Skip to main content
To Customer Support To Customer Support

This release consists of the following 79 Microsoft CVEs:

Tag CVE Base Score CVSS Vector Exploitability FAQs? Workarounds? Mitigations?
Windows TCP/IP CVE-2024-21416 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No
SQL Server CVE-2024-26186 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No
SQL Server CVE-2024-26191 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No
Windows Security Zone Mapping CVE-2024-30073 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No
SQL Server CVE-2024-37335 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No
SQL Server CVE-2024-37337 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C Exploitation Less Likely Yes No No
SQL Server CVE-2024-37338 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No
SQL Server CVE-2024-37339 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No
SQL Server CVE-2024-37340 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No
SQL Server CVE-2024-37341 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No
SQL Server CVE-2024-37342 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C Exploitation Less Likely Yes No No
SQL Server CVE-2024-37965 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No
SQL Server CVE-2024-37966 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C Exploitation Less Likely Yes No No
SQL Server CVE-2024-37980 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No
Windows Installer CVE-2024-38014 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Detected Yes No No
Microsoft Office SharePoint CVE-2024-38018 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation More Likely Yes No No
Windows TCP/IP CVE-2024-38045 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No
Windows PowerShell CVE-2024-38046 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No
Windows Network Address Translation (NAT) CVE-2024-38119 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No
Azure Network Watcher CVE-2024-38188 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No
Azure Web Apps CVE-2024-38194 8.4 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L/E:U/RL:O/RC:C Exploitation Less Likely Yes No No
Azure Stack CVE-2024-38216 8.2 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L/E:U/RL:O/RC:C Exploitation Less Likely Yes No No
Windows Mark of the Web (MOTW) CVE-2024-38217 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C Exploitation Detected Yes No No
Azure Stack CVE-2024-38220 9.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No
Dynamics Business Central CVE-2024-38225 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No
Microsoft Office Publisher CVE-2024-38226 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Detected Yes No No
Microsoft Office SharePoint CVE-2024-38227 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation More Likely Yes No No
Microsoft Office SharePoint CVE-2024-38228 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation More Likely Yes No No
Windows Standards-Based Storage Management Service CVE-2024-38230 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely No No No
Windows Remote Desktop Licensing Service CVE-2024-38231 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No
Windows Network Virtualization CVE-2024-38232 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely No No No
Windows Network Virtualization CVE-2024-38233 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely No No No
Windows Network Virtualization CVE-2024-38234 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No
Role: Windows Hyper-V CVE-2024-38235 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No
Windows DHCP Server CVE-2024-38236 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely No No No
Microsoft Streaming Service CVE-2024-38237 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation More Likely Yes No No
Microsoft Streaming Service CVE-2024-38238 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation More Likely Yes No No
Windows Kerberos CVE-2024-38239 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No
Windows Remote Access Connection Manager CVE-2024-38240 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No
Microsoft Streaming Service CVE-2024-38241 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation More Likely Yes No No
Microsoft Streaming Service CVE-2024-38242 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation More Likely Yes No No
Microsoft Streaming Service CVE-2024-38243 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation More Likely Yes No No
Microsoft Streaming Service CVE-2024-38244 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation More Likely Yes No No
Microsoft Streaming Service CVE-2024-38245 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation More Likely Yes No No
Windows Win32K - GRFX CVE-2024-38246 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation More Likely Yes No No
Microsoft Graphics Component CVE-2024-38247 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation More Likely Yes No No
Windows Storage CVE-2024-38248 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Exploitation Less Likely Yes No No
Microsoft Graphics Component CVE-2024-38249 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation More Likely Yes No No
Microsoft Graphics Component CVE-2024-38250 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No
Windows Win32K - ICOMP CVE-2024-38252 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation More Likely Yes No No
Windows Win32K - ICOMP CVE-2024-38253 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation More Likely Yes No No
Windows Authentication Methods CVE-2024-38254 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C Exploitation Less Likely Yes No No
Windows Kernel-Mode Drivers CVE-2024-38256 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C Exploitation Less Likely Yes No No
Windows AllJoyn API CVE-2024-38257 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C Exploitation Less Likely Yes No No
Windows Remote Desktop Licensing Service CVE-2024-38258 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C Exploitation Less Likely Yes No No
Microsoft Management Console CVE-2024-38259 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No
Windows Remote Desktop Licensing Service CVE-2024-38260 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No
Windows Remote Desktop Licensing Service CVE-2024-38263 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No
Windows Remote Desktop Licensing Service CVE-2024-43454 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L/E:U/RL:O/RC:C Exploitation Less Likely Yes No No
Windows Remote Desktop Licensing Service CVE-2024-43455 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No
Windows Setup and Deployment CVE-2024-43457 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation More Likely Yes No No
Windows Network Virtualization CVE-2024-43458 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C Exploitation Less Likely Yes No No
Windows MSHTML Platform CVE-2024-43461 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation More Likely Yes No No
Microsoft Office Visio CVE-2024-43463 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No
Microsoft Office SharePoint CVE-2024-43464 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation More Likely Yes No No
Microsoft Office Excel CVE-2024-43465 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No
Microsoft Office SharePoint CVE-2024-43466 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely No No No
Windows Remote Desktop Licensing Service CVE-2024-43467 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No
Azure CycleCloud CVE-2024-43469 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No
Azure Network Watcher CVE-2024-43470 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No
SQL Server CVE-2024-43474 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L/E:U/RL:O/RC:C Exploitation Less Likely Yes No No
Windows Admin Center CVE-2024-43475 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No
Microsoft Dynamics 365 (on-premises) CVE-2024-43476 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C Exploitation Less Likely Yes No No
Power Automate CVE-2024-43479 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No
Microsoft Outlook for iOS CVE-2024-43482 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C Exploitation Less Likely Yes No No
Windows Mark of the Web (MOTW) CVE-2024-43487 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C Exploitation More Likely Yes No No
Windows Update CVE-2024-43491 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Detected Yes No No
Microsoft AutoUpdate (MAU) CVE-2024-43492 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No
Windows Libarchive CVE-2024-43495 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No

