Published on: September 12, 2024
The newest Windows September 2024 update fixes more than 70 key problems, including one problem so severe that it’s considered a total loss of confidentiality.
The US Cybersecurity and Security Infrastructure Agency (CISA) issued a warning, urging everyone with a computer to ensure they’ve gotten the most recent patch. 3 of the 4 severe vulnerabilities were found on CISA’s list of known exploits, making it the agency’s responsibility to issue mitigations within 3 weeks.
“A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system,” they explain.
The most severe exploit, CVE-2024-4349, would allow a hacker to remotely restrict you from using your computer while they accessed important details. This requires absolutely no interaction from the user either, making it almost impossible for the average person to defend themselves against.
“Functional exploit code is available. The code works in most situations where the vulnerability exists,” Microsoft writes.
It ranked as a 9.8/10 on Microsoft’s security score.
Several other critical flaws were fixed by CISA as well, including one bug that took advantage of a known vulnerability within Microsoft Windows Mark of the Web (MOTW). The MOTW Security Feature Bypass feature would let hackers limit users’ security features, usually in preparation for more devastating attacks.
“An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as SmartScreen Application Reputation security check and/or the legacy Windows Attachment Services security prompt,” Microsoft writes in the full report.
Having an unpatched Microsoft Windows Installer also came with a serious flaw. If a hacker managed to trick someone into giving them user privileges (usually through a phishing scam), they could take SYSTEM privileges from the victim.
CISA highly encourages every Windows customer to apply this latest patch.