Security 10797 Published by

The Microsoft September 2024 security update release is packed with 79 Microsoft CVEs. It's like a treasure trove of fixes for Windows TCP/IP, SQL Server, Security Zone Mapping, Windows Installer, and so much more.





September 2024 Security Updates

This release consists of the following 79 Microsoft CVEs:

TagCVEBase ScoreExploitabilityFAQs?Workarounds?Mitigations?
Windows TCP/IP CVE-2024-214168.1Exploitation Less LikelyYesNoNo
SQL Server CVE-2024-261868.8Exploitation Less LikelyYesNoNo
SQL Server CVE-2024-261918.8Exploitation Less LikelyYesNoNo
Windows Security Zone Mapping CVE-2024-300737.8Exploitation Less LikelyYesNoNo
SQL Server CVE-2024-373358.8Exploitation Less LikelyYesNoNo
SQL Server CVE-2024-373377.1Exploitation Less LikelyYesNoNo
SQL Server CVE-2024-373388.8Exploitation Less LikelyYesNoNo
SQL Server CVE-2024-373398.8Exploitation Less LikelyYesNoNo
SQL Server CVE-2024-373408.8Exploitation Less LikelyYesNoNo
SQL Server CVE-2024-373418.8Exploitation Less LikelyYesNoNo
SQL Server CVE-2024-373427.1Exploitation Less LikelyYesNoNo
SQL Server CVE-2024-379658.8Exploitation Less LikelyYesNoNo
SQL Server CVE-2024-379667.1Exploitation Less LikelyYesNoNo
SQL Server CVE-2024-379808.8Exploitation Less LikelyYesNoNo
Windows Installer CVE-2024-380147.8Exploitation DetectedYesNoNo
Microsoft Office SharePoint CVE-2024-380188.8Exploitation More LikelyYesNoNo
Windows TCP/IP CVE-2024-380458.1Exploitation Less LikelyYesNoNo
Windows PowerShell CVE-2024-380467.8Exploitation Less LikelyYesNoNo
Windows Network Address Translation (NAT) CVE-2024-381197.5Exploitation Less LikelyYesNoNo
Azure Network Watcher CVE-2024-381887.1Exploitation Less LikelyYesNoNo
Azure Web Apps CVE-2024-381948.4Exploitation Less LikelyYesNoNo
Azure Stack CVE-2024-382168.2Exploitation Less LikelyYesNoNo
Windows Mark of the Web (MOTW) CVE-2024-382175.4Exploitation DetectedYesNoNo
Azure Stack CVE-2024-382209.0Exploitation Less LikelyYesNoNo
Dynamics Business Central CVE-2024-382258.8Exploitation Less LikelyYesNoNo
Microsoft Office Publisher CVE-2024-382267.3Exploitation DetectedYesNoNo
Microsoft Office SharePoint CVE-2024-382277.2Exploitation More LikelyYesNoNo
Microsoft Office SharePoint CVE-2024-382287.2Exploitation More LikelyYesNoNo
Windows Standards-Based Storage Management Service CVE-2024-382306.5Exploitation Less LikelyNoNoNo
Windows Remote Desktop Licensing Service CVE-2024-382316.5Exploitation Less LikelyYesNoNo
Windows Network Virtualization CVE-2024-382327.5Exploitation Less LikelyNoNoNo
Windows Network Virtualization CVE-2024-382337.5Exploitation Less LikelyNoNoNo
Windows Network Virtualization CVE-2024-382346.5Exploitation Less LikelyYesNoNo
Role: Windows Hyper-V CVE-2024-382356.5Exploitation Less LikelyYesNoNo
Windows DHCP Server CVE-2024-382367.5Exploitation Less LikelyNoNoNo
Microsoft Streaming Service CVE-2024-382377.8Exploitation More LikelyYesNoNo
Microsoft Streaming Service CVE-2024-382387.8Exploitation More LikelyYesNoNo
Windows Kerberos CVE-2024-382397.2Exploitation Less LikelyYesNoNo
Windows Remote Access Connection Manager CVE-2024-382408.1Exploitation Less LikelyYesNoNo
Microsoft Streaming Service CVE-2024-382417.8Exploitation More LikelyYesNoNo
Microsoft Streaming Service CVE-2024-382427.8Exploitation More LikelyYesNoNo
Microsoft Streaming Service CVE-2024-382437.8Exploitation More LikelyYesNoNo
Microsoft Streaming Service CVE-2024-382447.8Exploitation More LikelyYesNoNo
Microsoft Streaming Service CVE-2024-382457.8Exploitation More LikelyYesNoNo
Windows Win32K - GRFX CVE-2024-382467.0Exploitation More LikelyYesNoNo
Microsoft Graphics Component CVE-2024-382477.8Exploitation More LikelyYesNoNo
Windows Storage CVE-2024-382487.0Exploitation Less LikelyYesNoNo
Microsoft Graphics Component CVE-2024-382497.8Exploitation More LikelyYesNoNo
Microsoft Graphics Component CVE-2024-382507.8Exploitation Less LikelyYesNoNo
Windows Win32K - ICOMP CVE-2024-382527.8Exploitation More LikelyYesNoNo
Windows Win32K - ICOMP CVE-2024-382537.8Exploitation More LikelyYesNoNo
Windows Authentication Methods CVE-2024-382545.5Exploitation Less LikelyYesNoNo
Windows Kernel-Mode Drivers CVE-2024-382565.5Exploitation Less LikelyYesNoNo
Windows AllJoyn API CVE-2024-382577.5Exploitation Less LikelyYesNoNo
Windows Remote Desktop Licensing Service CVE-2024-382586.5Exploitation Less LikelyYesNoNo
Microsoft Management Console CVE-2024-382598.8Exploitation Less LikelyYesNoNo
Windows Remote Desktop Licensing Service CVE-2024-382608.8Exploitation Less LikelyYesNoNo
Windows Remote Desktop Licensing Service CVE-2024-382637.5Exploitation Less LikelyYesNoNo
Windows Remote Desktop Licensing Service CVE-2024-434547.1Exploitation Less LikelyYesNoNo
Windows Remote Desktop Licensing Service CVE-2024-434558.8Exploitation Less LikelyYesNoNo
Windows Setup and Deployment CVE-2024-434577.8Exploitation More LikelyYesNoNo
Windows Network Virtualization CVE-2024-434587.7Exploitation Less LikelyYesNoNo
Windows MSHTML Platform CVE-2024-434618.8Exploitation More LikelyYesNoNo
Microsoft Office Visio CVE-2024-434637.8Exploitation Less LikelyYesNoNo
Microsoft Office SharePoint CVE-2024-434647.2Exploitation More LikelyYesNoNo
Microsoft Office Excel CVE-2024-434657.8Exploitation Less LikelyYesNoNo
Microsoft Office SharePoint CVE-2024-434666.5Exploitation Less LikelyNoNoNo
Windows Remote Desktop Licensing Service CVE-2024-434677.5Exploitation Less LikelyYesNoNo
Azure CycleCloud CVE-2024-434698.8Exploitation Less LikelyYesNoNo
Azure Network Watcher CVE-2024-434707.3Exploitation Less LikelyYesNoNo
SQL Server CVE-2024-434747.6Exploitation Less LikelyYesNoNo
Windows Admin Center CVE-2024-434757.3Exploitation Less LikelyYesNoNo
Microsoft Dynamics 365 (on-premises) CVE-2024-434767.6Exploitation Less LikelyYesNoNo
Power Automate CVE-2024-434798.5Exploitation Less LikelyYesNoNo
Microsoft Outlook for iOS CVE-2024-434826.5Exploitation Less LikelyYesNoNo
Windows Mark of the Web (MOTW) CVE-2024-434876.5Exploitation More LikelyYesNoNo
Windows Update CVE-2024-434919.8Exploitation DetectedYesNoNo
Microsoft AutoUpdate (MAU) CVE-2024-434927.8Exploitation Less LikelyYesNoNo
Windows Libarchive CVE-2024-434957.3Exploitation Less LikelyYesNoNo