Security Update Guide Blog Posts

Date Blog Post
June 27, 2024 Toward greater transparency: Unveiling Cloud Service CVEs
April 9, 2024 Toward greater transparency: Security Update Guide now shares CWEs for CVEs
January 6, 2023 Publishing CBL-Mariner CVEs on the Security Update Guide CVRF API
January 11, 2022 Coming Soon: New Security Update Guide Notification System
February 9, 2021 Continuing to Listen: Good News about the Security Update Guide API
January 13, 2021 Security Update Guide Supports CVEs Assigned by Industry Partners
December 8, 2020 Security Update Guide: Let’s keep the conversation going
November 9, 2020 Vulnerability Descriptions in the New Version of the Security Update Guide

Relevant Resources

  • The new Hotpatching feature is now generally available. Please see Hotpatching feature for Windows Server Azure Edition virtual machines (VMs) for more information.
  • Windows 10 and Windows 11 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10 and Windows 11, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 and Windows 11 operating systems, please see Windows Lifecycle Facts Sheet.
  • Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.
  • A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
  • In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
  • Customers running Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.

Known Issues

You can see these in more detail from the Deployments tab by selecting Known Issues column in the Edit Columns panel.

For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).

KB Article Applies To
5002624 SharePoint Enterprise Server 2016
5002639 SharePoint Server 2019
5002640 SharePoint Server Subscription Edition
5042881 Windows 11, version 21H2
5043051 Windows 10, version 1607, Windows Server 2016
5043064 Windows 11 version 24H2
5043067 Windows 11, version 21H2
5043076 Windows 11, version 22H2, Windows 11, version 23H2
5043080 Windows 11 version 24H2
5043083 Windows 10
5043087 Windows Server 2008 (Security-only update)
5043135 Windows Server 2008 (Monthly Rollup)

Released: Sep 10, 2024

What i got on my Win 10 systems.

 

 

CVEs have been published or revised in the Security Update Guide

September 10, 2024

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2020-17042

  • Title: Windows Print Spooler Remote Code Execution Vulnerability
  • Version: 2.0
  • Reason for revision: In the Security Updates table, added Windows Server 2022 and Windows Server 2022 (Server Core installation) as these versions are affected by this vulnerability. Microsoft recommends that customers running any of these products install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.
  • Originally released: November 10, 2020
  • Last updated: September 10, 2024
  • Aggregate CVE Severity Rating: Critical

CVE-2024-30077

  • Title: Windows OLE Remote Code Execution Vulnerability
  • Version: 2.0
  • Reason for revision: In the Security Updates table added Windows 11 Version 24H2 for x64-based Systems and Windows 11 Version 24H2 for ARM64-based systems as these versions are affected by this vulnerability. Microsoft recommends that customers running any of these products install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.
  • Originally released: June 11, 2024
  • Last updated: September 10, 2024
  • Aggregate CVE Severity Rating: Important

