Welcome to the Patch Tuesday update for September 2024, which lists fixes for 79 vulnerabilities. This month, there are a total of four zero-day vulnerabilities that are being actively exploited, one of which is being publicly disclosed.
After an initial discussion about this month’s updates, we’ll offer our advice for devising a plan to handle patch management in a hybrid work environment. You can also register for our free Patch Tuesday webinar and listen to our experts break down Patch Tuesday updates in detail.
What is Patch Tuesday?
Patch Tuesday falls on the second Tuesday of every month. On this day, Microsoft releases security and non-security updates for its operating system and other related applications. Since Microsoft has upheld this process of releasing updates in a periodic manner, IT admins expect these updates and have time to gear up for them.
Why is Patch Tuesday important?
Important security updates and patches to fix critical bugs or vulnerabilities are released on Patch Tuesday. Usually, zero-day vulnerabilities are also fixed during Patch Tuesday unless the vulnerability is critical and highly exploited, in which case an out-of-band security update is released to address that particular vulnerability.
September 2024 Patch Tuesday
Security updates lineup
Here is a breakdown of the vulnerabilities fixed this month:
CVE IDs: 79
Security updates were released for the following products, features, and roles:
-
Windows TCP/IP
-
SQL Server
-
Windows Security Zone Mapping
-
Windows Installer
-
Microsoft Office SharePoint
-
Windows PowerShell
-
Windows Network Address Translation (NAT)
-
Azure Network Watcher
-
Azure Web Apps
-
Azure Stack
-
Windows Mark of the Web (MOTW)
-
Dynamics Business Central
-
Microsoft Office Publisher
-
Windows Standards-Based Storage Management Service
-
Windows Remote Desktop Licensing Service
-
Windows Network Virtualization
-
Role: Windows Hyper-V
-
Windows DHCP Server
-
Microsoft Streaming Service
-
Windows Kerberos
-
Windows Remote Access Connection Manager
-
Windows Win32K – GRFX
-
Microsoft Graphics Component
-
Windows Storage
-
Windows Win32K – ICOMP
-
Windows Authentication Methods
-
Windows Kernel-Mode Drivers
-
Windows AllJoyn API
-
Microsoft Management Console
-
Windows Setup and Deployment
-
Windows MSHTML Platform
-
Microsoft Office Visio
-
Microsoft Office Excel
-
Azure CycleCloud
-
Windows Admin Center
-
Microsoft Dynamics 365 (on-premises)
-
Power Automate
-
Microsoft Outlook for iOS
-
Windows Update
-
Microsoft AutoUpdate (MAU)
-
Windows Libarchive
Learn more in the MSRC’s release notes.
Details of the zero-day vulnerabilities
Vulnerable component: Windows Mark of the Web (MOTW)
Impact: Security feature bypass
CVSS 3.1: 5.4
This vulnerability allows attackers to exploit the Mark of the Web (MOTW) feature by hosting a malicious file on an attacker-controlled server and tricking a user into downloading and opening it.
Upon a successful exploitation, the attacker could bypass security measures like SmartScreen and Windows Attachment Services, leading to a limited loss of integrity and availability.
This vulnerability has been publicly disclosed and is being actively exploited.
Vulnerable component: Microsoft Publisher
Impact: Security feature bypass
CVSS 3.1: 7.3
This vulnerability allows attackers to bypass Office macro policies designed to block untrusted or malicious files. To exploit the vulnerability, the attacker needs to convince the user to download a specially crafted file via social engineering. Microsoft has also stated that the Preview Pane is not an attack vector.
While it has not yet been publicly disclosed, the vulnerability is being actively exploited.
Vulnerable component: Windows Installer
Impact: Elevation of privilege
CVSS 3.1: 7.8
Microsoft states that an attacker can gain SYSTEM privileges on successful exploitation of the vulnerability.
This vulnerability has not yet been publicly disclosed but is being actively exploited.
Vulnerable component: Microsoft Windows Update
Impact: Remote Code Execution Vulnerability
CVSS 3.1: 9.8
This Servicing Stack vulnerability has been actively exploited and has been marked as Critical.
Per Microsoft, “Microsoft is aware of a vulnerability in Servicing Stack that has rolled back the fixes for some vulnerabilities affecting Optional Components on Windows 10, version 1507 (initial version released July 2015). This means that an attacker could exploit these previously mitigated vulnerabilities on Windows 10, version 1507 (Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB) systems that have installed the Windows security update released on March 12, 2024—KB5035858 (OS Build 10240.20526) or other updates released until August 2024. All later versions of Windows 10 are not impacted by this vulnerability.”
If you would like to know more on the precautions and actions needed to be taken to restore the fixes rolled back by the vulnerability, you can refer to the MSRC blog.
Third-party updates released after last month’s Patch Tuesday
Third-party vendors such as Fortinet, Cisco, Google, Apache, and Ivanti have also released updates this September.
Best practices to handle patch management in a hybrid work environment
Most organizations have opted to embrace remote work even after they have been cleared to return to the office. This decision poses various challenges to IT admins, especially in terms of managing and securing distributed endpoints.
Here are a few pointers to simplify the process of remote patching:
- Disable automatic updates because one faulty patch could bring down the whole system. IT admins can educate end users on how to disable automatic updates on their machines. Patch Manager Plus and Endpoint Central also have a dedicated patch, 105427, that can be deployed to endpoints to ensure that automatic updates are disabled.
- Create a restore point—a backup or image that captures the state of the machines—before deploying big updates like those from Patch Tuesday.
- Establish a patching schedule and keep end users informed about it. It is recommended to set up a time for deploying patches and rebooting systems. Let end users know what needs to be done on their end for trouble-free patching.
- Test the patches on a pilot group of systems before deploying them to the production environment. This will ensure that the patches do not interfere with the workings of other applications.
- Since many users are working from home, they all might be working different hours; in this case, you can allow end users to skip deployment and scheduled reboots. This will give them the liberty to install updates at their convenience and avoid disrupting their work. Our patch management products come with options for user-defined deployment and reboot.
- Most organizations are deploying patches using a VPN. To stop patch tasks from eating up your VPN bandwidth, install Critical patches and security updates first. You might want to hold off on deploying feature packs and cumulative updates since they are bulky updates and consume a lot of bandwidth.
- Schedule the non-security updates and security updates that are not rated Critical to be deployed after Patch Tuesday, such as during the third or fourth week of the month. You can also choose to decline certain updates if you feel they are not required in your environment.
- Run patch reports to get a detailed view of the health status of your endpoints.
- For machines belonging to users returning to the office after working remotely, check if they are compliant with your security policies. If not, quarantine them. Install the latest updates and feature packs before deeming your back-to-office machines fit for production. Take inventory of and remove apps that are now obsolete for your back-to-office machines, like remote collaboration software.
With Endpoint Central, Patch Manager Plus, or Vulnerability Manager Plus, you can completely automate the entire process of patch management, from testing patches to deploying them. You can also tailor patch tasks according to your current needs. For a hands-on experience with either of these products, try a free, 30-day trial and keep thousands of applications patched and secure.
Want to learn more about Patch Tuesday updates? Join our experts as they break down this month’s Patch Tuesday updates and offer in-depth analysis. You can also ask our experts questions and get answers to all your Patch Tuesday questions. Register for our free Patch Tuesday webinar.
Ready, get set, patch!