Every second Tuesday of the month, tech enthusiasts eagerly anticipate the latest batch of fixes for Windows from none other than Microsoft. This Tuesday marks the release of four zero-day vulnerabilities, two high-criticality vulnerabilities, and a roundup of sister patches from Adobe.
Known as “Patch Tuesday” or “Update Tuesday” in Microsoft circles, this day signals a flurry of major security fixes not only from Microsoft but also from other tech giants like Adobe. The timing of these releases, typically mid-morning Pacific Standard Time, allows IT admins to smoothly update corporate networks without causing chaos at the start of the week.
For administrators, Patch Tuesday serves as a crucial reminder to ensure their Microsoft security updates are up to date, safeguarding their systems from potential threats.
Attackers exploited four zero-day vulnerabilities
The four vulnerabilities that attackers have already exploited are as follows:
- CVE-2024-43491: A vulnerability in the Servicing Stack in Windows 10, version 1507, exposing Optional Components to previously mitigated vulnerabilities. This flaw is addressed in the September 2024 Servicing Stack update and the September 2024 Windows security update.
- CVE-2024-38226: A bypass vulnerability found in Microsoft Publisher.
- CVE-2024-38217: An evasion technique allowing attackers to bypass Mark of the Web security alerts.
- CVE-2024-38014: A vulnerability leading to improper privilege management, potentially granting attackers unauthorized privileges.
SEE: IBM’s Chris Hockings is optimistic about the safety of the internet in the next five years due to passkeys and defenses against deepfakes.
Two vulnerabilities fell under NIST’s ‘critical’ category
The National Vulnerability Database’s Common Vulnerability Scoring System designates a “critical” rating for vulnerabilities that surpass a certain severity threshold in their prioritization system. The two critical vulnerabilities in this batch include CVE-2024-43491 and CVE-2024-38220, which involves an elevation of privilege vulnerability in the Azure Stack Hub.
In total, the September Update Tuesday saw the deployment of fixes for 79 security flaws.
Adobe released its own monthly security updates
Alongside Microsoft, Adobe also rolled out its own series of fixes for software such as Photoshop, Cold Fusion, Acrobat Reader, Illustrator, Premiere Pro, After Effects, Audition, and Media Encoder.