Security News > 2024 > September > Microsoft fixes 4 exploited zero-days and a code defect that nixed earlier security fixes
2024-09-10 19:41
September 2024 Patch Tuesday is here and Microsoft has delivered 79 fixes, including those for a handful of zero-days (CVE-2024-38217, CVE-2024-38226, CVE-2024-38014, CVE-2024-43461) exploited by attackers in the wild, and a Windows 10 code defect (CVE-2024-43491) that rolled back earlier CVE fixes. The actively exploited flaws Let’s start with the only one that was previously publicly known: CVE-2024-38217, a vulnerability that allows attackers to bypass Mark of the Web (MotW). Elastic Security researcher Joe Desimone … More → The post Microsoft fixes 4 exploited zero-days and a code defect that nixed earlier security fixes appeared first on Help Net Security.
News URL
https://www.helpnetsecurity.com/2024/09/10/cve-2024-38217-cve-2024-43491/
#microsoft #security #zeroday #CVE-2024-38217 #CVE-2024-43491 #CVE-2024-38014 #CVE-2024-38226 #CVE-2024-43461
Related news
- URGENT: Microsoft Patches 57 Security Flaws, Including 6 Actively Exploited Zero-Days (source)
- Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days (source)
- Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws (source)
- Microsoft fixes two actively exploited zero-days (CVE-2025-21418, CVE-2025-21391) (source)
- Patch Tuesday: Microsoft Patches Two Actively Exploited Zero-Day Flaws (source)
- Microsoft fixes Power Pages zero-day bug exploited in attacks (source)
- Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws (source)
- Microsoft patches Windows Kernel zero-day exploited since 2023 (source)
- AI agents swarm Microsoft Security Copilot (source)
- After Detecting 30B Phishing Attempts, Microsoft Adds Even More AI to Its Security Copilot (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-10 | CVE-2024-43491 | Unspecified vulnerability in Microsoft Windows 10 1507 Microsoft is aware of a vulnerability in Servicing Stack that has rolled back the fixes for some vulnerabilities affecting Optional Components on Windows 10, version 1507 (initial version released July 2015). | 9.8 |
| 2024-09-10 | CVE-2024-43461 | Unspecified vulnerability in Microsoft products Windows MSHTML Platform Spoofing Vulnerability | 8.8 |
| 2024-09-10 | CVE-2024-38226 | Unspecified vulnerability in Microsoft Office and Publisher Microsoft Publisher Security Feature Bypass Vulnerability | 7.3 |
| 2024-09-10 | CVE-2024-38217 | Unspecified vulnerability in Microsoft products Windows Mark of the Web Security Feature Bypass Vulnerability | 0.0 |
| 2024-09-10 | CVE-2024-38014 | Unspecified vulnerability in Microsoft products Windows Installer Elevation of Privilege Vulnerability | 0.0 |