Microsoft releases patches for 79 flaws, including 3 actively exploited Windows flaws.

SeniorTechInfo
2 Min Read

Sep 11, 2024

Ravie Lakshmanan

Windows Security / Vulnerability

Microsoft unveiled on Tuesday that three new security vulnerabilities affecting the Windows platform are currently being actively exploited as part of its latest Patch Tuesday update for September 2024.

The monthly security release aims to fix a total of 79 vulnerabilities, including seven Critical, 71 Important, and one Moderate in severity. This update also includes resolving 26 flaws in its Chromium-based Edge browser since the previous Patch Tuesday release.

The three vulnerabilities being actively exploited include:

  • CVE-2024-38014 – Windows Installer Elevation of Privilege Vulnerability
  • CVE-2024-38217 – Windows Mark-of-the-Web Security Feature Bypass Vulnerability
  • CVE-2024-38226 – Microsoft Publisher Security Feature Bypass Vulnerability
  • CVE-2024-43491 – Microsoft Windows Update Remote Code Execution Vulnerability

“Exploitation of CVE-2024-38226 and CVE-2024-38217 can lead to the bypass of important security features that block Microsoft Office macros from running,” stated Satnam Narang, senior staff research engineer at Tenable.

Microsoft has advised to install the September 2024 Servicing stack update (KB5043936) and the September 2024 Windows security update (KB5043083) in that order to address these vulnerabilities effectively.

Software Patches from Other Vendors

In addition to Microsoft, several other vendors have released security updates to patch vulnerabilities over the past few weeks. Some of these vendors include:

Found this article interesting? Follow us on Twitter and LinkedIn for more exclusive content.

Share This Article
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *