Microsoft’s September Patch Tuesday Fixes Four Zero-Days
You should update your PC as soon as possible.
Last week, we highlighted Microsoft’s August Patch Tuesday, as the update patched a zero-day security vulnerability in Windows. While Microsoft was not aware of an active exploit for the vulnerability at that time, it was still essential to fix, as its discovery prior to a patch meant it was only a matter of time before someone, somewhere figured out how to exploit it.
That, of course, was August. Since our last article, Microsoft’s September Patch Tuesday has also dropped. In a bit of a twist, this update not only patches one zero-day, but four.
That’s according to Bleeping Computer, which reports Microsoft has patched 79 total flaws with its big September security update. Seven of these flaws are noted as “critical,” compromising both remote code execution or elevation of privileges issues. While all vulnerabilities, critical or not, are important to patch, the four zero-days are the most important.
As a refresher, a zero-day vulnerability is a security flaw discovered before a patch is available. That gives bad actors an advantage, as they can work to figure out a way to exploit the flaw before a developer has a chance to fix it.
To make matters worse, three of the four zero-day vulnerabilities are actively exploited, according to Microsoft. That makes this latest update imperative for all users to install as soon as possible, as bad actors have already discovered how to use these vulnerabilities against targets. They’ll most likely figure out how to exploit the fourth zero-day in time.
The four zero-days are tracked as:
- CVE-2024-38014: Elevation of Privilege Vulnerability in Windows Installer
- CVE-2024-38217: Security Feature Bypass Vulnerability in Windows Mark of the Web
- CVE-2024-38226: Security Feature Bypass Vulnerability in Microsoft Publisher
- CVE-2024-43491: Remote Code Execution Vulnerability in Microsoft Windows Update
CVE-2024-38217 is a particularly concerning flaw, as researchers believe it has been actively exploited since 2018.
Installing the latest security update for Windows
To protect your PC, and the network it’s connected to, make sure to install this latest patch as soon as you can. If you have automatic updates enabled, it’s possible Windows already updated on its own. However, you can manually check for the latest update and install it yourself.
To do so, open the Start menu, then go to Settings > Windows Update (Windows 11) or Settings > Update & Security > Windows Update (Windows 10). On either version, choose Check for updates, then install the latest update that appears.
Share This
