September update from Microsoft includes disclosure of 4 zero-day vulnerabilities

September 11, 2024
1 min read

TLDR:

  • Microsoft disclosed 4 zero-day vulnerabilities in its September update.
  • Attackers are actively exploiting these vulnerabilities, including security bypass, RCE, and privilege escalation bugs.

Microsoft’s September update contains 79 vulnerabilities, with 7 critical RCE and elevation of privilege vulnerabilities. Attackers are already exploiting four of these vulnerabilities. Two of the zero-days allow bypassing critical security protections in Windows. Another vulnerability allows elevation of privilege, while the last bug reintroduces vulnerabilities that were previously patched. These vulnerabilities are a high priority for organizations to remediate.

Other high-priority bugs in the update include a Windows spoofing vulnerability, a Microsoft SharePoint Server RCE bug, and two elevation-of-privilege vulnerabilities in the Kernel Streaming Service Driver. Organizations are advised to prioritize patching these vulnerabilities due to the potential impact on system security. With a total of 745 vulnerabilities disclosed this year, organizations need to stay vigilant and proactively patch their systems to mitigate the risk of exploitation.

Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and