CVE-2024-35272

  • Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
  • Version: 2.0
  • Reason for revision: In the Security Updates table, added Visual Studio 2017 version 15.9, Visual Studio 2019 version 16.11, and Visual Studio 2022 versions 17.6, 17.8, 17.10, and 17.11 as they are also affected by this vulnerability. Microsoft recommends that customers running any of these products install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.
  • Originally released: July 9, 2024
  • Last updated: September 10, 2024
  • Aggregate CVE Severity Rating: Important

CVE-2024-38063

  • Title: Windows TCP/IP Remote Code Execution Vulnerability
  • Version: 2.0
  • Reason for revision: To comprehensively address CVE-2024-38063, Microsoft has released September 2024 security updates for all affected versions of Windows 10 Version 1809, Windows Server 2019, Windows Server 2022, and Windows 11 Version 21H2. Microsoft recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.
  • Originally released: August 13, 2024
  • Last updated: September 10, 2024
  • Aggregate CVE Severity Rating: Critical

CVE-2024-38138

  • Title: Windows Deployment Services Remote Code Execution Vulnerability
  • Version: 2.0
  • Reason for revision: The following updates have been made to CVE-2024-38138: 1) In the Security Updates table, added all supported versions of the following as they are affected by this vulnerability: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2. 2) Further, to comprehensively address this vulnerability, Microsoft has released September 2024 security updates for all affected versions of Windows Server 2016, Windows Server 2019, Windows Server 2022, and Windows Server 2022, 23H2 Edition. Microsoft recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.
  • Originally released: August 13, 2024
  • Last updated: September 10, 2024
  • Aggregate CVE Severity Rating: Important
  

CVEs have been published or revised in the Security Update Guide

September 12, 2024

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2024-38222

  • Title: Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: September 11, 2024
  • Last updated: September 11, 2024
  • Aggregate CVE Severity Rating: Moderate

CVE-2024-7970

  • Title: Chromium: CVE-2024-7970 Out of bounds write in V8
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: September 11, 2024
  • Last updated: September 11, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-8194

  • Title: Chromium: CVE-2024-8194 Type Confusion in V8
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: September 11, 2024
  • Last updated: September 11, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-8198

  • Title: Chromium: CVE-2024-8198 Heap buffer overflow in Skia
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: September 11, 2024
  • Last updated: September 11, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-8362

  • Title: Chromium: CVE-2024-8362 Use after free in WebAudio
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: September 11, 2024
  • Last updated: September 11, 2024
  • Aggregate CVE Severity Rating:
  

CVEs have been published or revised in the Security Update Guide

September 13, 2024

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2024-8636

  • Title: Chromium: CVE-2024-8636 Heap buffer overflow in Skia
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: September 13, 2024
  • Last updated: September 13, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-8637

  • Title: Chromium: CVE-2024-8637 Use after free in Media Router
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: September 13, 2024
  • Last updated: September 13, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-8638

  • Title: Chromium: CVE-2024-8638 Type Confusion in V8
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: September 13, 2024
  • Last updated: September 13, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-8639

  • Title: Chromium: CVE-2024-8639 Use after free in Autofill
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: September 13, 2024
  • Last updated: September 13, 2024
  • Aggregate CVE Severity Rating:
  

CVEs have been published or revised in the Security Update Guide
September 14, 2024

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2024-43461

· Title: Windows MSHTML Platform Spoofing Vulnerability

· Version: 1.1

· Reason for revision: Corrected the Exploited, Publicly disclosed, and Exploitability assessment data and updated the CVSS Exploit Maturity metric. These are informational changes only.

· Originally released: September 10, 2024

· Last updated: September 13, 2024

Aggregate CVE Severity Rating: Important

CVEs have been published or revised in the Security Update Guide

September 17, 2024

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2024-38183

  • Title: GroupMe Elevation of Privilege Vulnerability
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: September 17, 2024
  • Last updated: September 17, 2024
  • Aggregate CVE Severity Rating: Critical

CVE-2024-43460

  • Title: Dynamics 365 Business Central Elevation of Privilege Vulnerability
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: September 17, 2024
  • Last updated: September 17, 2024

Aggregate CVE Severity Rating: Critical

CVEs have been published or revised in the Security Update Guide
September 17, 2024

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2024-35272

· Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

· Version: 2.1

· Reason for revision: Corrected Build Numbers in the Security Updates table. This is an informational change only.

· Originally released: July 9, 2024

· Last updated: September 13, 2024

· Aggregate CVE Severity Rating: Important

CVE-2024-37985

· Title: Windows Kernel Information Disclosure Vulnerability

· Version: 1.1

· Reason for revision: Updated CNA for this CVE to Microsoft and updated the FAQ. This is an informational update only.

