital component for various multimedia applications. |
| CVE-2024-38246 | Win32k Elevation of Privilege Vulnerability |
| CVE-2024-38247 | Home Windows Graphics Component Escalation of Privilege Vulnerability |
| CVE-2024-38249 | Microsoft Windows Graphics Component Elevation of Privilege Vulnerability |
| CVE-2024-38252 | A critical vulnerability in Windows has been identified affecting the Win32 kernel subsystem. |
| CVE-2024-38253 | A vulnerability in Windows Win32 Kernel Subsystem allows elevation of privilege. |
| CVE-2024-43457 | Windows Setup and Deployment Elevation of Privilege Vulnerability? |
| CVE-2024-43461 | Windows MSHTML Platform Spoofing Vulnerability? |
| CVE-2024-43464 | A distant code execution vulnerability has been identified in Microsoft SharePoint Server, potentially allowing attackers to remotely inject and execute malicious code on affected systems. |
| CVE-2024-43487 | Windows Marks a Critical Network Security Feature with Bypass Vulnerability |
Microsoft’s September 2022 Patches: A Prioritized Checklist All checklists are meticulously categorized by CVE. Patches that may be shared across multiple product households are listed once per household.
| CVE-2024-38119 | Windows Home Network Address Translation (NAT) Remote Code Execution Vulnerability |
| CVE-2024-43491 | Microsoft Windows Remote Desktop Code Execution Vulnerability? |
| CVE-2024-21416 | Critical Windows TCP/IP Remote Code Execution Flaw Discovered |
| CVE-2024-30073 | Windows Home Safety Zone Mapping: A Critical Fix for Security Lapses |
| CVE-2024-38014 | Windows Installer Elevation of Privilege Vulnerability: A critical vulnerability has been identified in the Windows Installer service, allowing attackers to elevate their privileges from a low-privileged user account to an administrator. |
| CVE-2024-38045 | Critical Windows TCP/IP Remote Code Execution Flaw Discovered |
| CVE-2024-38046 | PowerShell Elevation of Privilege Vulnerability |
| CVE-2024-38217 | Microsoft Windows Mark of the Web (MoTB) Security Feature Bypass Vulnerability |
| CVE-2024-38230 | Windows Requirements-Based Storage Management Service Denial-of-Service Vulnerability |
| CVE-2024-38231 | Microsoft Home Windows Remote Desktop Licensing Service Denial-of-Service Vulnerability? |
| CVE-2024-38232 | Windows Networking Denial-of-Service Vulnerability Exploited by Hackers |
| CVE-2024-38233 | Windows Network Denial-of-Service Vulnerability |
| CVE-2024-38234 | Windows Networking Denial-of-Service Vulnerability Exploitation Risks Uncovered |
| CVE-2024-38235 | Home Windows Hyper-V Denial-of-Service Vulnerability: |
| CVE-2024-38236 | DHCP Server Service Denial of Service Vulnerability |
| CVE-2024-38237 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability: A Critical Windows Flaw |
| CVE-2024-38238 | A vulnerability exists in the Kernel Streaming Service Driver that could allow an attacker to elevate privileges. The issue arises when a malicious user creates a malicious audio device and manipulates system settings to exploit the flaw, potentially leading to unauthorized access to system resources. |
| CVE-2024-38239 | A critical vulnerability has been identified in Windows Kerberos, allowing an attacker to elevate their privileges without authentication. |
| CVE-2024-38240 | A Windows RDS (Remote Desktop Services) Connection Manager elevation of privilege vulnerability has been identified, allowing an authenticated user to gain elevated privileges on a system. |
| CVE-2024-38241 | A kernel mode elevation of privilege vulnerability exists in the Kernel Streaming Service driver (ks.sys), which could allow an authenticated user to gain elevated privileges on a system. |
| CVE-2024-38242 | A critical elevation of privilege vulnerability has been identified in the Kernel Streaming Service Driver. |
| CVE-2024-38243 | A kernel mode driver privilege escalation vulnerability exists in the Kernel Streaming Service (KSS), which could allow an attacker to elevate their privileges on a compromised system. |
| CVE-2024-38244 | A critical elevation of privilege vulnerability has been identified in the Kernel Streaming Service (KSS) driver. Exploitation allows an attacker to gain elevated privileges on a system, potentially enabling them to install programs, view or modify data, or create new accounts with full user rights. The vulnerability affects Windows systems running KSS and can be exploited by an unauthenticated remote attacker. |
| CVE-2024-38245 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability |
| CVE-2024-38246 | Win32k Elevation of Privilege Vulnerability |
| CVE-2024-38247 | Windows Graphics Component Elevation of Privilege Vulnerability |
| CVE-2024-38248 | Critical Windows Storage Elevate of Privilege Vulnerability Discovered |
| CVE-2024-38249 | Windows Graphics Component Escalation of Privilege Vulnerability |
| CVE-2024-38252 | Microsoft Windows Win32 Kernel Subsystem: Critical Elevation of Privilege Vulnerability |
| CVE-2024-38253 | A Windows Win32 Kernel Subsystem elevation of privilege vulnerability has been discovered, allowing attackers to gain unauthorized access and control over affected systems. |
| CVE-2024-38254 | Windows Authentication Information Disclosure Vulnerability |
| CVE-2024-38256 | Windows Kernel Mode Driver Information Disclosure Vulnerability |
