Patch Tuesday Italia Settembre

Presentato da Sara Gamba e Umberto Fogagnolo
Patch Tuesday Webinar
Giovedì 12 Settembre 2024

Copyright © 2024 Ivanti. All rights reserved. 2
Agenda
▪ September 2024 Patch Tuesday Overview
▪ In the News
▪ Bulletins and Releases
▪ Between Patch Tuesdays
▪ Q & A

September 2024 Patch Tuesday is here and brings
updates from Microsoft, Adobe, and Ivanti. Microsoft
has released updates for the Windows OS, Office,
Sharepoint, SQL Server, and several Azure services
and components. Adobe released updates for several
products including Adobe Acrobat and Reader. Ivanti
has also released updates for three products.
Out of these releases the highest priorities this month
are going to be to address Zero-day vulnerabilities in
the Windows OS and Office.
For more details check out this month's Patch Tuesday
blog.
September Patch Tuesday 2024

In the News

In the News
▪ The AI Wild West: Unraveling the Security and Privacy Risks of GenAI Apps
▪ https://www.securityweek.com/the-ai-wild-west-unraveling-the-security-and-privacy-risks-of-genai-
apps/
▪ Ivanti Patches Critical Vulnerabilities in Endpoint Manager
▪ https://www.securityweek.com/ivanti-patches-critical-vulnerabilities-in-endpoint-manager/
▪ It’s Time to Take Ransomware Seriously
▪ https://www.forbes.com/councils/forbestechcouncil/2024/09/11/its-time-to-take-ransomware-seriously/
▪ Russia accused of EU and Nato cyberattacks
▪ https://www.bbc.com/news/articles/c984zenjkz5o

▪ CVE-2024-38217 Windows Mark of the Web Security Feature Bypass Vulnerability
▪ CVSS 3.1 Scores: 5.4 / 5.0
▪ Severity: Important
▪ Impact: Security Feature Bypass
▪ Affected Systems: All currently supported Windows operating systems
▪ Per Microsoft: To exploit this vulnerability, an attacker could host a file on an attacker-controlled server,
then convince a targeted user to download and open the file. This could allow the attacker to interfere
with the Mark of the Web functionality. An attacker can craft a malicious file that would evade Mark of
the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features
such as SmartScreen Application Reputation security check and/or the legacy Windows Attachment
Services security prompt.
Publicly Disclosed and Known Exploited Vulnerabilities

▪ CVE-2024-38014 Windows Installer Elevation of Privilege Vulnerability
▪ CVSS 3.1 Scores: 7.8 / 6.8
▪ Impact: Elevation of Privilege
▪ Affected Systems: All currently supported Windows operating systems
▪ Per Microsoft: An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
▪ CVE-2024-38226 Microsoft Publisher Security Feature Bypass Vulnerability
▪ CVSS 3.1 Scores: 7.3 / 6.4
▪ Impact: Security Feature Bypass
▪ Affected Systems: Microsoft Publisher 2016, Office 2019, Office LTSC 2021
▪ Per Microsoft: An attacker who successfully exploited this vulnerability could bypass Office macro policies used
to block untrusted or malicious files. The Preview Pane is not an attack vector. An authenticated attacker could
exploit the vulnerability by convincing a victim, through social engineering, to download and open a specially
crafted file from a website which could lead to a local attack on the victim computer.
Known Exploited Vulnerabilities

▪ CVE-2024-43491 Microsoft Windows Update Remote Code Execution Vulnerability
▪ CVSS 3.1 Scores: 9.8 / 8.5
▪ Severity: Critical
▪ Impact: Elevation of Privilege
▪ Affected Systems: Microsoft is aware of a vulnerability in Servicing Stack that has rolled back the fixes
for some vulnerabilities affecting Optional Components on Windows 10, version 1507 (initial version
released July 2015). This means that an attacker could exploit these previously mitigated
vulnerabilities on Windows 10, version 1507 (Windows 10 Enterprise 2015 LTSB and Windows 10 IoT
Enterprise 2015 LTSB) systems that have installed the Windows security update released on March
12, 2024—KB5035858 (OS Build 10240.20526) or other updates released until August 2024. All later
versions of Windows 10 are not impacted by this vulnerability.
▪ Per Microsoft: If you have installed any of the previous security updates released between March and
August 2024, the rollbacks of the fixes for CVEs affecting Optional Components have already
occurred. To restore these fixes, customers need to install the September 2024 Servicing Stack
Update and Security Update for Windows 10.
▪ NOTE: Although some of original CVEs were known to be exploited, no exploitation of CVE-2024-
43491 itself has been detected.
Known Exploited Vulnerabilities (cont)

