Tuesday, September 10, 2024

Microsoft September 2024 Security Updates

 

The Microsoft September 2024 security updates have been released and consist of 79 new patches to Microsoft products.


Of the Microsoft CVEs released, 7 are rated critical, 71 important, and 1 moderate in security. At the time of release, one of the CVEs is listed as being publicly known and four are listed as under active attack.

The security updates apply to the following products, features and roles: Windows and Windows Components; Office and Office Components; Azure; Dynamics Business Central; SQL Server; Windows Hyper-V; Mark of the Web (MOTW); and the Remote Desktop Licensing Service.

See the list of KBs at the bottom of the page at September 2024 Security Updates - Release Notes - Security Update Guide - Microsoft for information regarding known issues with the security updates as well as the CVEs with FAQs, Mitigations and/or Workarounds. For specific information on Windows 11, Versions 23H2 and 22H2, see KB5043076.  For Windows 10, Versions 22H2 and 21H2, see KB5043064 (OS Builds 19044.4894 and 19045.4894).

Recommended Reading:   See Dustin Childs review and analysis in Zero Day Initiative -- The September 2024 Security Update Review.

Additional Update Notes:


 

References




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Adobe Acrobat/Reader Update with Security Updates

 

Adobe
Adobe is releasing an update with bug fixes and new features for end users described in the New features summary as well as security updates for Acrobat and Reader. 

The security updates provide mitigations for vulnerabilities described in the security bulletins of Reader and Acrobat.

Update or Complete Download

Adobe Acrobat and Reader are being updated to version 24.003.20112.  Updates should become available via the internal updater or checks can be manually activated by choosing Help/Check for Updates.  

Reader DC and other versions are available here: https://get.adobe.com/reader/

Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

Release Notes

Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Pale Moon Version 33.3.1 Released with Security Update

 Pale MoonPale Moon has been updated to version 33.3.1.  This is a minor security and bug fix update.

Changes/fixes:

  • Backed out support for FFmpeg 7.0/libavcodec 61 (Linux) due to it causing a major regression in WebAudio (broken on all platforms). This is being worked on to re-land at a later date.
  • Restricted the NotifyPaintEvent interface to chrome code only; there is no reason (other than potential tracking/fingerprinting) to have this accessible from content.
  • Fixed a potentially exploitable issue in JavaScript (FetchName).
  • Fixed a code correctness issue in XPConnect when creating sandboxes. DiD
  • Added a warning for using externally handled usenet protocols.
  • Security issues addressed: CVE-2024-8383 and CVE-2024-8381.

Notes:


*DiD This means that a fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.

Pale Moon includes both 32- and 64-bit versions for Windows: Pale Moon for Windows downloads.

Update: To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

Release Notes
Release Cycle

Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...