MS Family September 2024 Routine Security Update Advisory
Overview
Microsoft(https://www.microsoft.com) has released a security update that fixes vulnerabilities in products it has supplied. Users of affected products are advised to update to the latest version.
Affected Products
Azure Product line
Azure CycleCloud 8.0.0
Azure CycleCloud 8.0.1
Azure CycleCloud 8.0.2
Azure CycleCloud 8.1.0
Azure CycleCloud 8.1.1
Azure CycleCloud 8.2.0
Azure CycleCloud 8.2.1
Azure CycleCloud 8.2.2
Azure CycleCloud 8.3.0
Azure CycleCloud 8.4.0
Azure CycleCloud 8.4.1
Azure CycleCloud 8.4.2
Azure CycleCloud 8.5.0
Azure CycleCloud 8.6.0
Azure CycleCloud 8.6.1
Azure CycleCloud 8.6.2
Azure CycleCloud 8.6.3
Azure Network Watcher VM Extension for Windows
Azure Stack Hub
Azure Web Apps
ESU Product line
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Microsoft Dynamics Product line
Microsoft Dynamics 365 (on-premises) version 9.1
Microsoft Dynamics 365 Business Central 2023 Release Wave 1
Microsoft Dynamics 365 Business Central 2023 Release Wave 2
Microsoft Dynamics 365 Business Central 2024 Release Wave 1
Power Automate for Desktop
Microsoft Office Product line
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft AutoUpdate for Mac
Microsoft Excel 2016 (32-bit edition)
Microsoft Excel 2016 (64-bit edition)
Microsoft Office 2019 for 32-bit editions
Microsoft Office 2019 for 64-bit editions
Microsoft Office LTSC 2021 for 32-bit editions
Microsoft Office LTSC 2021 for 64-bit editions
Microsoft Office LTSC for Mac 2021
Microsoft Office Online Server
Microsoft Office for Android
Microsoft Office for Universal
Microsoft Publisher 2016 (32-bit edition)
Microsoft Publisher 2016 (64-bit edition)
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Server 2019
Microsoft SharePoint Server Subscription Edition
Microsoft Visio 2016 (32-bit edition)
Microsoft Visio 2016 (64-bit edition)
Outlook for iOS
SQL Server Product line
Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR)
Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack
Microsoft SQL Server 2017 for x64-based Systems (CU 31)
Microsoft SQL Server 2017 for x64-based Systems (GDR)
Microsoft SQL Server 2019 for x64-based Systems (CU 28)
Microsoft SQL Server 2019 for x64-based Systems (GDR)
Microsoft SQL Server 2022 for x64-based Systems (CU 14)
Microsoft SQL Server 2022 for x64-based Systems (GDR)
Windows Product line
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 11 Version 23H2 for ARM64-based Systems
Windows 11 Version 23H2 for x64-based Systems
Windows 11 Version 24H2 for ARM64-based Systems
Windows 11 Version 24H2 for x64-based Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows Server 2022, 23H2 Edition (Server Core installation)
Resolved Vulnerabilities
7 critical vulnerabilities and 71 important vulnerabilities have been discovered.
Azure Product line
Critical remote code execution vulnerability in Azure CycleCloud (CVE-2024-43469)
Critical escalation of privilege vulnerabilities in Azure Network Watcher (CVE-2024-38188, CVE-2024-43470)
Emergency-grade privilege escalation vulnerabilities in Azure Stack (CVE-2024-38216, CVE-2024-38220)
Critical escalation of privilege vulnerability in Azure Web Apps (CVE-2024-38194)
ESU Product line
Critical information disclosure vulnerability in Windows Admin Center (CVE-2024-43475)
Microsoft Dynamics Product line
Critical elevation of privilege vulnerability in Dynamics Business Central (CVE-2024-38225)
Critical spoofing vulnerability in Microsoft Dynamics 365 (on-premises) (CVE-2024-43476)
Critical remote code execution vulnerability in Power Automate (CVE-2024-43479)
Microsoft Office Product line
Critical elevation of privilege vulnerability in Microsoft AutoUpdate (MAU) (CVE-2024-43492)
Critical elevation of privilege vulnerability in Microsoft Office Excel (CVE-2024-43465)
Critical security feature bypass vulnerability in Microsoft Office Publisher (CVE-2024-38226)
Critical remote code execution vulnerabilities in Microsoft Office SharePoint (CVE-2024-38018, CVE-2024-43464)
Critical-grade Denial of Service Vulnerability in Microsoft Office SharePoint (CVE-2024-43466)