Ivanti Endpoint Manager Ivanti Cloud Service Appliance
Security Advisory: Ivanti
Workspace Control
Security Advisory: EPM
September 2024
Vulnerabilities:
• Resolves 16 vulnerabilities
• 9 are rated Critical
Affected Versions:
• 2024
• 2022 SU5 and earlier
Security Advisory: Ivanti
Cloud Service Appliance
Ivanti Workspace Control
Ivanti September Security Updates
Vulnerabilities:
• CVE-2024-8190 CVSS: 7.2
Affected Versions:
• CSA 4.6 (All versions before Patch
519)
NOTE: Ivanti CSA 4.6 is EOL. All
customers must upgrade to CSA 5.0
for continued support.
Vulnerabilities:
• Resolves 6 vulnerabilities
• All are rated HIgh
Affected Versions:
• 10.18.0.0 and below
NOTE: IWC reaches End-of-Life on
December 31, 2026. Migrating to
Ivanti User Workspace Manager
provides a superior and secure
replacement.
No vulnerabilities were known to be exploited at the time of disclosure

CVE-2024-39480
CVSS 3: 7.8
Impact: Affects Ubuntu 16.04 & 18.04
▪ A buffer overflow was fixed in the tab-complete
behavior of the kernel debugger.
▪ Length of the buffer is passed in the wrong
parameter (should be a pointer to a memory
location), and this opens the possibility of write-
past-end-of-buffer scenarios in the debugger,
inside the Kernel memory space.
▪ When user attempts symbol completion with the
Tab key, kdb will use strncpy() to insert
completed symbol into the command buffer.
Unfortunately, it passes the size of the source
buffer rather than the destination to strncpy(). If
command buffer is already full but cp (cursor
position) is in the middle of the buffer, then we
will write past the end of the supplied buffer.
Mitigation
Either replace the dubious strncpy() calls with
memmove()/memcpy() calls plus explicit boundary
checks to make sure we have enough space before
we start moving characters around OR update the
kernel to the latest version available.
New and Notable Linux Vulnerabilities: 1
Highlighted by TuxCare

CVE-2024-42154
CVSS 3: 9.8
Impact: Affects all Enterprise Linux distributions.
▪ In the kernel network stack there is a length
check missing under tcp_metrics.
▪ A specific metric
(TCP_METRICS_ATTR_SADDR_IPV4) if not
being limited in size, and, if an exploit path is
found, can be abused to write past the assigned
4 byte memory space that it has.
▪ ip tcp_metrics is used to manipulate entries in
the kernel that keep TCP information for IPv4
and IPv6 destinations.
Mitigation
Update the kernel to the latest version available.

CVE-2024-38428
CVSS 3: 9.1
Impact: Affects all Enterprise Linux distributions’
versions of wget, up to wget 1.24.5.
▪ The venerable wget utility mishandles colons in
the userinfo portion of a URI and can mistakenly
use it as host component instead.
▪ Using semicolons in the userinfo component isn't
common, but a user could be tricked into
thinking they are connecting to a different host
than they are.
▪ This can lead to scenarios where specific firewall
rules are bypassed and access to otherwise
blocked resources could be possible. DNS
queries may be sent to incorrect and potentially
malicious domains.
▪ Possible consequences: resource restriction
bypass, sensitive data leakage, and remote
code execution.
Mitigation
Patch to a higher version than 1.24.5

Microsoft Patch Tuesday Updates of Interest
Advisory 990001
Latest Servicing Stack Updates (SSU)
▪ https://msrc.microsoft.com/update-
guide/en-US/vulnerability/ADV990001
▪ Server 2012/2012 R2 ESU and Windows
10 (see graphic)
Azure and Development Tool Updates
▪ Azure CycleCloud 8.0.0 – 8.6.3
▪ Azure Network Watcher VM Extension
for Windows
▪ Azure Stack Hub
▪ Azure Web Apps
Source: Microsoft

