Сентябрьские патчи от Microsoft закрывают в общей сложности 79 уязвимостей, включая четыре активно эксплуатируемых в кибератаках и ещё одну с публично доступным эксплойтом.
Семь устранённых брешей, получивших статус критических, могут привести либо к удалённому выполнению кода, либо к повышению привилегий. По классам уязвимости в сентябре распределились следующим образом:
- 30 возможностей повышения привилегий;
- 4 бага обхода защитных функций;
- 23 возможности удалённого выполнения кода;
- 11 бреши раскрытия информации;
- 8 — DoS;
- 3 — спуфинг.
Как уже отмечалось выше, четыре пропатченные уязвимости фигурируют в реальных атаках. Вот их идентификаторы с описаниями:
- CVE-2024-38014 — повышение привилегий в Windows Installer, позволяющее злоумышленнику добраться до самых высоких прав — SYSTEM. Пока Microsoft не раскрывает подробности эксплуатации.
- CVE-2024-38217 — обход функции Mark of the Web (MoTW). Атакующий с помощью специально подготовленного ярлыка (LNK-файла) может обойти предупреждения систем безопасности Smart App Control и MoTW.
- CVE-2024-38226 — обход защитных функций в Microsoft Publisher. Злоумышленник может обойти защиту от выполнения макросов в Office.
- CVE-2024-43491 — возможность удалённого выполнения кода, затрагивающая службу обновления Windows.
А так выглядит общий список пропатченных дыр:
Затронутый продукт | CVE-идентификатор | CVE-наименование | Степень риска |
Azure CycleCloud | CVE-2024-43469 | Azure CycleCloud Remote Code Execution Vulnerability | Важная |
Azure Network Watcher | CVE-2024-38188 | Azure Network Watcher VM Agent Elevation of Privilege Vulnerability | Важная |
Azure Network Watcher | CVE-2024-43470 | Azure Network Watcher VM Agent Elevation of Privilege Vulnerability | Важная |
Azure Stack | CVE-2024-38216 | Azure Stack Hub Elevation of Privilege Vulnerability | Критическая |
Azure Stack | CVE-2024-38220 | Azure Stack Hub Elevation of Privilege Vulnerability | Критическая |
Azure Web Apps | CVE-2024-38194 | Azure Web Apps Elevation of Privilege Vulnerability | Критическая |
Dynamics Business Central | CVE-2024-38225 | Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability | Важная |
Microsoft AutoUpdate (MAU) | CVE-2024-43492 | Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability | Важная |
Microsoft Dynamics 365 (on-premises) | CVE-2024-43476 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Важная |
Microsoft Graphics Component | CVE-2024-38247 | Windows Graphics Component Elevation of Privilege Vulnerability | Важная |
Microsoft Graphics Component | CVE-2024-38250 | Windows Graphics Component Elevation of Privilege Vulnerability | Важная |
Microsoft Graphics Component | CVE-2024-38249 | Windows Graphics Component Elevation of Privilege Vulnerability | Важная |
Microsoft Management Console | CVE-2024-38259 | Microsoft Management Console Remote Code Execution Vulnerability | Важная |
Microsoft Office Excel | CVE-2024-43465 | Microsoft Excel Elevation of Privilege Vulnerability | Важная |
Microsoft Office Publisher | CVE-2024-38226 | Microsoft Publisher Security Feature Bypass Vulnerability | Важная |
Microsoft Office SharePoint | CVE-2024-38227 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Важная |
Microsoft Office SharePoint | CVE-2024-43464 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Критическая |
Microsoft Office SharePoint | CVE-2024-38018 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Критическая |
Microsoft Office SharePoint | CVE-2024-38228 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Важная |
Microsoft Office SharePoint | CVE-2024-43466 | Microsoft SharePoint Server Denial of Service Vulnerability | Важная |
Microsoft Office Visio | CVE-2024-43463 | Microsoft Office Visio Remote Code Execution Vulnerability | Важная |
Microsoft Outlook for iOS | CVE-2024-43482 | Microsoft Outlook for iOS Information Disclosure Vulnerability | Важная |
Microsoft Streaming Service | CVE-2024-38245 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability | Важная |
Microsoft Streaming Service | CVE-2024-38241 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability | Важная |
Microsoft Streaming Service | CVE-2024-38242 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability | Важная |
Microsoft Streaming Service | CVE-2024-38244 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability | Важная |
Microsoft Streaming Service | CVE-2024-38243 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability | Важная |
Microsoft Streaming Service | CVE-2024-38237 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | Важная |
Microsoft Streaming Service | CVE-2024-38238 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability | Важная |
Power Automate | CVE-2024-43479 | Microsoft Power Automate Desktop Remote Code Execution Vulnerability | Важная |
Role: Windows Hyper-V | CVE-2024-38235 | Windows Hyper-V Denial of Service Vulnerability | Важная |
SQL Server | CVE-2024-37338 | Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability | Важная |
SQL Server | CVE-2024-37980 | Microsoft SQL Server Elevation of Privilege Vulnerability | Важная |
SQL Server | CVE-2024-26191 | Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability | Важная |