Critical remote code execution vulnerability in Microsoft Office SharePoint (CVE-2024-38227, CVE-2024-38228)
Critical remote code execution vulnerability in Microsoft Office Visio (CVE-2024-43463)
Critical information disclosure vulnerability in Microsoft Outlook for iOS (CVE-2024-43482)
SQL Server Product line
Critical elevation of privilege vulnerabilities in SQL Server (CVE-2024-37965, CVE-2024-37341, CVE-2024-37980)
Critical remote code execution vulnerabilities in SQL Server (CVE-2024-37338, CVE-2024-37335, CVE-2024-37340, CVE-2024-37339, CVE-2024-26186, CVE-2024-26191)
Critical information disclosure vulnerabilities in SQL Server (CVE-2024-37966, CVE-2024-37337, CVE-2024-37342, CVE-2024-43474)
Windows Product line
Critical elevation of privilege vulnerabilities in Microsoft Graphics Component (CVE-2024-38249, CVE-2024-38250, CVE-2024-38247)
Critical remote code execution vulnerability in Microsoft Management Console (CVE-2024-38259)
Critical elevation of privilege vulnerabilities in Microsoft Streaming Service (CVE-2024-38241, CVE-2024-38242, CVE-2024-38237, CVE-2024-38238, CVE-2024-38233, CVE-2024-38244, CVE-2024-38245)
Role: Critical-grade denial-of-service vulnerability in Windows Hyper-V (CVE-2024-38235)
Critical information disclosure vulnerability in the Windows AllJoyn API (CVE-2024-38257)
Critical information disclosure vulnerability in Windows Authentication Methods (CVE-2024-38254)
Critical Denial of Service Vulnerability in Windows DHCP Server (CVE-2024-38236)
Critical elevation of privilege vulnerability in Windows Installer (CVE-2024-38014)
Critical elevation of privilege vulnerability in Windows Kerberos (CVE-2024-38239)
Critical information disclosure vulnerability in Windows Kernel-Mode Drivers (CVE-2024-38256)
Critical remote code execution vulnerability in Windows Libarchive (CVE-2024-43495)
Critical spoofing vulnerability in Windows MSHTML Platform (CVE-2024-43461)
Moderate Security Feature Bypass Vulnerability in Windows Mark of the Web (MOTW) (CVE-2024-43487)
Critical Security Feature Bypass Vulnerability in Windows Mark of the Web (MOTW) (CVE-2024-38217)
Critical remote code execution vulnerability in Windows Network Address Translation (NAT) (CVE-2024-38119)
Critical-grade denial-of-service vulnerabilities in Windows Network Virtualization (CVE-2024-38232, CVE-2024-38233, CVE-2024-38234)
Critical information disclosure vulnerability in Windows Network Virtualization (CVE-2024-43458)
Critical elevation of privilege vulnerability in Windows PowerShell (CVE-2024-38046)
Critical elevation of privilege vulnerability in Windows Remote Access Connection Manager (CVE-2024-38240)
Critical denial of service vulnerability in Windows Remote Desktop Licensing Service (CVE-2024-38231)
Critical-grade spoofing vulnerability in Windows Remote Desktop Licensing Service (CVE-2024-43455)
Critical remote code execution vulnerabilities in Windows Remote Desktop Licensing Service (CVE-2024-43467, CVE-2024-38260, CVE-2024-38263, CVE-2024-43454)
Critical information disclosure vulnerability in Windows Remote Desktop Licensing Service (CVE-2024-38258)
Critical security feature bypass vulnerability in Windows Security Zone Mapping (CVE-2024-30073)
Critical elevation of privilege vulnerability in Windows Setup and Deployment (CVE-2024-43457)
Critical denial of service vulnerability in Windows Standards-Based Storage Management Service (CVE-2024-38230)
Critical elevation of privilege vulnerability in Windows Storage (CVE-2024-38248)
Critical remote code execution vulnerabilities in Windows TCP/IP (CVE-2024-21416, CVE-2024-38045)
Critical remote code execution vulnerability in Windows Update (CVE-2024-43491)
Windows Win32K – Critical elevation of privilege vulnerability in GRFX (CVE-2024-38246)
Windows Win32K – Critical elevation of privilege vulnerability in ICOMP (CVE-2024-38252, CVE-2024-38253)
Vulnerability Patches
The following product-specific Vulnerability Patches were made available with the September 10, 2024 Update. Please use Windows Update to install automatically or refer to the URLs in the product information below to download and install.