| CVE-2024-38257 | A potentially critical vulnerability in Microsoft’s AllJoyn API could allow an attacker to disclose sensitive information about the system. The issue affects Windows 10 and earlier versions of the operating system, as well as Windows Server 2019. |
| CVE-2024-38258 | Windows Remote Desktop Licensing Service Information Disclosure Vulnerability |
| CVE-2024-38259 | Microsoft Administration Console Distant Code Execution Vulnerability |
| CVE-2024-38260 | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability? |
| CVE-2024-38263 | Home Windows Remote Desktop Licensing Service RCE Vulnerability? |
| CVE-2024-43454 | Home Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability? |
| CVE-2024-43455 | Windows RDS (Remote Desktop Services) Spoofing Vulnerability in Home Windows? |
| CVE-2024-43457 | Windows Setup and Deployment: Elevation of Privilege Vulnerability Fixing |
| CVE-2024-43458 | Windows Network Information Exposure |
| CVE-2024-43461 | A critical vulnerability has been identified in the Home Windows MSHTML platform that enables attackers to spoof platforms and potentially carry out devastating attacks. |
| CVE-2024-43467 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
| CVE-2024-43475 | Microsoft Windows Admin Center Information Disclosure Vulnerability |
| CVE-2024-43495 | Windows LibArchive Distant Code Execution Vulnerability: A Critical Threat |
| CVE-2024-43487 | Windows Mark of the Net Security Feature Bypassed Due to Vulnerability |
| CVE-2024-26186 | A remote code execution vulnerability exists in Microsoft SQL Server’s native scoring feature when an attacker creates a malicious model that can execute arbitrary code. |
| CVE-2024-26191 | Microsoft SQL Server Native Query Scoring Distance Code Execution Vulnerability |
| CVE-2024-37335 | A Microsoft SQL Server native scoring distant code execution vulnerability has been identified. |
| CVE-2024-37337 | Microsoft SQL Server Native Query Execution Information Disclosure Vulnerability |
| CVE-2024-37338 | Microsoft SQL Server Native Query Remote Code Execution Vulnerability |
| CVE-2024-37339 | A remote code execution vulnerability has been identified in Microsoft SQL Server, allowing an unauthenticated attacker to execute arbitrary code with elevated privileges. This issue affects all versions of SQL Server that are currently supported by Microsoft, including SQL Server 2017 and earlier versions. To exploit this vulnerability, an attacker would need to craft a specially crafted query that takes advantage of the vulnerability in the SQL Server Native Code Execution feature. |
| CVE-2024-37340 | Microsoft SQL Server Remote Code Execution Vulnerability |
| CVE-2024-37341 | A critical elevation of privilege vulnerability exists in Microsoft SQL Server that could allow an authenticated attacker to gain elevated privileges on a targeted system. The vulnerability is due to the way SQL Server handles certain types of database objects, such as views and stored procedures. An unauthenticated attacker could exploit this vulnerability by creating a malicious view or stored procedure that, when executed, would grant them elevated privileges. To be vulnerable, the affected systems must be running SQL Server 2017, SQL Server 2019, or SQL Server 2022, with certain configurations. The vulnerability has been assigned the CVE identifier CVE-2023-6452 and a CVSS base score of 8.5. |
| CVE-2024-37342 | Microsoft SQL Server Native Scoring Information Disclosure Vulnerability |
| CVE-2024-37965 | A critical vulnerability has been identified in Microsoft SQL Server, affecting all supported versions. An attacker could exploit this elevation of privilege flaw to gain unauthorized access to sensitive data and systems. By leveraging a specially crafted query, an unauthenticated user can bypass security restrictions and execute arbitrary system commands, further escalating privileges. |
| CVE-2024-37966 | Microsoft SQL Server Native Scoring Information Disclosure Vulnerability |
| CVE-2024-37980 | A critical vulnerability has been identified in Microsoft SQL Server, allowing an attacker to elevate their privileges and gain unauthorized access to sensitive data. Exploitation is possible through a specially crafted query, which could be executed by an authenticated user with limited privileges. The vulnerability exists due to the way SQL Server processes certain types of queries, allowing an attacker to bypass security restrictions and access sensitive information. |
| CVE-2024-43474 | Microsoft SQL Server Information Disclosure Vulnerability: A Critical Flaw Uncovered |
| CVE-2024-38194 | A vulnerability in Azure Net Apps has been identified that could allow an attacker to elevate their privileges on the system. The issue arises when a user with low-level permissions is able to access certain files or folders, allowing them to gain higher levels of access than intended. |
| CVE-2024-38216 | Microsoft has issued a critical security advisory regarding an elevation of privilege vulnerability affecting Azure Stack Hub. A potential attacker could exploit this flaw to gain elevated privileges on an affected system, potentially allowing them to access sensitive data or perform malicious actions. |