Windows 10
and 11 Lifecycle
Awareness
Windows 10 Enterprise and Education
Version Release Date End of Support Date
22H2 10/18/2022 10/14/2025
Windows 10 Home and Pro
22H2 10/18/2022 10/14/2025
Windows 11 Home and Pro
23H2 10/31/2023 11/11/2025
22H2 9/20/2022 10/8/2024
Windows 11 Enterprise and Education
23H2 10/31/2023 11/10/2026
22H2 9/20/2022 10/14/2025
21H2 10/4/2021 10/8/2024
Source: Microsoft
https://docs.microsoft.com/en-us/lifecycle/faq/windows

Server Long-term Servicing Channel Support
Server LTSC Support
Version Editions Release Date Mainstream Support Ends Extended Support Ends
Windows Server 2022 Datacenter and Standard 08/18/2021 10/13/2026 10/14/2031
Windows Server 2019
(Version 1809)
Datacenter, Essentials, and Standard 11/13/2018 01/09/2024 01/09/2029
Windows Server 2016
(Version 1607)
Datacenter, Essentials, and Standard 10/15/2016 01/11/2022 01/11/2027
https://learn.microsoft.com/en-us/windows-server/get-started/windows-server-release-info
▪ Focused on server long-term stability
▪ Major version releases every 2-3 years
▪ 5 years mainstream and 5 years extended support
▪ Server core or server with desktop experience available
Source: Microsoft

Patch Content Announcements
Announcements Posted on Community Forum Pages
▪ https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2
▪ Subscribe to receive email for the desired product(s)
Content Info: Endpoint Security
Content Info: Endpoint Manager
Content Info: macOS Updates
Content Info: Linux Updates
Content Info: Patch for Configuration Manager
Content Info: ISEC and Neurons Patch
Content Info: Neurons Patch for InTune

Bulletins and Releases

Copyright © 2024 Ivanti. All rights reserved.
APSB24-70: Security Update for Adobe Acrobat and Reader
▪ Maximum Severity: Critical
▪ Affected Products: Adobe Acrobat and Reader (DC Continuous, Classic 2020, and Classic 2024)
▪ Description: Adobe has released a security update for Adobe Acrobat and Reader for Windows
and macOS. This update addresses 2 vulnerabilities; both are rated Critical.
▪ Impact: Arbitrary Code Execution
▪ Fixes 2 Vulnerabilities: See https://helpx.adobe.com/security/products/acrobat/apsb24-70.html
for more details.
▪ Restart Required: Requires application restart
1

MS24-09-W11: Windows 11 Update
▪ Affected Products: Microsoft Windows 11 Version 21H2, 22H2, 23H2, 24H2* and Edge
Chromium
▪ Description: This bulletin references KB 5043067 (21H2), KB 5043076 (22H2/23H2), and KB
5043080 (24H2). See KBs for details of all changes.
▪ Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing,
Elevation of Privilege, and Information Disclosure
▪ Fixes 31 Vulnerabilities: CVE-2024-38217 is publicly disclosed and known exploited. CVE-2024-
38217 and CVE-2024-38014 are known exploited. See the Security Update Guide for the
complete list of CVEs.
▪ Restart Required: Requires restart
▪ Known Issues: See next slide
NOTE: Win 11 24H2* update is targeted for Copilot+ PCs devices and devices that were previously
using Windows Insider 24H2 builds
1

September Known Issues for Windows 11
▪ KB 5043067 – Windows 11 version 21H2, all editions
▪ [Prof_Pic] After installing this update, you might be unable to change your user account
profile picture. When attempting to change a profile picture by selecting the button Start>
Settings> Accounts > Your info, and then selecting Choose a file, you might receive an error
message with error code 0x80070520.
▪ [Dual_Boot] After installing this security update, you might face issues with booting Linux if
you have enabled the dual-boot setup for Windows and Linux in your device. On some
devices, the dual-boot detection did not detect some customized methods of dual-booting
and applied the Secure Boot Active Targeting value when it should not have been applied..
▪ Workaround: Microsoft is working on a resolution
▪ KB 5043076 – Windows 11 version 22H2 and 23H2, all editions
▪ [Dual_Boot]

September Known Issues for Windows 11 (cont)
▪ KB 5043080 – Windows 11 version 24H2, all editions
▪ [Roblox] We’re aware of an issue where players on Arm devices are unable to download
and play Roblox via the Microsoft Store on Windows.
▪ Workaround: Download Roblox directly from vendor.

