Serial number: AV24-510
Date: September 10, 2024
On September 10, 2024, Microsoft published security advisories to address vulnerabilities in multiple products. Included were updates for the following products:
- Azure Connected Machine Agent
- Azure CycleCloud – multiple versions and platforms
- Azure Health Bot
- Azure Network Watcher VM Extension for Windows
- Azure Stack Hub
- Azure Web Apps
- Microsoft 365 Apps for Enterprise – multiple platforms
- Microsoft AutoUpdate for Mac
- Microsoft Dynamics 365 (on-premises) – version 9.1
- Microsoft Dynamics 365 Business Central 2023 Release Wave 1
- Microsoft Excel 2016
- Microsoft Office – multiple versions and platforms
- Microsoft Outlook 2016 – multiple platforms
- Microsoft Project 2016 – multiple platforms
- Microsoft Publisher 2016
- Microsoft SharePoint Enterprise Server 2016
- Microsoft SQL Server – multiple versions and platforms
- Microsoft Teams for iOS
- Microsoft Visio 2016 multiple platforms
- Microsoft Visual Studio 2022 – multiple versions
- .NET – version 8.0
- Power Automate for Desktop
- Remote Desktop client for Windows Desktop
- Windows 10 – multiple versions and platforms
- Windows 11 – multiple versions and platforms
- Windows Server – multiple versions and platforms
Microsoft has indicated that CVE-2024-38226, CVE-2024-43491, CVE-2024-38014 and CVE-2024-38217 have been exploited.
The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.
This alert was originated From: Canadian Centre for Cyber Security
https://cyber.gc.ca/en/alerts-advisories/microsoft-security-advisory-september-2024-monthly-rollup-av24-510