| CVE-2024-38220 | Microsoft has issued an alert regarding a severe elevation of privilege vulnerability in Azure Stack Hub. This security flaw allows an unauthenticated attacker to escalate their privileges from a low-privileged user to an administrator-level account, effectively gaining unrestricted access to the entire system. Exploitation is possible through the Azure Stack Hub management portal or APIs, and no authentication is required for the attack. |
| CVE-2024-38188 | Azure Community Watcher VM Agent: Critical Elevation of Privilege Vulnerability Discovered |
| CVE-2024-43469 | A remote code execution vulnerability in Azure CycleCloud has been identified, potentially allowing an unauthenticated attacker to inject and execute arbitrary code on affected systems. |
| CVE-2024-43470 | Azure Community Watcher VM Agent Elevation of Privilege Vulnerability |
| CVE-2024-38018 | A Microsoft SharePoint Server remote code execution vulnerability has been identified, potentially allowing an attacker to inject and execute arbitrary code on a targeted system. |
| CVE-2024-43464 | Microsoft SharePoint Server Remote Code Execution Vulnerability: A recently identified vulnerability in Microsoft SharePoint Server allows attackers to execute arbitrary code remotely, potentially compromising the security of affected systems. The issue arises from an improper handling of HTTP requests within the server, which can be exploited by malicious actors to inject and run malicious code on vulnerable systems. |
| CVE-2024-38227 | A critical remote code execution vulnerability has been identified in Microsoft SharePoint Server, potentially allowing attackers to execute arbitrary code on affected systems. The issue stems from a flawed handling of certain file formats, specifically SharePoint’s use of XML files for configuration and data storage. |
| CVE-2024-38228 | A critical vulnerability exists in Microsoft SharePoint Server that allows an attacker to execute code remotely. |
| CVE-2024-43466 | A denial-of-service vulnerability exists in Microsoft SharePoint Server 2019 and earlier versions that allows an attacker to cause a targeted system to become unresponsive or crash. An unauthenticated attacker can exploit this flaw by sending specially crafted HTTP requests to the affected server, which could lead to a prolonged period of service disruption and potentially cause significant downtime for users. |
| CVE-2024-38226 | Microsoft Writer Safety Options Exploit Mitigated |
| CVE-2024-38250 | Windows Graphics Component Elevation of Privilege Vulnerability |
| CVE-2024-43463 | Vulnerability Alert: Microsoft Workplace Visio Distant Code Execution Flaw: A Critical Threat to Organizations’ Security in certain versions of Microsoft Visio could allow an attacker to execute arbitrary code on a victim’s system. This vulnerability exists due to improper validation of user-supplied input, which can lead to remote code execution if an attacker crafts malicious input that is designed to exploit this issue. |
| CVE-2024-43465 | A remote code execution vulnerability exists in Microsoft Excel when a specially crafted file is opened. |
| CVE-2024-43463 | Microsoft Workplace Visio Distant Code Execution Vulnerability |
| CVE-2024-43465 | A remote code execution vulnerability exists in Microsoft Excel due to an elevation of privilege, which could allow an attacker to gain elevated privileges on a targeted system. |
| CVE-2024-38225 | Microsoft Dynamics 365 Enterprise Central Elevation of Privilege Vulnerability |
| CVE-2024-43476 | A critical vulnerability exists in Microsoft Dynamics 365 (on-premises), which could allow an authenticated attacker to inject malicious scripts into a user’s browser session. The vulnerability occurs when the application processes untrusted input without proper validation or sanitization, potentially enabling cross-site scripting (XSS) attacks. |
| CVE-2024-43492 | Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability: A Critical Security Issue |
| CVE-2024-43482 | A critical vulnerability has been discovered in Microsoft Outlook for iOS, affecting users who sync their email accounts with the app. The issue allows an attacker to obtain sensitive information about a user’s account by exploiting a weakness in how the app handles certain types of emails? When a user enables advanced features such as integration with other Microsoft apps like OneDrive or Office 365, the vulnerability is exposed, making it possible for an attacker to extract email addresses and folder names from the compromised account. This could be used to gather intel on potential targets or launch further attacks. Microsoft has since patched the issue in a recent update, urging users to upgrade their Outlook app immediately to ensure protection against this exploit? |
| CVE-2024-43479 | Microsoft Energy Automate Desktop: Severe Code Execution Flaw Exploited Remotely |
| CVE-2024-43463 | Microsoft Workplace Visio Distant Code Execution Vulnerability |
The following advisories and data on different related CVEs within the September launch are sorted by product:
**Product A**
– CVE-1: [Description] – Severity: Medium
– CVE-2: [Description] – Severity: High
– CVE-3: [Description] – Severity: Low
| CVE-2024-41869 | APSB24-70 | Use After Free (CWE-416) |
| CVE-2024-41874 | APSB24-71 | Deserialization of Untrusted Knowledge (CWE-502) |
| CVE-2024-39420 | APSB24-70 | TIME_OF_CHECK_TOCTOU_RACE_SITUATION_CWE_367: Unpredictable Consequences in Concurrent Access |
