From 8b8645cbff0dd66495db51302eef29d598682c05 Mon Sep 17 00:00:00 2001
From: Ryan <accounts+github@ryanwarnock.me>
Date: Wed, 11 Sep 2024 13:27:47 +0800
Subject: [PATCH] MS critical updates Sept (#980)

* MS critical updates Sept

* Format markdown docs

* Update 0240911001

Title update to include advisory number.

* Update 20240911001

Update link for NIST CVE article.

---------

Co-authored-by: ryan-aus <ryan-aus@users.noreply.github.com>
Co-authored-by: JadonWill <117053393+JadonWill@users.noreply.github.com>
---
 .../20240911001-Microsoft-Critical-Updates.md | 28 +++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 docs/advisories/20240911001-Microsoft-Critical-Updates.md

diff --git a/docs/advisories/20240911001-Microsoft-Critical-Updates.md b/docs/advisories/20240911001-Microsoft-Critical-Updates.md
new file mode 100644
index 00000000..dd185702
--- /dev/null
+++ b/docs/advisories/20240911001-Microsoft-Critical-Updates.md
@@ -0,0 +1,28 @@
+# Microsoft Publishes Critical Updates - 20240911001
+
+## Overview
+
+CISA has added four known exploited Microsoft product vulnerabilities to the Catalog based on the evidence of active exploitation. Additionally, there is one vulnerability included within the Monthy Update release with a severity rating of 'Critical'.
+
+## What is vulnerable?
+
+### Known Exploited items:
+
+| Vulnerability                                                 | CVE                                                               | CVSS | Severity |
+| ------------------------------------------------------------- | ----------------------------------------------------------------- | ---- | -------- |
+| Windows Installer Elevation of Privilege Vulnerability        | [CVE-2024-38014](https://nvd.nist.gov/vuln/detail/CVE-2024-38014) | 7.8  | High     |
+| Windows Mark of the Web Security Feature Bypass Vulnerability | [CVE-2024-38217](https://nvd.nist.gov/vuln/detail/CVE-2024-38217) | 5.4  | Medium   |
+| Microsoft Publisher Security Feature Bypass Vulnerability     | [CVE-2024-38226](https://nvd.nist.gov/vuln/detail/CVE-2024-38226) | 7.3  | High     |
+| Windows Servicing Stack Rollback                              | [CVE-2024-43491](https://nvd.nist.gov/vuln/detail/CVE-2024-43491) | 9.8  | Critical |
+
+### Additional Critical items included in the Monthly Update release:
+
+| Vulnerability                                        | CVE                                                                                          | CVSS | Severity |
+| ---------------------------------------------------- | -------------------------------------------------------------------------------------------- | ---- | -------- |
+| Azure Stack Hub Elevation of Privilege Vulnerability | [CVE-2024-38220](https://nvd.nist.gov/vuln/detail/CVE-2024-38220) | 9.0  | Critical |
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48 hours...* (refer [Patch Management](../guidelines/patch-management.md)):
+
+- Microsoft August 2024 Security Updates full release notes: <https://msrc.microsoft.com/update-guide/releaseNote/2024-Sep>