MS24-09-W10: Windows 10 Update
▪ Affected Products: Microsoft Windows 10 Versions 1607, 1809, 22H2, Server 2016, Server
2019, Server 2022, Server 2022 Datacenter: Azure Edition and Edge Chromium
▪ Description: This bulletin references multiple KB articles. See Windows 10 and associated
server KBs for details of all changes.
▪ Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing,
Elevation of Privilege, and Information Disclosure
▪ Fixes 45 Vulnerabilities: : CVE-2024-38217 is publicly disclosed and known exploited. CVE-
2024-38217, CVE-2024-38014 and, CVE-2024-43491 are known exploited. See the Security
Update Guide for the complete list of CVEs.
1

September Known Issues for Windows 10
▪ KB 5043083 – Windows 10
▪ [Dual_Boot]
▪ KB 5043051 – Windows 10 version 1607, all editions; Windows Server 2016, all editions
▪ [Dual_Boot]
▪ KB 5043050 – Win 10 Enterprise LTSC 2019, Win 10 IoT Enterprise LTSC 2019, Windows 10
IoT Core 2019 LTSC, Windows Server 2019
▪ [Dual_Boot]
▪ KB 5043064 – Windows 10 Enterprise LTSC 2021, Windows 10 IoT Enterprise LTSC 2021,
Windows 10, version 22H2, all editions
▪ [Prof_Pic]
▪ [Dual_Boot]
▪ KB 5042881 – Windows Server 2022
▪ [Prof_Pic]
▪ [Dual_Boot]

▪ Affected Products: Microsoft SharePoint Server Subscription Edition, SharePoint Enterprise
Server 2016, and SharePoint Server 2019
▪ Description: This security update resolves several Microsoft SharePoint Server remote code
execution and denial of service vulnerabilities. This bulletin is based on KB 5002639 (2019), KB
5002640 (sub), and KB 5002624 (2016) articles.
▪ Impact: Remote Code Execution, Denial of Service
▪ Fixes 5 Vulnerabilities: CVE-2024-38018, CVE-2024-38227, CVE-2024-38228, CVE-2024-
43464, and CVE-2024-43466. No CVEs are reported exploited or publicly disclosed.
MS24-09-SPT: Security Updates for Sharepoint Server
1

September Known Issues for Sharepoint Server
▪ KB 5002624 – Microsoft SQL Server 2016
▪ [Serial_Data] After you apply this update, you might experience an issue that affects the
deserialization of custom types that inherit from IDictionary.
▪ [Type_Blocked] You might experience an issue in which SharePoint workflows can't be
published because the unauthorized type is blocked. This issue also generates event tag
"c42q0" in SharePoint Unified Logging System (ULS) logs.
▪ Workaround. See KB for detailed instructions.
▪ KB 5002639 – Microsoft SQL Server 2019
▪ [Serial_Data]
▪ [Type_Blocked]
▪ KB 5002640 – Microsoft SQL Server Subscription Edition
▪ [Serial_Data]
▪ [Type_Blocked]

MS24-09-SQL: Security Updates for SQL Server
▪ Maximum Severity: Important
▪ Affected Products: Microsoft SQL Server 2016 SP3 (GDR and Azure Connect Feature Pack),
Microsoft SQL Server 2017 (GDR and CU31), Microsoft SQL Server 2019 (GDR and CU28)
and Microsoft SQL Server 2022 (GDR and CU14)
▪ Description: This security update fixes a wide spectrum of security vulnerabilities related to SQL
Server machine learning services and others. This bulletin is based on 8 KB articles.
▪ Impact: Remote Code Execution, Elevation of Privilege, Information Disclosure
▪ Fixes 13 Vulnerabilities: No CVEs are known exploited or publicly disclosed. See the Security
Update Guide for the complete list of CVEs.
▪ Known Issues: None reported
2

