On-demand webinar: Building a secure and employee-centric digital workplace

WATCH NOW

Microsoft Patch Tuesday September 2024 - Summary

146

Patches

79

Vulnerabilities

44

Articles

6

Impacts

CVE Index for September 2024 Patch Tuesday Updates

Vulnerable ComponentImpactCVE ID
Microsoft SharePoint Server Remote Code Execution CVE-2024-43464
Azure Stack Hub Elevation of Privilege CVE-2024-38220
Azure Stack Hub Elevation of Privilege CVE-2024-38216
Azure Web Apps Elevation of Privilege CVE-2024-38194
Windows Network Address Translation (NAT) Remote Code Execution CVE-2024-38119
Windows TCP/IP Remote Code Execution CVE-2024-38063
Microsoft SharePoint Server Remote Code Execution CVE-2024-38018
Windows Print Spooler Remote Code Execution CVE-2020-17042
Vulnerable ComponentImpactCVE ID
Microsoft Windows Update Remote Code Execution CVE-2024-43491
Microsoft Publisher Security Feature Bypass CVE-2024-38226
Windows Mark of the Web Security Feature Bypass CVE-2024-38217
Windows Installer Elevation of Privilege CVE-2024-38014
CVE IDSeverityImpact
CVE-2024-43495 Important Remote Code Execution
CVE-2024-43492 Important Elevation of Privilege
CVE-2024-43487 Moderate Security Feature Bypass
CVE-2024-43475 Important Information Disclosure
CVE-2024-43467 Important Remote Code Execution
CVE-2024-43461 Important Spoofing
CVE-2024-43458 Important Information Disclosure
CVE-2024-43457 Important Elevation of Privilege
CVE-2024-43455 Important Spoofing
CVE-2024-43454 Important Remote Code Execution
CVE-2024-38263 Important Remote Code Execution
CVE-2024-38260 Important Remote Code Execution
CVE-2024-38259 Important Remote Code Execution
CVE-2024-38258 Important Information Disclosure
CVE-2024-38257 Important Information Disclosure
CVE-2024-38256 Important Information Disclosure
CVE-2024-38254 Important Information Disclosure
CVE-2024-38253 Important Elevation of Privilege
CVE-2024-38252 Important Elevation of Privilege
CVE-2024-38250 Important Elevation of Privilege
CVE-2024-38249 Important Elevation of Privilege
CVE-2024-38248 Important Elevation of Privilege
CVE-2024-38247 Important Elevation of Privilege
CVE-2024-38246 Important Elevation of Privilege
CVE-2024-38245 Important Elevation of Privilege
CVE-2024-38244 Important Elevation of Privilege
CVE-2024-38243 Important Elevation of Privilege
CVE-2024-38242 Important Elevation of Privilege
CVE-2024-38241 Important Elevation of Privilege
CVE-2024-38240 Important Elevation of Privilege
CVE-2024-38239 Important Elevation of Privilege
CVE-2024-38238 Important Elevation of Privilege
CVE-2024-38237 Important Elevation of Privilege
CVE-2024-38236 Important Denial of Service
CVE-2024-38235 Important Denial of Service
CVE-2024-38234 Important Denial of Service
CVE-2024-38233 Important Denial of Service
CVE-2024-38232 Important Denial of Service
CVE-2024-38231 Important Denial of Service
CVE-2024-38230 Important Denial of Service
CVE-2024-38138 Important Remote Code Execution
CVE-2024-38046 Important Elevation of Privilege
CVE-2024-38045 Important Remote Code Execution
CVE-2024-30073 Important Security Feature Bypass
CVE-2024-21416 Important Remote Code Execution
CVE IDSeverityImpact
CVE-2024-43482 Important Information Disclosure
CVE-2024-43474 Important Information Disclosure
CVE-2024-43466 Important Denial of Service
CVE-2024-43465 Important Elevation of Privilege
CVE-2024-43463 Important Remote Code Execution
CVE-2024-38228 Important Remote Code Execution
CVE-2024-38227 Important Remote Code Execution
CVE-2024-37980 Important Elevation of Privilege
CVE-2024-37966 Important Information Disclosure
CVE-2024-37965 Important Elevation of Privilege
CVE-2024-37342 Important Information Disclosure
CVE-2024-37341 Important Elevation of Privilege
CVE-2024-37340 Important Remote Code Execution
CVE-2024-37339 Important Remote Code Execution
CVE-2024-37338 Important Remote Code Execution
CVE-2024-37337 Important Information Disclosure
CVE-2024-37335 Important Remote Code Execution
CVE-2024-35272 Important Remote Code Execution
CVE-2024-26191 Important Remote Code Execution
CVE-2024-26186 Important Remote Code Execution
CVE IDSeverityImpact
CVE-2024-43470 Important Elevation of Privilege
CVE-2024-43469 Important Remote Code Execution
CVE-2024-38188 Important Elevation of Privilege
Vulnerable ComponentCVE IDSeverityImpact
Power Automate CVE-2024-43479 Important Remote Code Execution
Microsoft Dynamics CVE-2024-43476 Important Spoofing
Microsoft Dynamics CVE-2024-38225 Important Elevation of Privilege

Previous Patch Tuesday Updates and Fixes

Microsoft Windows Patch Tuesday - Overview

What is Patch Tuesday?

Patch Tuesday, the colloquial term for Microsoft's Update Tuesday that falls on second Tuesday of every month. That is when Microsoft rolls out patch updates to improve security of Microsoft applications. Coinciding with the Patch Tuesday it is also a general trend for the roll out of patch updates for other third party applications that include Adobe and Mozilla, among many others.

When is Patch Tuesday?

Patch Tuesday falls on the second Tuesday of each month. The upcoming Patch Tuesday is on October 8, 2024.

What is patching and why is it important?

Patches are nothing but pieces of software code that are written to fix a bug in a software application, that might lead to a vulnerability. Such vulnerabilities in any application are loop holes for attackers to get their hands on business critical data and information. So it is highly crucial to keep all the applications in a network updated to its latest versions. Updating applications in mobile phones and laptops also work in the same manner by preventing theft of personal data, through security flaws.

What kind of patch updates are released during Patch Tuesday?

Predominantly security patch updates of varying severity like Critical, Important, Moderate & Low are labeled and released. It is always a best practice to prioritize your patching based on the severity level mentioned.

What are CVE IDs?

CVE ID - Common Vulnerabilities and Exposure ID is a format in which each vulnerability is disclosed and cataloged in the National Vulnerability Database (NVD). You can look up for a detailed explanation of each vulnerability in the NVD with the help of CVE ID. In Patch Manager Plus you can make use of these CVE IDs to fetch the appropriate patches to deploy. You can find the CVE IDs here.

How to register for ManageEngine's Free Patch Tuesday webinar?

The upcoming Free Patch Tuesday webinar by ManageEngine is scheduled on October 10, 2024. You can make your registrations here.

Where can I find more details about individual bulletins?

Each CVE ID listed in the CVE Index section has been linked to its security advisory.