Important Notice: Security vulnerabilities of Microsoft (updated at 12 September 2024)

關於 Microsoft 的安全漏洞通告 (更新於 2024年9月12日)

 2024-09-12     ICTO     Bulletin / 公告    (Expired/已過期)

To: All Users

As informed by the Cybersecurity Incident Alert and Response Centre (CARIC), Microsoft have recently released its September security update notice, there is 79 vulnerability updates this time.

The updates this time mainly cover the following components: Windows and Windows Components, Microsoft Office and Office Components, SQL Server, Microsoft Dynamics, Hyper-V and Azure products vulnerabilities.

Details of the vulnerabilities: 

  • Windows Installer Privilege Elevation Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38014

  • Windows Mark of the Web Security Feature Bypass Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38217

  • Microsoft Publisher Security Feature Bypass Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38226

  • Microsoft Windows Update Remote Code Execution Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43491

  • Microsoft SharePoint Server Remote Code Execution Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43464
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38018

  • Windows Address Translation (NAT) Remote Code Execution Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38119

For more details about Microsoft September Updates, please refer to: https://msrc.microsoft.com/update-guide/releaseNote/2024-Sep

If the relevant affected products are used, please install the security updates released by Microsoft as soon as possible. 

Reference

Should you have any enquiries, please feel free to contact ICTO Help Desk.

ICTO Help Desk
Location : Room 2085, 2/F, Central Teaching Building (E5), eMap
Telephone : 8822 8600
email : icto.helpdesk@um.edu.mo

Information and Communication Technology Office

各位用戶:

資訊及通訊科技部接獲網絡安全事故預警及應急中心的通知,Microsoft 近日發9 月安全更新通告,此次包含了 79 個漏洞更新

此次釋出的更新主要涵蓋了以下組件: Windows Windows 組件、 Microsoft Office Office 組件、 SQL ServerMicrosoft DynamicsHyper-V Azure 等產品的漏洞。

漏洞詳情:

  • Windows Installer 權限提升漏洞

有關詳情可參考:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38014

  • Windows Mark of the Web 安全功能繞過漏洞

有關詳情可參考:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38217

  • Microsoft Publisher 安全功能繞過漏洞

有關詳情可參考:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38226

  • Microsoft Windows Update 遠端代碼執行漏洞

有關詳情可參考:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43491

  • Microsoft SharePoint Server 遠端代碼執行漏洞

有關詳情可參考:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43464
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38018

  • Windows 網絡地址轉換 (NAT) 遠端代碼執行漏洞

有關詳情可參考:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38119

Microsoft 9 月更新有關詳情可參考: https://msrc.microsoft.com/update-guide/releaseNote/2024-Sep

倘有使用相關受影響產品,須盡快安裝由微軟公司釋出的安全更新。

參考資料

如有任何疑問,請聯絡資訊及通訊科技部服務中心。

服 務 中 心
位置 : 中央教學樓東5座(E5)二樓2085室 (電子地圖)
電話 : 8822 8600
電郵 : icto.helpdesk@um.edu.mo

資訊及通訊科技部