SonicWALL Inc.
09/11/2024 | Press release | Distributed by Public on 09/12/2024 02:14
Microsoft Security Bulletin Coverage For September 2024
Overview
Microsoft's September 2024 Patch Tuesday has 79 vulnerabilities, of which 30 are Elevation of Privilege. SonicWall Capture Labs threat research team has analyzed and addressed Microsoft's security advisories for the month of September 2024 and has produced coverage for 9 of the reported vulnerabilities.
Vulnerabilities with Detections
| CVE | CVE Title | Signature |
| CVE-2024-38217 | Windows Mark of the Web Security Feature Bypass Vulnerability | ASPY 7007 Malformed-lnk lnk.MP_5 |
| CVE-2024-38237 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | ASPY 7004 Exploit-exe exe.MP_408 |
| CVE-2024-38238 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability | ASPY 7005 Exploit-exe exe.MP_409 |
| CVE-2024-38241 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability | ASPY 7006 Exploit-exe exe.MP_410 |
| CVE-2024-38242 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability | ASPY 602 Exploit-exe exe.MP_411 |
| CVE-2024-38243 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability | ASPY 603 Exploit-exe exe.MP_412 |
| CVE-2024-38244 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability | ASPY 604 Exploit-exe exe.MP_413 |
| CVE-2024-38245 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability | ASPY 605 Exploit-exe exe.MP_414 |
| CVE-2024-43461 | Windows MSHTML Platform Spoofing Vulnerability | IPS 4501 Windows MSHTML Platform Spoofing (CVE-2024-43461) |
Release Breakdown
The vulnerabilities can be classified into following categories:
For September there are 7 critical, 71 Important and one moderate vulnerabilities.
Microsoft tracks vulnerabilities that are being actively exploited at the time of discovery and those that have been disclosed publicly before the patch Tuesday release for each month. The above chart displays these metrics as seen each month.
Release Detailed Breakdown
Denial of Service Vulnerabilities
| CVE | CVE Title |
| CVE-2024-38230 | Windows Standards-Based Storage Management Service Denial of Service Vulnerability |
| CVE-2024-38232 | Windows Networking Denial of Service Vulnerability |
| CVE-2024-38233 | Windows Networking Denial of Service Vulnerability |
| CVE-2024-38234 | Windows Networking Denial of Service Vulnerability |
| CVE-2024-38235 | Windows Hyper-V Denial of Service Vulnerability |
| CVE-2024-38236 | DHCP Server Service Denial of Service Vulnerability |
| CVE-2024-43466 | Microsoft SharePoint Server Denial of Service Vulnerability |
Elevation of Privilege Vulnerabilities
| CVE | CVE Title |
| CVE-2024-37341 | Microsoft SQL Server Elevation of Privilege Vulnerability |
| CVE-2024-37965 | Microsoft SQL Server Elevation of Privilege Vulnerability |
| CVE-2024-37980 | Microsoft SQL Server Elevation of Privilege Vulnerability |
| CVE-2024-38014 | Windows Installer Elevation of Privilege Vulnerability |
| CVE-2024-38046 | PowerShell Elevation of Privilege Vulnerability |
| CVE-2024-38188 | Azure Network Watcher VM Agent Elevation of Privilege Vulnerability |
| CVE-2024-38194 | Azure Web Apps Elevation of Privilege Vulnerability |
| CVE-2024-38216 | Azure Stack Hub Elevation of Privilege Vulnerability |
| CVE-2024-38220 | Azure Stack Hub Elevation of Privilege Vulnerability |
| CVE-2024-38225 | Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability |
| CVE-2024-38237 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability |
| CVE-2024-38238 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability |
| CVE-2024-38239 | Windows Kerberos Elevation of Privilege Vulnerability |
| CVE-2024-38240 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability |
| CVE-2024-38241 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability |
| CVE-2024-38242 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability |
| 8243 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability |
| CVE-2024-38244 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability |
| CVE-2024-38245 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability |
| CVE-2024-38246 | Win32k Elevation of Privilege Vulnerability |
| CVE-2024-38247 | Windows Graphics Component Elevation of Privilege Vulnerability |
| CVE-2024-38248 | Windows Storage Elevation of Privilege Vulnerability |
