Just a few hours ago, Microsoft released its new security patches for Windows. As usual, on the second Tuesday of every month the company releases a series of updates to fix all kinds of errors, problems and vulnerabilities in the system to ensure that users can work with it without problems. In addition, on this occasion, the patches have been quite large and have solved several very serious vulnerabilities as we will detail below.
New security patches for Windows are now available to all users. To install them, all you have to do is use your computer, connected to the Internet, and they will be automatically downloaded and installed on your PC. In addition, you can also install them manually by searching for new updates in Windows Update, or by downloading the patches manually from the Microsoft Update catalog.
Patches are registered as:
- KB5043064: for Windows 10 22H2
- KB5043076: for Windows 11 22H2 and 23H2
- KB5043080: for Windows 11 24H2
Let’s take a closer look at what these new security updates for Windows include.
September 2024 Security Patches: Fixes
These new security patches for Windows 10 and Windows 11 are quite large. In total, Microsoft has fixed 74 different security flaws affecting users of the operating system. The vulnerabilities are distributed as follows:
- 30 Privilege Escalation Security Flaws
- 4 vulnerabilities that allowed evading system security measures.
- 23 remote code execution flaws.
- 11 failures to disclose confidential information.
- 8 denial of service failures.
- 3 phishing errors.
In addition to these flaws, Microsoft has also fixed 12 other security bugs related to products other than its own, such as Chromium. This way, users will be able to work with the operating system, and be connected to the Internet, a little more safely than before.
Security issues are divided as follows:
- Windows 10: 29 vulnerabilities, 1 of them critical, 27 important and 1 moderate.
- Windows 11 22H2/23H2: 30 vulnerabilities, 1 of them critical and 29 important.
- Windows 11 24:2: 28 vulnerabilities, 1 of them critical and 27 important.
Supported Windows Server editions have also received their share of patches and updates to ensure they can continue to operate securely.
0-day vulnerabilities
Of the 79 security flaws that Microsoft has fixed in these new updates, the most important are 4 that have been classified as zero-day flaws. These flaws are characterized by being vulnerabilities that have been detected and exploited by hackers before Microsoft, and so their correction is especially important so that they cannot cause more problems.
These problems are:
- CVE-2024-38014. A privilege escalation flaw in Windows Installer allows an attacker to gain SYSTEM permissions, the highest privileges in Windows.
- CVE-2024-38217. A flaw in the Mark of the Web security layer that allows users to bypass browser security measures and execute code on the system. This flaw has been exploited since 2018 and is still active today.
- CVE-2024-38226. A flaw in Microsoft Publisher that allows an attacker to bypass operating system security measures.
- CVE-2024-43491. Paradoxically, a code execution vulnerability in Windows Update. The attacker can use the Microsoft update engine to execute code on systems and put users’ security at risk.
After installing the new security updates and restarting the PC, we will be able to work with Windows again in complete safety. At least, until the second Tuesday of the month.