▪ Affected Products: Excel 2016, Publisher 2016, Office Online Server, and Office LTSC for Mac
2021
▪ Description: This security update resolves a security feature bypass and an elevation of privilege
vulnerability in Microsoft Office. This bulletin references 3 KBs plus a set of release notes.
▪ Impact: Security Feature Bypass, Elevation of Privilege
▪ Fixes 3 Vulnerabilities: CVE-2024-38226 is known exploited. CVE-2024-38250 and CVE-2024-
43465 are not known to be exploited or publicly disclosed.
MS24-09-OFF: Security Updates for Microsoft Office
1
2

▪ Affected Products: Microsoft 365 Apps, Office 2019, and Office LTSC 2021
▪ Description: This security update resolves a remote code execution, security feature bypass,
and an elevation of privilege vulnerability in Microsoft Office. Information on the security updates
is available at
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates.
▪ Impact: Remote Code Execution, Security Feature Bypass, Elevation of Privilege
▪ Fixes 3 Vulnerabilities: CVE-2024-38226 is known exploited. CVE-2024-43463 and CVE-2024-
43465 are not known to be exploited or publicly disclosed.
MS24-9-O365: Security Updates for Microsoft 365 Apps
1
2

Between
Patch Tuesdays

Windows Release Summary
▪ Security Updates (with CVEs): Adobe Acrobat and Reader (1), Google Chrome (3), Eclipse Adoptium
(1), Firefox (1), Firefox ESR (2), Opera (2), Plex Media Server (1), PyCharm Professional (2), Python
(1), Wireshark (2)
▪ Security Updates (w/o CVEs): Adobe Acrobat DC and Acrobat Reader DC (1), Audacity (1), CCleaner
(1), ClickShare App Machine-Wide Installer (1), Falcon Sensor for Windows (1), Citrix Workspace App
LTSR (1), Docker For Windows (1), Dropbox (1), Firefox (1), Grammarly for Windows (3), LibreOffice
(2), Nitro Pro (1), Node.JS (Current) (2), Node.JS (LTS Upper) (1), Opera (3), PDF24 Creator (1), Plex
Media Server (2), PeaZip (1), Skype (2), SeaMonkey (1), Slack Machine-Wide Installer (2), Snagit (1),
Tableau Desktop (6), Tableau Reader (1), Thunderbird (2), TeamViewer (2), Wireshark (1), Cisco
Webex Meetings Desktop App (1), Zoom Workplace Desktop App (2), Zoom Rooms App (2), Zoom
Workplace VDI App (1)
▪ Non-Security Updates: Amazon WorkSpaces (1), Beyond Compare (1), Box Drive (1), Bitwarden (3),
Camtasia (2), DeepL Translator (1), draw.io (1), Evernote (7), Google Drive File Stream (1), GoodSync
(2), GeoGebra Classic (1), GoTo Connect (1), Logi Tune (1), NextCloud Desktop Client (1),
RingCentral App (Machine-Wide Installer) (2), Rocket.Chat Desktop Client (1), Cisco Webex Teams (2),
WeCom (1)

Windows Third Party CVE Information
▪ Adobe Acrobat and Reader
▪ APSB24-57, QADC2400130159
▪ Fixes 12 Vulnerabilities: CVE-2024-39383, CVE-2024-39422, CVE-2024-39423, CVE-2024-39424,
CVE-2024-39425, CVE-2024-39426, CVE-2024-41830, CVE-2024-41831, CVE-2024-41832,
CVE-2024-41833, CVE-2024-41834, CVE-2024-41835
▪ Eclipse Adoptium 8.0.422.5
▪ ECL8-240819, QECLJDK804225
CVE-2024-21145, CVE-2024-21147, CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-
2024-21144, CVE-2024-21145, CVE-2024-21147
▪ Opera 113.0.5230.32
▪ OPERA-240826, QOP1130523032
▪ Fixes 1 Vulnerability: CVE-2024-7971