Security Update Guide Blog Posts

DateBlog Post
June 27, 2024 Toward greater transparency: Unveiling Cloud Service CVEs
April 9, 2024 Toward greater transparency: Security Update Guide now shares CWEs for CVEs
January 6, 2023 Publishing CBL-Mariner CVEs on the Security Update Guide CVRF API
January 11, 2022 Coming Soon: New Security Update Guide Notification System
February 9, 2021 Continuing to Listen: Good News about the Security Update Guide API
January 13, 2021 Security Update Guide Supports CVEs Assigned by Industry Partners
December 8, 2020 Security Update Guide: Let’s keep the conversation going
November 9, 2020 Vulnerability Descriptions in the New Version of the Security Update Guide

Relevant Resources

  • The new Hotpatching feature is now generally available. Please see  Hotpatching feature for Windows Server Azure Edition virtual machines (VMs) for more information.
  • Windows 10 and Windows 11 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10 and Windows 11, in addition to non-security updates. The updates are available via the  Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 and Windows 11 operating systems, please see  Windows Lifecycle Facts Sheet.
  • Microsoft is improving Windows Release Notes. For more information, please see  What's next for Windows release notes.
  • A list of the latest servicing stack updates for each operating system can be found in  ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
  • In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
  • Customers running Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See  4522133 for more information.

Known Issues

You can see these in more detail from the Deployments tab by selecting Known Issues column in the Edit Columns panel.

For more information about Windows Known Issues, please see  Windows message center (links to currently-supported versions of Windows are in the left pane).

KB ArticleApplies To
5002624SharePoint Enterprise Server 2016
5002639SharePoint Server 2019
5002640SharePoint Server Subscription Edition
5042881Windows 11, version 21H2
5043051Windows 10, version 1607, Windows Server 2016
5043064Windows 11 version 24H2
5043067Windows 11, version 21H2
5043076Windows 11, version 22H2, Windows 11, version 23H2
5043080Windows 11 version 24H2
5043083Windows 10
5043087Windows Server 2008 (Security-only update)
5043135Windows Server 2008 (Monthly Rollup)

Win10

Security Update Guide - Microsoft Security Response Center