Microsoft September 2024 Security Updates

 

The Microsoft September 2024 security updates have been released and consist of 79 new patches to Microsoft products.

Of the Microsoft CVEs released, 7 are rated critical, 71 important, and 1 moderate in security. At the time of release, one of the CVEs is listed as being publicly known and four are listed as under active attack.

The security updates apply to the following products, features and roles: Windows and Windows Components; Office and Office Components; Azure; Dynamics Business Central; SQL Server; Windows Hyper-V; Mark of the Web (MOTW); and the Remote Desktop Licensing Service.

See the list of KBs at the bottom of the page at September 2024 Security Updates - Release Notes - Security Update Guide - Microsoft for information regarding known issues with the security updates as well as the CVEs with FAQs, Mitigations and/or Workarounds. For specific information on Windows 11, Versions 23H2 and 22H2, see KB5043076.  For Windows 10, Versions 22H2 and 21H2, see KB5043064 (OS Builds 19044.4894 and 19045.4894).

Recommended Reading:   See Dustin Childs review and analysis in Zero Day Initiative -- The September 2024 Security Update Review.

Additional Update Notes:

• Windows 11 End of Support -- On October 8, 2024, Windows 11, version 21H2 (Enterprise, Education, and IoT Enterprise editions) and Windows 11, version 22H2 (Home and Pro editions) will reach end of support. The October 8, 2024 update will be the last security update available for these editions. 
• MSRT -- The Malicious Software Removal Tool is now run on a quarterly basis rather than monthly.  See Remove specific prevalent malware with Windows Malicious Software Removal Tool. 
• Servicing Stack Updates -- Microsoft now combines the latest servicing stack update (SSU) for your operating system with the Latest Cumulative Updates (LCU). For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.
  
• Windows updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows, in addition to non-security updates. The updates are also available via search for the KB number in the Microsoft Update Catalog.
• For information on lifecycle and support dates for Windows 10 and Windows 11 operating systems, please see Windows 10 Home and Pro and Windows 11 Home and Pro.
• Windows Update History:
• Windows 11
• Windows 10

 

References

• Security Update FAQ
• Security Updates Guide

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Adobe Acrobat/Reader Update with Security Updates

 

Adobe is releasing an update with bug fixes and new features for end users described in the New features summary as well as security updates for Acrobat and Reader. 

The security updates provide mitigations for vulnerabilities described in the security bulletins of Reader and Acrobat.

Update or Complete Download

Adobe Acrobat and Reader are being updated to version 24.003.20112.  Updates should become available via the internal updater or checks can be manually activated by choosing Help/Check for Updates.  

Reader DC and other versions are available here: https://get.adobe.com/reader/

Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

Release Notes

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Pale Moon Version 33.3.1 Released with Security Update

 Pale Moon has been updated to version 33.3.1.  This is a minor security and bug fix update.

Changes/fixes:

• Backed out support for FFmpeg 7.0/libavcodec 61 (Linux) due to it causing a major regression in WebAudio (broken on all platforms). This is being worked on to re-land at a later date.
• Restricted the NotifyPaintEvent interface to chrome code only; there is no reason (other than potential tracking/fingerprinting) to have this accessible from content.
• Fixed a potentially exploitable issue in JavaScript (FetchName).
• Fixed a code correctness issue in XPConnect when creating sandboxes. DiD
• Added a warning for using externally handled usenet protocols.
• Security issues addressed: CVE-2024-8383 and CVE-2024-8381.

Notes:

*DiD This means that a fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.

Pale Moon includes both 32- and 64-bit versions for Windows: Pale Moon for Windows downloads.

Update: To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

Release Notes
Release Cycle

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Mozilla Firefox Version 130.0 Released with Security Updates

 Mozilla sent Firefox Version 130.0 to the release channel.  Firefox ESR was updated to Version 115.15.0.

The update includes nine security updates of which four (4) are rated high, four (4) are rated moderate, and one (1) is rated low.

High

#CVE-2024-8385: WASM type confusion involving ArrayTypes
#CVE-2024-8381: Type confusion when looking up a property name in a "with" block
#CVE-2024-8387: Memory safety bugs fixed in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2
#CVE-2024-8389: Memory safety bugs fixed in Firefox 130

Moderate

#CVE-2024-8388: Fullscreen notice on Android could be hidden under various panels and OS prompts
#CVE-2024-8382: Internal event interfaces were exposed to web content when browser EventHandler listener callbacks ran
#CVE-2024-8383: Firefox did not ask before openings news: links in an external application
#CVE-2024-8384: Garbage collection could mis-color cross-compartment objects in OOM conditions

Low

#CVE-2024-8386: SelectElements could be shown over another site if popups are allowed

New

• Firefox now allows translating selected text portions to different languages after a full-page translation.
• Firefox now offers an easy way to try experimental features with a new Firefox Labs page in Settings.
  • AI Chatbot feature lets you add the chatbot of your choice to the sidebar, for quick access as you browse.
  • Picture-in-Picture auto-open experiment enables PiP on active videos when switching tab
• Overscroll animations are now enabled as the default behavior for scrollable areas on Linux.

Fixed:

• Fixed an issue where Copy and Paste context menu items intermittently were not enabled when expected.

Changed:

The following languages are now supported by Firefox translation:

• Catalan
• Croatian
• Czech
• Danish
• Indonesian
• Latvian
• Lithuanian
• Romanian
• Serbian
• Slovak
• Vietnamese

Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

References

• Security Updates
• Release Notes
• Rapid Release Calendar
• ESR Release Notes

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...