SQL Server | CVE-2024-37339 | Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability | Важная |
SQL Server | CVE-2024-37337 | Microsoft SQL Server Native Scoring Information Disclosure Vulnerability | Важная |
SQL Server | CVE-2024-26186 | Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability | Важная |
SQL Server | CVE-2024-37342 | Microsoft SQL Server Native Scoring Information Disclosure Vulnerability | Важная |
SQL Server | CVE-2024-43474 | Microsoft SQL Server Information Disclosure Vulnerability | Важная |
SQL Server | CVE-2024-37335 | Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability | Важная |
SQL Server | CVE-2024-37966 | Microsoft SQL Server Native Scoring Information Disclosure Vulnerability | Важная |
SQL Server | CVE-2024-37340 | Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability | Важная |
SQL Server | CVE-2024-37965 | Microsoft SQL Server Elevation of Privilege Vulnerability | Важная |
SQL Server | CVE-2024-37341 | Microsoft SQL Server Elevation of Privilege Vulnerability | Важная |
Windows Admin Center | CVE-2024-43475 | Microsoft Windows Admin Center Information Disclosure Vulnerability | Важная |
Windows AllJoyn API | CVE-2024-38257 | Microsoft AllJoyn API Information Disclosure Vulnerability | Важная |
Windows Authentication Methods | CVE-2024-38254 | Windows Authentication Information Disclosure Vulnerability | Важная |
Windows DHCP Server | CVE-2024-38236 | DHCP Server Service Denial of Service Vulnerability | Важная |
Windows Installer | CVE-2024-38014 | Windows Installer Elevation of Privilege Vulnerability | Важная |
Windows Kerberos | CVE-2024-38239 | Windows Kerberos Elevation of Privilege Vulnerability | Важная |
Windows Kernel-Mode Drivers | CVE-2024-38256 | Windows Kernel-Mode Driver Information Disclosure Vulnerability | Важная |
Windows Libarchive | CVE-2024-43495 | Windows libarchive Remote Code Execution Vulnerability | Важная |
Windows Mark of the Web (MOTW) | CVE-2024-38217 | Windows Mark of the Web Security Feature Bypass Vulnerability | Важная |
Windows Mark of the Web (MOTW) | CVE-2024-43487 | Windows Mark of the Web Security Feature Bypass Vulnerability | Средняя |
Windows MSHTML Platform | CVE-2024-43461 | Windows MSHTML Platform Spoofing Vulnerability | Важная |
Windows Network Address Translation (NAT) | CVE-2024-38119 | Windows Network Address Translation (NAT) Remote Code Execution Vulnerability | Критическая |
Windows Network Virtualization | CVE-2024-38232 | Windows Networking Denial of Service Vulnerability | Важная |
Windows Network Virtualization | CVE-2024-38233 | Windows Networking Denial of Service Vulnerability | Важная |
Windows Network Virtualization | CVE-2024-38234 | Windows Networking Denial of Service Vulnerability | Важная |
Windows Network Virtualization | CVE-2024-43458 | Windows Networking Information Disclosure Vulnerability | Важная |
Windows PowerShell | CVE-2024-38046 | PowerShell Elevation of Privilege Vulnerability | Важная |
Windows Remote Access Connection Manager | CVE-2024-38240 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | Важная |
Windows Remote Desktop Licensing Service | CVE-2024-38231 | Windows Remote Desktop Licensing Service Denial of Service Vulnerability | Важная |
Windows Remote Desktop Licensing Service | CVE-2024-38258 | Windows Remote Desktop Licensing Service Information Disclosure Vulnerability | Важная |
Windows Remote Desktop Licensing Service | CVE-2024-43467 | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | Важная |
Windows Remote Desktop Licensing Service | CVE-2024-43454 | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | Важная |
Windows Remote Desktop Licensing Service | CVE-2024-38263 | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | Важная |
Windows Remote Desktop Licensing Service | CVE-2024-38260 | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | Важная |
Windows Remote Desktop Licensing Service | CVE-2024-43455 | Windows Remote Desktop Licensing Service Spoofing Vulnerability | Важная |
Windows Security Zone Mapping | CVE-2024-30073 | Windows Security Zone Mapping Security Feature Bypass Vulnerability | Важная |
Windows Setup and Deployment | CVE-2024-43457 | Windows Setup and Deployment Elevation of Privilege Vulnerability | Важная |
Windows Standards-Based Storage Management Service | CVE-2024-38230 | Windows Standards-Based Storage Management Service Denial of Service Vulnerability | Важная |
Windows Storage | CVE-2024-38248 | Windows Storage Elevation of Privilege Vulnerability | Важная |
Windows TCP/IP | CVE-2024-21416 | Windows TCP/IP Remote Code Execution Vulnerability | Важная |
Windows TCP/IP | CVE-2024-38045 | Windows TCP/IP Remote Code Execution Vulnerability | Важная |
Windows Update | CVE-2024-43491 | Microsoft Windows Update Remote Code Execution Vulnerability | Критическая |
Windows Win32K - GRFX | CVE-2024-38246 | Win32k Elevation of Privilege Vulnerability | Важная |
Windows Win32K - ICOMP | CVE-2024-38252 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | Важная |
Windows Win32K - ICOMP | CVE-2024-38253 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | Важная |