| CVE-2024-38249 | Windows Graphics Component Elevation of Privilege Vulnerability |
| CVE-2024-38250 | Windows Graphics Component Elevation of Privilege Vulnerability |
| CVE-2024-38252 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability |
| CVE-2024-38253 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability |
| CVE-2024-43457 | Windows Setup and Deployment Elevation of Privilege Vulnerability |
| CVE-2024-43465 | Microsoft Excel Elevation of Privilege Vulnerability |
| CVE-2024-43470 | Azure Network Watcher VM Agent Elevation of Privilege Vulnerability |
| CVE-2024-43492 | Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability |
Information Disclosure Vulnerabilities
| CVE | CVE Title |
| CVE-2024-37337 | Microsoft SQL Server Native Scoring Information Disclosure Vulnerability |
| CVE-2024-37342 | Microsoft SQL Server Native Scoring Information Disclosure Vulnerability |
| CVE-2024-37966 | Microsoft SQL Server Native Scoring Information Disclosure Vulnerability |
| CVE-2024-38254 | Windows Authentication Information Disclosure Vulnerability |
| CVE-2024-38256 | Windows Kernel-Mode Driver Information Disclosure Vulnerability |
| CVE-2024-38257 | Microsoft AllJoyn API Information Disclosure Vulnerability |
| CVE-2024-38258 | Windows Remote Desktop Licensing Service Information Disclosure Vulnerability |
| CVE-2024-43458 | Windows Networking Information Disclosure Vulnerability |
| CVE-2024-43474 | Microsoft SQL Server Information Disclosure Vulnerability |
| CVE-2024-43475 | Microsoft Windows Admin Center Information Disclosure Vulnerability |
| CVE-2024-43482 | Microsoft Outlook for iOS Information Disclosure Vulnerability |
Remote Code Execution Vulnerabilities
| CVE | CVE Title |
| CVE-2024-21416 | Windows TCP/IP Remote Code Execution Vulnerability |
| CVE-2024-26186 | Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability |
| CVE-2024-26191 | Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability |
| CVE-2024-37335 | Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability |
| CVE-2024-37338 | Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability |
| CVE-2024-37339 | Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability |
| CVE-2024-37340 | Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability |
| CVE-2024-38018 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| CVE-2024-38045 | Windows TCP/IP Remote Code Execution Vulnerability |
| CVE-2024-38119 | Windows Network Address Translation (NAT) Remote Code Execution Vulnerability |
| CVE-2024-38227 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| CVE-2024-38228 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| CVE-2024-38231 | Windows Remote Desktop Licensing Service Denial of Service Vulnerability |
| CVE-2024-38259 | Microsoft Management Console Remote Code Execution Vulnerability |
| CVE-2024-38260 | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability |
| CVE-2024-38263 | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability |
| CVE-2024-43454 | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability |
| CVE-2024-43463 | Microsoft Office Visio Remote Code Execution Vulnerability |
| CVE-2024-43464 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| CVE-2024-43467 | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability |
| CVE-2024-43469 | Azure CycleCloud Remote Code Execution Vulnerability |
| CVE-2024-43479 | Microsoft Power Automate Desktop Remote Code Execution Vulnerability |
| CVE-2024-43491 | Microsoft Windows Update Remote Code Execution Vulnerability |
| CVE-2024-43495 | Windows libarchive Remote Code Execution Vulnerability |
Security Feature Bypass Vulnerabilities
| CVE | CVE Title |
| CVE-2024-30073 | Windows Security Zone Mapping Security Feature Bypass Vulnerability |
| CVE-2024-38217 | Windows Mark of the Web Security Feature Bypass Vulnerability |
| CVE-2024-38226 | Microsoft Publisher Security Features Bypass Vulnerability |
| CVE-2024-43487 | Windows Mark of the Web Security Feature Bypass Vulnerability |
Spoofing Vulnerabilities
| CVE | CVE Title |
| CVE-2024-43455 | Windows Remote Desktop Licensing Service Spoofing Vulnerability |
| CVE-2024-43461 | Windows MSHTML Platform Spoofing Vulnerability |
| CVE-2024-43476 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.