Microsoft disclosed four vulnerabilities that are actively being exploited in the wild as part of its regular Patch Tuesday security update this week in what’s become a regular occurrence for the company’s patches in 2024.
Two of the zero-day vulnerabilities, CVE-2024-38226 and CVE-2024-38014, exist in the Microsoft Publisher software and Windows Installer, respectively. Last month, Microsoft disclosed six vulnerabilities in its Patch Tuesday that were already being exploited in the wild.
In all, September’s monthly round of patches from Microsoft included 79 vulnerabilities, seven of which are considered critical. In addition to the zero-days disclosed Tuesday, Microsoft also fixed a security issue that had already been publicly disclosed: CVE-2024-38217, a vulnerability in Windows Mark of the Web that could allow an adversary to bypass usual MOTW detection techniques.
Cisco Talos’ Vulnerability Research team also discovered an information disclosure vulnerability in the AllJoyn API that could allow an adversary to access uninitialized memory. CVE-2024-38257 is considered “less likely” to be exploited, though it does not require any user interaction or user privileges.
The most serious of the issues included in September’s Patch Tuesday is included group vulnerabilities microsoft discloses including severity score