Microsoft has unveiled its latest security updates, targeting critical vulnerabilities in various Windows products, including Windows Installer and Windows Updater. The announcement encompasses 79 vulnerabilities, seven of which are rated critical, emphasizing the pressing need for users to update their systems promptly. The newly disclosed vulnerabilities pose significant risks, including the potential for attackers to gain full system access.
Several of these vulnerabilities have been previously reported in various security bulletins, noting their potential to affect out-of-support versions of Windows 10. These past reports highlighted the urgency for users to migrate to supported versions to avoid security risks. The recently revealed exploits, particularly those involving Windows Update and Installer, reaffirm the ongoing challenge in maintaining robust cybersecurity measures.
Critical Vulnerabilities Exposed
Among the critical vulnerabilities, three — CVE-2024-38014, CVE-2024-38217, and CVE-2024-38226 — have already been exploited in the wild. CVE-2024-38014 impacts Windows Installer and could enable attackers to gain system privileges. Michael Baer of SEC Consult Vulnerability Lab discovered this vulnerability. Another significant flaw, CVE-2024-43491, affecting Windows Update, could allow attackers to remove patches and exploit older vulnerabilities, primarily impacting end-of-life Windows 10 products.
Potential for Severe Attacks
Microsoft’s detailed advisory indicates the necessity of deploying the September 2024 Servicing stack update (SSU KB5043936) and Windows security update (KB5043083) to mitigate CVE-2024-43491. Although there are no active exploitations of this vulnerability reported, its ability to undo previous fixes raises significant security concerns. Additionally, CVE-2024-38226, a Microsoft Office Publisher bug, can bypass macro policies to execute malicious files if local privileges are obtained.
Risks Associated with ‘Mark of the Web’
CVE-2024-38217 targets Microsoft’s “Mark of the Web” security feature, which flags files downloaded from the internet. Exploiting this vulnerability could undermine related security features such as SmartScreen and Application Reputation, posing further threats to system integrity. The vulnerability, publicly disclosed and actively exploited, was identified by Elastic Security Labs’ Joe Desimone.
The Cybersecurity and Infrastructure Security Agency (CISA) has responded by adding four of the disclosed vulnerabilities to its Known Exploited Vulnerabilities (KEV) list, underscoring the critical nature of these threats. Security experts advise immediate updates to mitigate potential exploits.
Microsoft’s ongoing efforts to address these vulnerabilities highlight the complexity and evolving nature of cybersecurity threats. Users and administrators must remain vigilant, ensuring timely updates and comprehensive security practices to safeguard their systems. Regularly reviewing and applying security patches can prevent exploitation of these identified vulnerabilities, contributing to a more secure digital environment.
