Microsoft August 2024 Patch Tuesday fixes 9 zero-days, 6 exploited

Immediately is Microsoft’s August 2024 Patch Tuesday, which incorporates safety updates for 89 flaws, together with six actively exploited and three publicly disclosed zero-days. Microsoft remains to be engaged on an replace for a tenth publicly disclosed zero-day.

This Patch Tuesday fastened eight important vulnerabilities, which have been a mix of elevation of privileges, distant code execution, and knowledge disclosure.

The variety of bugs in every vulnerability class is listed under:

  • 36 Elevation of Privilege Vulnerabilities
  • 4 Safety Function Bypass Vulnerabilities
  • 28 Distant Code Execution Vulnerabilities
  • 8 Info Disclosure Vulnerabilities
  • 6 Denial of Service Vulnerabilities
  • 7 Spoofing Vulnerabilities

The variety of bugs listed above don’t embody Microsoft Edge flaws that have been disclosed earlier this month.

To be taught extra concerning the non-security updates launched at the moment, you possibly can assessment our devoted articles on the brand new Home windows 11 KB5041585 replace  and Home windows 10 KB5041580 replace.

Ten zero-days disclosed

This month’s Patch Tuesday fixes six actively exploited and three different publicly disclosed zero-day vulnerabilities. One other publicly disclosed zero-day stays unfixed right now, however Microsoft is engaged on an replace.

Microsoft classifies a zero-day flaw as one that’s publicly disclosed or actively exploited whereas no official repair is obtainable.

The six actively exploited zero-day vulnerabilities in at the moment’s updates are:

CVE-2024-38178 – Scripting Engine Reminiscence Corruption Vulnerability

Microsoft says that the assault requires an authenticated shopper to click on a hyperlink to ensure that an unauthenticated attacker to provoke distant code execution.

The hyperlink have to be clicked in Microsoft Edge in Web Explorer mode, making it a tough flaw to take advantage of.

Nevertheless, even with these pre-requisites, the South Korean Nationwide Cyber Security Heart(NCSC) and AhnLab disclosed the flaw as being exploited in assaults.

CVE-2024-38193 – Home windows Ancillary Operate Driver for WinSock Elevation of Privilege Vulnerability

This vulnerability permits assaults to achieve SYSTEM privileges on Home windows methods.

The flaw was found by Luigino Camastra and Milánek with Gen Digital however Microsoft didn’t share any particulars on the way it was disclosed.

CVE-2024-38213 – Home windows Mark of the Net Safety Function Bypass Vulnerability

This vulnerability permits attackers to create recordsdata that bypass Home windows Mark of the Net safety alerts.

This safety characteristic has been topic to quite a few bypasses over the 12 months as it’s a gorgeous goal for risk actors who conduct phishing campaigns.

Microsoft says the flaw was found by Peter Girnus of Development Micro’s Zero Day Initiative however didn’t share how it’s exploited in assaults.

CVE-2024-38106 – Home windows Kernel Elevation of Privilege Vulnerability

Microsoft fastened a Home windows Kernel elevation of privileges flaw that provides SYSTEM privileges.

“Successful exploitation of this vulnerability requires an attacker to win a race condition,” explains Microsoft’s advisory.

“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” continued Microsoft.

Microsoft has not shared who disclosed the flaw and the way it was exploited.

CVE-2024-38107 – Home windows Energy Dependency Coordinator Elevation of Privilege Vulnerability

Microsoft fastened a flaw that provides attackers SYSTEM privileges on the Home windows system.

Microsoft has not shared who disclosed the flaw and the way it was exploited.

CVE-2024-38189 – Microsoft Undertaking Distant Code Execution Vulnerability

Microsoft fastened a Microsoft Undertaking distant code execution vulnerability that requires security measures to be disabled for exploitation.

“Exploitation requires the sufferer to open a malicious Microsoft Workplace Undertaking file on a system the place the Block macros from working in Workplace recordsdata from the Web coverage is disabled and VBA Macro Notification Settings are usually not enabled permitting the attacker to carry out distant code execution,” clarify the advisory.

Microsoft says that the attackers would wish to trick a person into opening the malicious file, akin to via phishing assaults or by luring customers to web sites internet hosting the file.

Microsoft has not disclosed who found the vulnerability or the way it was exploited in assaults.

The 4 publicly disclosed vulnerabilities are:

CVE-2024-38199 – Home windows Line Printer Daemon (LPD) Service Distant Code Execution Vulnerability

Microsoft has fastened a distant code execution vulnerability within the Home windows Line Printer Daemon.

“An unauthenticated attacker could send a specially crafted print task to a shared vulnerable Windows Line Printer Daemon (LPD) service across a network. Successful exploitation could result in remote code execution on the server,” explains Microsoft’s advisory.

