79 Vulnerabilities, 7 Critical, and 4 Exploited

Welcome to the September 2024 Patch Tuesday! 

Microsoft’s release of 79 vulnerabilities includes 7 listed as critical, and 4 have been exploited.

Be sure to check out the Automox Patch [FIX] Tuesday podcast for more expert insights into these vulnerabilities. 

Before we review this month's Patch Tuesday, let’s look back at how this month stacks up.

Microsoft Windows Update Remote Code Execution Vulnerability

CVE 2024-43491 affects the Microsoft Windows Update process and can allow attackers to execute remote code. This vulnerability has not been actively exploited, yet. But, between the low complexity of this attack and the criticality of the Windows Update process, we expect this to be exploited soon. The core issue lies in how the Windows Update mechanism handles certain network communications, which can be manipulated to inject malicious code.

Since there are currently no mitigations, we recommend applying the official fix as soon as possible.

– Jason Kikta, CISO / SVP of Product, Automox

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVE 2024-38018 is a vulnerability impacting Microsoft SharePoint Server, potentially allowing for remote code execution. This flaw can be exploited by an authenticated attacker with at least Site Member permissions. The attacker can execute arbitrary code on the SharePoint Server by sending malicious requests, potentially leading to unauthorized access, control over the system, and data exfiltration.

The potential impact of this CVE is significant, especially given the business-critical nature SharePoint servers play in organizations that utilize them. 

Currently, there are no mitigations or workarounds available for this vulnerability. Given the severe implications of this vulnerability being exploited and the ease of exploitation, it is essential to patch affected systems immediately.

– Tom Bowyer, Director IT Security, Automox

The recent YubiKey Security Advisory highlights a moderate vulnerability in the Infineon cryptographic library used by Yubico in earlier versions of YubiKeys. This side-channel vulnerability could allow a sophisticated attacker to recover private keys with physical possession of the device and specialized equipment. While the risk is moderate, the potential impact on security makes it a concern worth addressing.

YubiKeys are pivotal for secure authentication, providing a strong defense against phishing and unauthorized access. Their significance in modern IT infrastructure emphasizes the need for vigilance when vulnerabilities arise.

To address this advisory, you’ll need to check if your YubiKeys are affected by checking their firmware version. If they are impacted, consider using identity provider settings to reduce session lengths and increase FIDO authentication frequency. 

As always, promptly deregister any lost or stolen YubiKeys, and remove them from associated accounts and services. While the overall threat is low, this is outside of most organization’s previous threat models and should be addressed promptly.

– Jason Kikta, CISO / SVP of Product, Automox

Microsoft Office Visio Remote Code Execution Vulnerability 

CVE 2024-43463 involves a remote code execution vulnerability in Microsoft Office Visio. This issue arises when a specifically crafted file is opened and can allow an attacker to execute remote code. 

Reflecting on this vulnerability, it's clear that even software used by a smaller user base, like Visio, can be targeted for exploitation. 

Microsoft Visio is commonly used by leaders and executives within organizations to create flow charts. It requires an additional subscription within Office365. Its users often possess higher access credentials than other users, potentially making this exploit a prime target for spear phishing and targeted attacks, as compromising them can lead to more significant security breaches.

Although this vulnerability specifically deals with Visio, training end users about the importance of proper cyber hygiene when downloading files is still one of the best ways to bolster your security posture. 

CVE 2024-43463 underscores the importance of detecting and patching all software running on your endpoints, as vulnerabilities can come from anywhere. 

– Tom Bowyer, Director IT Security, Automox