Azure CycleCloud 8.0.0 version
Azure CycleCloud 8.0.1 version
Azure CycleCloud 8.0.2 version
Azure CycleCloud 8.1.0 version
Azure CycleCloud 8.1.1 version
Azure CycleCloud 8.2.0 version
Azure CycleCloud 8.2.1 version
Azure CycleCloud 8.2.2 version
Azure CycleCloud 8.3.0 version
Azure CycleCloud 8.4.0 version
Azure CycleCloud 8.4.1 version
Azure CycleCloud 8.4.2 version
Azure CycleCloud 8.5.0 version
Azure CycleCloud 8.6.0 version
Azure CycleCloud 8.6.1 version
Azure CycleCloud 8.6.2 version
Azure CycleCloud version 8.6.3
Azure Network Watcher VM Extension for Windows version
Azure Stack Hub version
https://msrc.microsoft.com/update-guide/
Microsoft 365 Apps for Enterprise version
https://msrc.microsoft.com/update-guide/
Microsoft AutoUpdate for Mac version
https://go.microsoft.com/fwlink/p/?linkid=830196
Microsoft Dynamics 365 (on-premises) version 9.1 version
https://www.microsoft.com/download/details.aspx?familyid=e9fe97c9-2507-48b6-be44-6fa6c02b6d28
Microsoft Dynamics 365 Business Central 2023 Release Wave 1 version
https://www.microsoft.com/download/details.aspx?familyid=fd83e799-e637-4c04-b0cf-4fab00fd5792
Microsoft Dynamics 365 Business Central 2023 Release Wave 2 version
https://www.microsoft.com/en-us/download/details.aspx?id=106167
Microsoft Dynamics 365 Business Central 2024 Release Wave 1 version
https://www.microsoft.com/download/details.aspx?familyid=7c4cdbc3-a9f8-47eb-b9ab-ea1bfd32fc7d
Microsoft Excel 2016 version
https://www.microsoft.com/download/details.aspx?familyid=ec742c29-85f8-4abe-a92f-7f68f5748dc7
Microsoft Office 2019 version
Microsoft Office LTSC 2021 version
https://msrc.microsoft.com/update-guide/
Microsoft Office LTSC for Mac 2021 version
https://msrc.microsoft.com/update-guide/
Microsoft Office Online Server version
https://www.microsoft.com/download/details.aspx?familyid=9fd17dc7-6dbf-422d-a151-1a72bbe5d3cb
Microsoft Office for Android version
Microsoft Office for Universal version
https://msrc.microsoft.com/update-guide/
Microsoft Publisher 2016 version
https://www.microsoft.com/download/details.aspx?familyid=1ee3e6f2-540a-4bb0-9ad5-a419b81a818a
Microsoft SQL Server 2016 Service Pack 3 (GDR) version
https://www.microsoft.com/download/details.aspx?familyid=bcaa232a-0e0c-4ae9-b4d8-7a27d8453595
Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack version
https://www.microsoft.com/download/details.aspx?familyid=13dffaf9-0377-4a30-b9b8-9bf8f2629aa6
Microsoft SQL Server 2017 (CU 31) version
https://www.microsoft.com/download/details.aspx?familyid=5c1115eb-d55d-4a6d-9d44-070045a2675f
Microsoft SQL Server 2017 (GDR) version
https://www.microsoft.com/download/details.aspx?familyid=6e5ca6fa-350d-4a60-b071-c0aa3503136e
Microsoft SQL Server 2019 (CU 28) version
https://www.microsoft.com/download/details.aspx?familyid=971b1a77-4e8d-4dff-9b4f-3051fb41f8c6
Microsoft SQL Server 2019 (GDR) version
https://www.microsoft.com/download/details.aspx?familyid=684d2c34-425f-45b9-b685-c3ba4266a759
Microsoft SQL Server 2022 (CU 14) version
https://www.microsoft.com/download/details.aspx?familyid=a2449ad4-3be2-407b-9e56-c109d321a5b9
Microsoft SQL Server 2022 (GDR) version
https://www.microsoft.com/download/details.aspx?familyid=b6de42f6-dec1-4212-80fd-820f30b5b9ac
Microsoft SharePoint Enterprise Server 2016 version
https://www.microsoft.com/download/details.aspx?familyid=3915a24a-84a5-43aa-be09-11b70fb03450
Microsoft SharePoint Server 2019 version
https://www.microsoft.com/download/details.aspx?familyid=6beb21ad-bd8d-47f4-90a7-2e6be4f55041
Microsoft SharePoint Server Subscription Edition version
https://www.microsoft.com/download/details.aspx?familyid=6acd8e9a-57ca-4875-b6f9-26ee7c370865
Microsoft Visio 2016 version
https://www.microsoft.com/download/details.aspx?familyid=89a4d4a5-34be-4ab4-b268-42a6c92cf622
Outlook for iOS version
Power Automate for Desktop version
https://msrc.microsoft.com/update-guide/
Windows 10 version
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5043083
Windows 10 Version 1607 version
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5043051
Windows 10 Version 1809
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5043050
Windows 10 Version 21H2
Windows 10 Version 22H2
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5043064
Windows 11 Version 22H2
Windows 11 Version 23H2
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5043076
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442
Windows 11 Version 24H2
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5043080
Windows 11 Version 21H2
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5043067
Windows Server 2008 R2 Service Pack 1 version
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5043129
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5043092
Windows Server 2008 Service Pack 2 version
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5043135
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5043087
Windows Server 2012 version
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5043125
Windows Server 2012 R2 version
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5043138
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5043049
Windows Server 2016 version
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5043051
Windows Server 2019 version
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5043050
Windows Server 2022 version
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5042881
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5042880
Windows Server 2022, 23H2 Edition version
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5043055
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438