· Originally released: July 9, 2024

· Last updated: September 17, 2024

· Aggregate CVE Severity Rating: Important

CVEs have been published or revised in the Security Update Guide
September 19, 2024

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2024-38016

· Title: Microsoft Office Visio Remote Code Execution Vulnerability

· Version: 1.0

· Reason for revision: Information published.

· Originally released: September 19, 2024

· Last updated: September 19, 2024

· Aggregate CVE Severity Rating: Important

CVE-2024-38221

· Title: Microsoft Edge (Chromium-based) Spoofing Vulnerability

· Version: 1.0

· Reason for revision: Information published.

· Originally released: September 19, 2024

· Last updated: September 19, 2024

· Aggregate CVE Severity Rating: Moderate

CVE-2024-43489

· Title: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

· Version: 1.0

· Reason for revision: Information published.

· Originally released: September 19, 2024

· Last updated: September 19, 2024

· Aggregate CVE Severity Rating: Important

CVE-2024-43496

· Title: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

· Version: 1.0

· Reason for revision: Information published.

· Originally released: September 19, 2024

· Last updated: September 19, 2024

· Aggregate CVE Severity Rating: Important

CVE-2024-8904

· Title: Chromium: CVE-2024-8904 Type Confusion in V8

· Version: 1.0

· Reason for revision: Information published.

· Originally released: September 19, 2024

· Last updated: September 19, 2024

· Aggregate CVE Severity Rating:

CVE-2024-8905

· Title: Chromium: CVE-2024-8905 Inappropriate implementation in V8

· Version: 1.0

· Reason for revision: Information published.

· Originally released: September 19, 2024

· Last updated: September 19, 2024

· Aggregate CVE Severity Rating:

CVE-2024-8906

· Title: Chromium: CVE-2024-8906 Incorrect security UI in Downloads

· Version: 1.0

· Reason for revision: Information published.

· Originally released: September 19, 2024

· Last updated: September 19, 2024

· Aggregate CVE Severity Rating:

CVE-2024-8907

· Title: Chromium: CVE-2024-8907 Insufficient data validation in Omnibox

· Version: 1.0

· Reason for revision: Information published.

· Originally released: September 19, 2024

· Last updated: September 19, 2024

· Aggregate CVE Severity Rating:

CVE-2024-8908

· Title: Chromium: CVE-2024-8908 Inappropriate implementation in Autofill

· Version: 1.0

· Reason for revision: Information published.

· Originally released: September 19, 2024

· Last updated: September 19, 2024

· Aggregate CVE Severity Rating:

CVE-2024-8909

· Title: Chromium: CVE-2024-8909 Inappropriate implementation in UI

· Version: 1.0

· Reason for revision: Information published.

· Originally released: September 19, 2024

· Last updated: September 19, 2024

· Aggregate CVE Severity Rating:
 

CVEs have been published or revised in the Security Update Guide

September 20, 2024

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2022-2601

  • Title: Redhat: CVE-2022-2601 grub2 - Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass
  • Version: 2.0
  • Reason for revision: Updated FAQs with the following information: To address a known issue on systems with dual booting for Windows and Linux, we have reconfigured the manner in which this fix can be applied. Starting with the September 10, 2024 security updates, the fix will not automatically apply the SBAT update to the firmware. Customers who have applied the August 13, 2024 security updates will have the SBAT update in firmware and will be protected. Customers who have devices with Windows system only and who have not applied the August updates and who want to be protected from this issue can either apply the August 13, 2024 updates or apply the September 10, 2024 updates and set the following registry key from an Administrator command prompt: `reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Secureboot /v AvailableUpdates /t REG_DWORD /d 0x400 /f”`
  • Originally released: August 13, 2024
  • Last updated: September 19, 2024
  • Aggregate CVE Severity Rating: Important

CVE-2023-40547

  • Title: Redhat: CVE-2023-40547 Shim - RCE in HTTP boot support may lead to secure boot bypass
  • Version: 2.0
  • Reason for revision: Updated FAQs with the following information: To address a known issue on systems with dual booting for Windows and Linux, we have reconfigured the manner in which this fix can be applied. Starting with the September 10, 2024 security updates, the fix will not automatically apply the SBAT update to the firmware. Customers who have applied the August 13, 2024 security updates will have the SBAT update in firmware and will be protected. Customers who have devices with Windows system only and who have not applied the August updates and who want to be protected from this issue can either apply the August 13, 2024 updates or apply the September 10, 2024 updates and set the following registry key from an Administrator command prompt: `reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Secureboot /v AvailableUpdates /t REG_DWORD /d 0x400 /f”`
  • Originally released: August 13, 2024
  • Last updated: September 19, 2024
  • Aggregate CVE Severity Rating: Critical

