Patch Tuesday September 2024: Upcoming Automatic Windows 11 22H2 Feature Update and EoS Windows 10 Security Update

Updates from Microsoft this month address four zero-day vulnerabilities Under Active Exploitation with CVE-2024-38217 being publicly disclosed last month. Elsewhere, with CVE-2024-43491 existing in Windows 10 version 1507, this illustrates the rare occurrence when Microsoft will make a Security Update available to address a vulnerability for an end of support version of Windows. On top of this, Microsoft will be pushing automatic upgrades of eligible unmanaged Windows 11 version 22H2 to 23H2.

The fact that we have now seen Microsoft force feature updates for multiple versions of Windows 11 is one more reminder of the importance of planning for the migration away from Windows 10, which will reach EOS on October 14, 2025.

Microsoft Vulnerabilities

September’s Patch Tuesday brings fixes for 79 vulnerabilities, four zero days Under Active Exploitation, seven Critical Vulnerabilities, and a Hot Patch (KB5042880)—this was made available for Window Server 2022 to address CVE-2020-17042 that was originally patched in November 2020. Checking in on any Windows Server 2022 or Windows Server 2022 Server Core should be on the priority list for this month.

CVE-2024-38217 is a Windows Mark of the Web Bypass vulnerability that had a PoC published by Joe Desimone here. This vulnerability affects multiple versions of Windows since Windows Server 2008 and has been seen exploited in the wild. With a large affected install base, most organizations will have to contend with this vulnerability.

CVE-2024-43491 affects Windows 10 version 1507 and involves Windows Update. It is marked as being Under Active Exploitation due the vulnerability reintroducing older previously fixed vulnerabilities. Guidance for addressing this vulnerability is to apply KB5043936 and then KB5043083

CVE-2024-38226 is a zero-day affecting Microsoft Publisher 2016, Office 2016, Office 2019 and Office LTSC 2021. As with most vulnerabilities that affect Microsoft Office applications this vulnerability can be leveraged by an attacker with a specially crafted file, making delivery of a payload through email attachments or download links trivial. This vulnerability allows an attacker to bypass Office macro policies and execute actions on the endpoint.

CVE-2024-38014 is a Windows Installer Elevation of Privilege vulnerability involving improper privilege management. The vulnerability allows an attacker to gain SYSTEM privileges. This zero-day is Under Active Exploitation, but Microsoft provided little info on the nature of the vulnerability. Michael Baer along with SEC Consult Vulnerability Lab are credited with disclosure of this vulnerability, but have not published any research on the vulnerability as of print.

Windows Lifecycle Management

If you have not already planned out what 2025 upgrades and migrations are needed for you and your clients, then now is the time to start planning. Multiple End of Servicing and End of Support dates are on the calendar for next year and it’s always easier to justify a planned upgrade or migration due to EoS than it is to justify the need to replace a system that went EoS months ago, but still delivers the business function. There are multiple major Windows products like Windows 10, Office 2016, Office 2019, and many more reaching retirement, End of Support or End of Service so be sure to keep a close eye on upcoming 2025 EoS dates.

Related Product

N‑central

Manage large networks or scale IT operations with RMM made for growing service providers.

En savoir plus

Microsoft Patch Tuesday Vulnerability Prioritization

Addressing vulnerabilities effectively requires a mix of adhering to established best practices and leveraging informed judgment. While it’s a natural instinct to rank vulnerabilities with critical severity ratings higher on the list of things that need to be addressed, relying on severity ratings alone can be limiting. An often-overlooked component is temporal metrics, which provide a measure of the window of vulnerability—the time from initial vulnerability discovery to the availability and application of the patch. This is essential as the longer a vulnerability exists without a fix, the greater the potential for exploitation. By integrating temporal metrics into the risk evaluation process, organizations can gain a more comprehensive understanding of the threat landscape and potential attack vectors, ensuring that they don’t leave themselves open to unnecessary risks.

Table Key: Severity: C = Critical, I = Important, M = Moderate, R = Re-issue; Status: EML = Exploitation More Likely, ELL = Exploitation Less Likely, ED = Exploitation Detected, EU = Exploitation Unlikely, N/A = Not Available

Related Product

N‑sight RMM

RMM est parfait pour les petites entreprises MSP et les départements informatiques qui souhaitent être opérationnels rapidement.

En savoir plus

Summary

As always make sure you have established patching processes for evaluation, testing and pushing into production. If you have traditionally only dealt with patches by applying them based on their severity consider including prioritization of patches for Zero-Days, Exploitation Detected and Exploitation More Likely vulnerabilities in your Patch Management routines.

Looking for more blogs on patching, or looking for previous Microsoft Patch Tuesday Reviews, then check out the Patch Management section of our blog.

Lewis Pope is the Head Security Nerd at N‑able. You can follow him on Twitter: @cybersec_nerd

LinkedIn: thesecuritypope

Twitch: cybersec_nerd