Patch Tuesday Support Group September Webinar
Webinar Summary
Celebrate the first anniversary of the Patch Tuesday Support Group. Jordan reviews the latest security and vulnerability news and then compares stats from the year. Bryan Dam then reviews hot topic articles over the last month, including Windows 10 1507 (LTSB) critical CRE, the second SolarWinds critical bug in Web Help Desk, bypassing airport security via SQL injection, what’s new at Microsoft, and much more. Wrapping up and joining Jordan and Bryan for the Support Group September webinar is Alon Leviev to share his findings for the Windows Update downgrade attacks.
Watch the Webinar Recording
Webinar Hosts
Bryan Dam
Patch My PC
Software Engineer
Jordan Benzing
Patch My PC
Security Engineer Lead
Alon Leviev
Alon Leviev
Security Researcher
Patch Tuesday Support Group Webinar Recap
Patch Tuesday September News
Patching Concerns
Microsoft disables BitLocker security fix, advises manual mitigation – October Deadline — msrc.microsoft.com, support.microsoft.com
September’s patches Fix Four Known Issues with August Patches— support.microsoft.com
Windows 10 1507 (LTSB) Has a Critical RCE (Remote Code Execution) — msrc.microsoft.com
End of Life for Win 11 22H3 (Home/Pro) and Win 11 21H2 (Edu/Ent) Next Month — learn.microsoft.com, learn.microsoft.com
Security Updates
TAKE ACTION: Enable multifactor authentication for your tenant before October 15, 2024 — admin.microsoft.com, techcommunity.microsoft.com
The Slow-Burn Nightmare of the National Public Data Breach — krebsonsecurity.com, nationalpublicdata.com, krebsonsecurity.com
Justice Department Disrupts North Korean Remote IT Worker Fraud Schemes Through Charges and Arrest of Nashville Facilitator — justice.gov
Second SolarWinds Critical Bug in Web Help Desk — darkreading.com
United States Joins Suit Against the Georgia Institute of Technology and Georgia Tech Research Corporation Alleging Cybersecurity Violations — justice.gov
Lidl’s Cloud Gambit: Europe’s Shift to Sovereign Computing — horovits.medium.com
SonicWall Urges Users to Patch Critical Firewall Flaw Amid Possible Exploitation — thehackernews.com
Seattle-Tacoma Airport IT systems down due to a cyberattack — bleepingcomputer.com
Bypassing airport security via SQL injection — ian.sh/tsa
Payment gateway data breach affects 1.7 million credit card owners — bleepingcomputer.com
End of the Road: An AnandTech Farewell — anandtech.com
Windows Downdate: Downgrade Attacks Using Windows Update — safebreach.com
What’s New at Microsoft
Unified Teams app for work, personal and education accounts now available on Windows— blogs.windows.com
Microsoft to host Windows Endpoint Security Ecosystem Summit in September — blogs.windows.com
Windows 11’s 24H2 update is almost here — let’s talk about some of the features we’re expecting to see — techradar.com
Copilot+ PCs expand availability with new AMD and Intel silicon — blogs.windows.com
Defender for Endpoint has been removed from the base image for Windows 11, version 24H2 — support.microsoft.com
Autopatch will now report on configuration conflicts — techradar.com
Autopatch released a ‘remediation script’ that fixes common configuration issuess — techradar.com
What’s new in Intune?— learn.microsoft.com
Device hardware inventory is coming soon to Microsoft Intune — techcommunity.microsoft.com
ConfigMgr Hotfix for Management Point Vulnerability — learn.microsoft.com
Microsoft Patches of Note
View the full list of Patch Tuesday release notes at Patch Tuesday Blog Home Page – Patch Tuesday Blog
| Total Patches Release: 87 | |
| Patch Severity | Number of |
| Critical | 87 |
| Important | 31 |
| Moderate | 10 |
| N/A | 0 |
Third Party Updates from Patch My PC
| Total updates: 2888 | |
| Update Severity | Number of |
| Critical | 91 |
| Important | 416 |
| Moderate | 2320 |
| Low | 9 |
| N/A | 52 |
| Browser Specific updates | |
| Browser | Number of |
| Google Chrome | 15 |
| Firefox | 180 – (10) |
| Edge | 18 |
| Opera | 12 |
Insight into CVEs
This month we had a total of 79 vulnerabilities that were addressed through 262 unique patches.
| Vulnerability Breakdown | |
| Classification | Number of |
| Critical | 7 |
| Important | 71 |
| Moderate | 1 |
| N/A | 0 |
| CVE Breakdown | |
| CVE Type | Number of |
| Denial of service | 8 |
| Elevation of Privilege | 30 |
| Information Disclosure | 11 |
| Remote Code Execution | 23 |
| Security Feature Bypass | 4 |
| Spoofing | 3 |
Patches and Vulnerabilities of Note
Microsoft Windows Update Remote Code Execution Vulnerability — CVE-2024-43491 Score 9.8 Microsoft is aware of a vulnerability in Servicing Stack that has rolled back the fixes for some vulnerabilities affecting Optional Components on Windows 10, version 1507 (initial version released July 2015). This means that an attacker could exploit these previously mitigated vulnerabilities on Windows 10, version 1507 (Windows 10 Enterprise 2015 LTSB and Windows 10 loT Enterprise 2015 LTSB) systems that have installed the Windows security update released on March 12, 2024-KB5035858 (OS Build 10240.20526) or other updates released until August 2024. All later versions of Windows 10 are not impacted by this vulnerability
Windows Installer Elevation. of Privilege Vulnerability — CVE-2024-38014 Score 7.8 This is marked as a high risk Windows Installer Privilege Vulnerability, which an attacker could use to acquire system. However, this ONLY applies to Windows 11 24H2, which is only on preview devices OR on Co-Pilot+ Devices.
Windows KB5041160 – Domain Controllers of 2022 — This comes with a fix regarding the security log event 4768 on server 2022 Domain Controllers. However, it’s not enabled by default. There is a known issue rollback to enable the update for properly populating the event logs.