CVE-2024-38216

  • Title: Azure Stack Hub Elevation of Privilege Vulnerability
  • Version: 1.1
  • Reason for revision: Updated the build numbers. This is an informational update only.
  • Originally released: September 10, 2024
  • Last updated: September 19, 2024
  • Aggregate CVE Severity Rating: Critical

CVE-2024-38220

  • Title: Azure Stack Hub Elevation of Privilege Vulnerability
  • Version: 1.1
  • Reason for revision: Updated the build numbers. This is an informational update only.
  • Originally released: September 10, 2024
  • Last updated: September 19, 2024
  • Aggregate CVE Severity Rating: Critical

CVE-2024-6387

  • Title: RedHat Openssh: CVE-2024-6387 Remote Code Execution Due To A Race Condition In Signal Handling
  • Version: 2.1
  • Reason for revision: Microsoft is announcing the availability of the security update for Azure Arc Resource Bridge installed on Azure Stack HCI to address this vulnerability. Customers running Azure Arc Resource Bridge should install the Azure Stack HCI 2408 update to be protected from this vulnerability.
  • Originally released: July 11, 2024
  • Last updated: September 19, 2024
  • Aggregate CVE Severity Rating:
  

CVEs have been published or revised in the Security Update Guide

September 26, 2024

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2024-9120

  • Title: Chromium: CVE-2024-9120 Use after free in Dawn
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: September 26, 2024
  • Last updated: September 26, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-9121

  • Title: Chromium: CVE-2024-9121 Inappropriate implementation in V8
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: September 26, 2024
  • Last updated: September 26, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-9122

  • Title: Chromium: CVE-2024-9122 Type Confusion in V8
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: September 26, 2024
  • Last updated: September 26, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-9123

  • Title: Chromium: CVE-2024-9123 Integer overflow in Skia
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: September 26, 2024
  • Last updated: September 26, 2024

Aggregate CVE Severity Rating:

CVEs have been published or revised in the Security Update Guide

September 30, 2024

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2024-9120

  • Title: Chromium: CVE-2024-9120 Use after free in Dawn
  • Version: 2.0
  • Reason for revision: In the security updates table added: Microsoft Edge (Chromium-based) Extended Stable. The Microsoft Edge extended stable build was released on September 29th, 2024.
  • Originally released: September 26, 2024
  • Last updated: September 30, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-9121

  • Title: Chromium: CVE-2024-9121 Inappropriate implementation in V8
  • Version: 2.0
  • Reason for revision: In the security updates table added: Microsoft Edge (Chromium-based) Extended Stable. The Microsoft Edge extended stable build was released on September 29th, 2024.
  • Originally released: September 26, 2024
  • Last updated: September 30, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-9122

  • Title: Chromium: CVE-2024-9122 Type Confusion in V8
  • Version: 2.0
  • Reason for revision: In the security updates table added: Microsoft Edge (Chromium-based) Extended Stable. The Microsoft Edge extended stable build was released on September 29th, 2024.
  • Originally released: September 26, 2024
  • Last updated: September 30, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-9123

  • Title: Chromium: CVE-2024-9123 Integer overflow in Skia
  • Version: 2.0
  • Reason for revision: In the security updates table added: Microsoft Edge (Chromium-based) Extended Stable. The Microsoft Edge extended stable build was released on September 29th, 2024.
  • Originally released: September 26, 2024
  • Last updated: September 30, 2024
  • Aggregate CVE Severity Rating:

CVEs have been published or revised in the Security Update Guide

October 3, 2024

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2024-7025

  • Title: Chromium: CVE-2024-7025 Integer overflow in Layout
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: October 3, 2024
  • Last updated: October 3, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-9369

  • Title: Chromium: CVE-2024-9369 Insufficient data validation in Mojo
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: October 3, 2024
  • Last updated: October 3, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-9370

  • Title: Chromium: CVE-2024-9370 Inappropriate implementation in V8
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: October 3, 2024
  • Last updated: October 3, 2024
  • Aggregate CVE Severity Rating:
  

CVEs have been published or revised in the Security Update Guide
October 4, 2024

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2024-38163
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38163

Title: Windows Update Stack Elevation of Privilege Vulnerability

Version: 1.1

Reason for revision: Corrected Build Numbers in the Security Updates table. This is an informational change only.

Originally released: August 13, 2024

Last updated: October 3, 2024

Aggregate CVE Severity Rating: Important

Reply


Terms & Conditions