The September 2024 Security Up... Note

The September 2024 Security Update Review

In September 2024's security patches, Adobe released eight bulletins for 28 CVEs in various software, including a critical patch for ColdFusion with a CVSS score of 9.8. Microsoft released patches for 79 CVEs in various products, including seven Critical-rated vulnerabilities. Four of the Microsoft CVEs were reported through ZDI.Microsoft's patches address bugs being actively exploited, including CVE-2024-43491, which allows remote code execution due to a downgrade attack, and CVE-2024-38226, which allows bypassing of security features in Microsoft Publisher. Another notable CVE, CVE-2024-38014, leads to privilege escalation in Windows Installer.Adobe's patches include fixes for critical bugs in Photoshop, Illustrator, and Media Encoder. None of the Adobe bugs are reported as publicly known or under active attack.Microsoft lists CVE-2024-43461 as under attack, despite ZDI reporting it as being actively exploited. This bug allows spoofing in the MSHTML platform.Overall, Adobe's patches are rated as deployment priority 3, while Microsoft's patches range in severity from Moderate to Critical.