Windows Third Party CVE Information (cont)
▪ Google Chrome 128.0.6613.85
▪ CHROME-240821, QGC1280661385
CVE-2024-7968, CVE-2024-7969, CVE-2024-7971, CVE-2024-7972, CVE-2024-7973, CVE-2024-
7974, CVE-2024-7975, CVE-2024-7976, CVE-2024-7977, CVE-2024-7978, CVE-2024-7979,
CVE-2024-7980, CVE-2024-7981, CVE-2024-8033, CVE-2024-8034, CVE-2024-8035
▪ CHROME-240828, QGC12806613114
▪ Fixes 4 Vulnerabilities: CVE-2024-7969, CVE-2024-8193, CVE-2024-8194, CVE-2024-8198
▪ CHROME-240902, QGC12806613120

▪ Firefox 130
▪ FF-240903, QFF1300
8389
▪ Firefox ESR 115.15.0
▪ FFE115-240904, QFFE115150
▪ FFE128-240904, QFFE12820
▪ Fixes 7 Vulnerabilities: CVE-2024-8381, CVE-2024-8382, CVE-2024-8383, CVE-2024-8384, CVE-
2024-8385, CVE-2024-8386, CVE-2024-8387

▪ Python 3.12.6
▪ PYTHN312-240906, QPYTH3126
CVE-2024-45492, CVE-2024-6232, CVE-2024-7592, CVE-2024-8088
▪ Plex Media Server 1.40.5.8921
▪ PLXS-240829, QPLXS14058921
▪ PyCharm Professional 2023.3.6
▪ PYCHARM-240827, QPYCHARM202336
▪ Wireshark 4.2.7
▪ WIRES42-240828, QWIRES427EXE and QWIRES427MSI

Apple Release Summary
▪ Security Updates (with CVEs): Adobe Acrobat and Reader (1), Google Chrome (3), Firefox
(1), Firefox ESR (1), Microsoft Edge (1), SeaMonkey (1)
▪ Security Updates (w/o CVEs): None
▪ Non-Security Updates: 1Password for Mac (1), BetterTouchTool (5), Brave (3), Docker
Desktop (1), draw.io (1), Dropbox (1), Evernote (6), Firefox (1), Figma (1), Google Drive (1),
Grammarly (5), IntelliJ IDEA (2), Krisp (1), LibreOffice (1), Microsoft Edge (3), OneDrive (1),
Microsoft Office 2019 Outlook (1), PyCharm Professional (1), Microsoft Office 2019 PowerPoint
(1), Slack (2), Thunderbird (1), Microsoft Teams (1), Visual Studio Code (1), Webex Teams for
Mac (2), Zoom Client (2)

Apple Third Party CVE Information
▪ Adobe Acrobat 2024 Classic 24.001.30159
▪ ARDC24-240813
CVE-2024-39425, CVE-2024-39426, CVE-2024-41830, CVE-2024-41831, CVE-2024-41832,
CVE-2024-41833, CVE-2024-41834, CVE-2024-41835
▪ Firefox 130
▪ FF-240903
8389
▪ FFE115-240904

Apple Third Party CVE Information (cont)
▪ CHROMEMAC-240822
CVE-2024-7980, CVE-2024-7981, CVE-2024-8033, CVE-2024-8034, CVE-2024-8035

Apple Third Party CVE Information (cont)
▪ Microsoft Edge 128.0.2739.42
▪ MEDGEMAC-240823
▪ Fixes 24 Vulnerabilities: CVE-2024-38208, CVE-2024-38209, CVE-2024-38210, CVE-2024-
41879, CVE-2024-7964, CVE-2024-7965, CVE-2024-7966, CVE-2024-7967, CVE-2024-
CVE-2024-7975, CVE-2024-7976, CVE-2024-7977, CVE-2024-7978, CVE-2024-7979, CVE-
2024-7980, CVE-2024-7981, CVE-2024-8033, CVE-2024-8034, CVE-2024-8035
▪ SeaMonkey 2.53.19
▪ SM-240904
CVE-2019-9811

Q & A

Patch Tuesday Italia Settembre

More Related Content

Similar to Patch Tuesday Italia Settembre

More from Ivanti

Recently uploaded

Patch Tuesday Italia Settembre