On September 10, 2024, Microsoft released its monthly Patch Day updates, tackling a total of 79 security vulnerabilities. Most of these are categorized as “critical” or “high risk,” with four known to be actively exploited. Immediate updating is recommended to safeguard your systems.
This batch of updates affects a broad range of Windows versions, including Windows 10, Windows 11, and Windows Server, with 67 vulnerabilities spread across these systems. Windows 7 and 8.1 are notably absent from the current security reports, indicating they might still be at risk. Upgrading to Windows 10 (22H2) or Windows 11 (23H2) is advisable to continue receiving security patches, with Windows 11 being the better long-term option given Windows 10’s end of support in 2025.
The updates also touch on Windows 11 24H2, though this fall update is still under testing and not yet publicly released. Users on Windows 11 22H2 should upgrade to 23H2 soon to avoid disruptive forced updates, as the final security update for 22H2 will be issued on October 8, 2024.
Several zero-day vulnerabilities have been patched, with some already exploited. Detailed insights are scarce in the security update guide, but reports from experts like Dustin Childs highlight the real-world exploitation of issues such as CVE-2024-43461. Key vulnerabilities include CVE-2024-38217, a Security Feature Bypass affecting the “Mark of the Web” (MotW), and CVE-2024-43491, a Remote Code Execution issue affecting older Windows 10 versions.
Critical vulnerabilities also include CVE-2024-38119, related to NAT, and multiple RCE issues within Windows Remote Desktop Services, Microsoft Management Console, and Power Automate for Desktop.
In Microsoft Office, 11 vulnerabilities were patched, including a zero-day and two critical flaws. CVE-2024-38226, discovered in Microsoft Publisher, allows for bypassing macro security guidelines. SharePoint Server and Visio also had several RCE vulnerabilities fixed. SQL Server received patches for 13 vulnerabilities, with six RCE issues among them.
The Edge browser update to version 128.0.2739.63 includes security fixes, though release notes are not fully detailed yet. Google’s Chrome has also received a security update addressing high-risk vulnerabilities, awaiting Microsoft’s response.