October 9, 2024
1 Solar System Way, Planet Earth, USA
Technology

September Patch Tuesday update fixes 4 zero-day bugs – Computerworld

  • Windows update and installer.
  • Windows Hyper-V.
  • Windows kernel and graphics (GDI).
  • Microsoft MSHTML and Mark of the Web.
  • Remote Desktop Subsystems (RDP) and TCP/IP.

The real concern is that three of these vulnerabilities (CVE-2024-38014, CVE-2024-38217, CVE-2024-43491 Exploitation cases have been reported. Additionally, another vulnerability has been reported in the Windows HTML subsystem (CVE-2024-38217) has been reported as a publicly disclosed zero-day vulnerability. Because of these four zero-days, we recommend that you add these Windows updates to your patch release schedule now.

Microsoft Office

Microsoft addressed two critical vulnerabilities in the SharePoint platform (CVE-2024-38018 and CVE-2024-43464) that will require immediate attention. There are nine other updates considered important that affect Microsoft Office, Publisher, and Visio. Unfortunately, CVE-2024-38226 Microsoft has reported that the vulnerability (affecting Publisher) is being exploited in place. If your application portfolio does not include Publisher (many do not), please add these Microsoft updates to your standard patch release cycle.

Microsoft SQL Server (formerly Exchange)

This month sees a significantly larger update for the Microsoft SQL Server platform, with 15 updates (all) rated as important. There are no reports of public disclosures or active vulnerabilities, and these patches cover the following general vulnerabilities:

    Leave feedback about this

    • Quality
    • Price
    • Service

    PROS

    +
    Add Field

    CONS

    +
    Add Field
    Choose Image
    Choose Video
    X