Microsoft security advisory – September 2024 monthly rollup (AV24-510)

Serial number: AV24-510
Date: September 10, 2024

On September 10, 2024, Microsoft published security advisories to address vulnerabilities in multiple products. Included were updates for the following products:

  • Azure Connected Machine Agent
  • Azure CycleCloud – multiple versions and platforms
  • Azure Health Bot
  • Azure Network Watcher VM Extension for Windows
  • Azure Stack Hub
  • Azure Web Apps
  • Microsoft 365 Apps for Enterprise – multiple platforms
  • Microsoft AutoUpdate for Mac
  • Microsoft Dynamics 365 (on-premises) – version 9.1
  • Microsoft Dynamics 365 Business Central 2023 Release Wave 1
  • Microsoft Excel 2016
  • Microsoft Office – multiple versions and platforms
  • Microsoft Outlook 2016 - multiple platforms
  • Microsoft Project 2016 – multiple platforms
  • Microsoft Publisher 2016
  • Microsoft SharePoint Enterprise Server 2016
  • Microsoft SQL Server - multiple versions and platforms
  • Microsoft Teams for iOS
  • Microsoft Visio 2016 multiple platforms
  • Microsoft Visual Studio 2022 – multiple versions
  • .NET – version 8.0
  • Power Automate for Desktop
  • Remote Desktop client for Windows Desktop
  • Windows 10 – multiple versions and platforms
  • Windows 11 – multiple versions and platforms
  • Windows Server – multiple versions and platforms

Microsoft has indicated that CVE-2024-38226, CVE-2024-43491, CVE-2024-38014 and CVE-2024-38217 have been exploited.

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

Date modified: