- Buy Microsoft Visio Professional or Microsoft Project Professional 2024 for just $80
- Get Microsoft Office Pro and Windows 11 Pro for 87% off with this bundle
- Buy or gift a Babbel subscription for 78% off to learn a new language - new low price
- Join BJ's Wholesale Club for just $20 right now to save on holiday shopping
- This $28 'magic arm' makes taking pictures so much easier (and it's only $20 for Black Friday)
Tripwire Patch Priority Index for September 2024
Tripwire’s September 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft.
First on the list are patches for Microsoft Excel, Visio, and Publisher that resolve remote code execution, elevation of privilege, and security feature bypass vulnerabilities.
Next are patches that affect components of the core Windows operating system. These patches resolve over 35 vulnerabilities, including elevation of privilege, information disclosure, security feature bypass, denial of service, and remote code execution vulnerabilities. These vulnerabilities affect core Windows, Kernel, Win32k, Mark of the Web, Kernel serversStreaming Service Driver, Networking, Graphics Component, MSHTML, TCP/IP, and others.
Lastly, administrators should focus on server-side patches for Windows Remote Desktop Licensing Service, SQL Server, Admin Center, SharePoint, Dynamics, Hyper-V, and DHCP server. These patches resolve cross-site scripting, information disclosure, denial of service, remote code execution, and elevation of privilege vulnerabilities.
| BULLETIN | CVE |
|---|---|
| Microsoft Office Excel | CVE-2024-43465 |
| Microsoft Office Visio | CVE-2024-43463 |
| Microsoft Office Publisher | CVE-2024-38226 |
| Windows | CVE-2024-43479, CVE-2024-43457, CVE-2024-38014, CVE-2024-38238, CVE-2024-38245, CVE-2024-38243, CVE-2024-38241, CVE-2024-38242, CVE-2024-38244, CVE-2024-38237, CVE-2024-43492, CVE-2024-38259, CVE-2024-38217, CVE-2024-43487, CVE-2024-38046, CVE-2024-38234, CVE-2024-38233, CVE-2024-38232, CVE-2024-43458, CVE-2024-38250, CVE-2024-38249, CVE-2024-38247, CVE-2024-38246, CVE-2024-38240, CVE-2024-38230, CVE-2024-38252, CVE-2024-38253, CVE-2024-38119, CVE-2024-43461, CVE-2024-38257, CVE-2024-43495, CVE-2024-30073, CVE-2024-38254, CVE-2024-38045, CVE-2024-21416, CVE-2024-38239, CVE-2024-38256, CVE-2024-38248, CVE-2024-43491 |
| Windows Remote Desktop Licensing Service | CVE-2024-38231, CVE-2024-38258, CVE-2024-43467, CVE-2024-38263, CVE-2024-38260, CVE-2024-43454, CVE-2024-43455 |
| SQL Server | CVE-2024-37965, CVE-2024-37980, CVE-2024-37341, CVE-2024-43474, CVE-2024-37966, CVE-2024-37337, CVE-2024-37342, CVE-2024-37338, CVE-2024-37339, CVE-2024-37335, CVE-2024-26186, CVE-2024-37340, CVE-2024-26191 |
| Windows Admin Center | CVE-2024-43475 |
| Microsoft Office SharePoint | CVE-2024-43466, CVE-2024-43464, CVE-2024-38227, CVE-2024-38018, CVE-2024-38228 |
| Dynamics Business Central | CVE-2024-38225 |
| Microsoft Dynamics 365 (on-premises) | CVE-2024-43476 |
| Role: Windows Hyper-V | CVE-2024-38235 |
| Windows DHCP Server | CVE-2024-38236 |