This vulnerability is listed as publicly disclosed however the one that disclosed it wished to stay Nameless.

CVE-2024-21302 – Home windows Safe Kernel Mode Elevation of Privilege Vulnerability

This flaw was disclosed by SafeBreach safety researcher Alon Leviev as a part of a Home windows Downdate downgrade assault speak at Black Hat 2024.

The Home windows Downdate assault unpatches absolutely up to date Home windows 10, Home windows 11, and Home windows Server methods to reintroduce previous vulnerabilities utilizing specifically crafted updates.

This flaw allowed the attackers to achieve elevated privileges to put in the malicious updates.

CVE-2024-38200 – Microsoft Workplace Spoofing Vulnerability

Microsoft fastened a Microsoft Workplace vulnerability that exposes NTLM hashes as disclosed within the “NTLM – The final experience” Defcon speak.

Attackers might exploit the flaw by tricking somebody into opening a malicious file, which might then power Workplace to make an outbound hook up with a distant share the place attackers might steal despatched NTLM hashes.

The flaw was found by Jim Rush with PrivSec and was already fastened through Microsoft Workplace Function Flighting on 7/30/2024.

CVE-2024-38202 – Home windows Replace Stack Elevation of Privilege Vulnerability

This flaw was additionally a part of the Home windows Downdate downgrade assault speak at Black Hat 2024.

Microsoft is growing a safety replace to mitigate this risk, however it isn’t but out there.

Current updates from different corporations

Different distributors who launched updates or advisories in August 2024 embody:

  • 0.0.0.0 Day flaw permits malicious web sites to bypass browser security measures and entry companies on a neighborhood community.
  • Android August safety updates fixes actively exploited RCE.
  • CISA warned of Cisco Good Set up (SMI) characteristic being abused in assaults.
  • Cisco warns of important RCE flaws in end-of-life Small Enterprise SPA 300 and SPA 500 sequence IP telephones.
  • New GhostWrite vulnerability lets unprivileged attackers learn and write to the pc’s reminiscence on T-Head XuanTie C910 and C920 RISC-V CPUs and management peripheral gadgets.
  • Ivanti releases safety updates for important vTM auth bypass with public exploit.
  • Microsoft warned a couple of new Workplace flaw tracked as CVE-2024-38200 that leaks NTLM hashes.
  • New SinkClose flaw lets attackers acquire Ring -2 privileges on AMD CPUs.
  • New Linux SLUBStick flaw converts a restricted heap vulnerability into an arbitrary reminiscence read-and-write functionality.
  • New Home windows DownDate flaw lets attackers downgrade the working system to reintroduce vulnerabilities.

The August 2024 Patch Tuesday Safety Updates

Beneath is the whole record of resolved vulnerabilities within the August 2024 Patch Tuesday updates.

To entry the total description of every vulnerability and the methods it impacts, you possibly can view the full report right here.

Tag CVE ID CVE Title Severity
.NET and Visible Studio CVE-2024-38168 .NET and Visible Studio Denial of Service Vulnerability Vital
.NET and Visible Studio CVE-2024-38167 .NET and Visible Studio Info Disclosure Vulnerability Vital
Azure Linked Machine Agent CVE-2024-38162 Azure Linked Machine Agent Elevation of Privilege Vulnerability Vital
Azure Linked Machine Agent CVE-2024-38098 Azure Linked Machine Agent Elevation of Privilege Vulnerability Vital
Azure CycleCloud CVE-2024-38195 Azure CycleCloud Distant Code Execution Vulnerability Vital
Azure Well being Bot CVE-2024-38109 Azure Well being Bot Elevation of Privilege Vulnerability Important
Azure IoT SDK CVE-2024-38158 Azure IoT SDK Distant Code Execution Vulnerability Vital
Azure IoT SDK CVE-2024-38157 Azure IoT SDK Distant Code Execution Vulnerability Vital
Azure Stack CVE-2024-38108 Azure Stack Hub Spoofing Vulnerability Vital
Azure Stack CVE-2024-38201 Azure Stack Hub Elevation of Privilege Vulnerability Vital
Line Printer Daemon Service (LPD) CVE-2024-38199 Home windows Line Printer Daemon (LPD) Service Distant Code Execution Vulnerability Vital
Microsoft Bluetooth Driver CVE-2024-38123 Home windows Bluetooth Driver Info Disclosure Vulnerability Vital
Microsoft Copilot Studio CVE-2024-38206 Microsoft Copilot Studio Info Disclosure Vulnerability Important
Microsoft Dynamics CVE-2024-38166 Microsoft Dynamics 365 Cross-site Scripting Vulnerability Important
Microsoft Dynamics CVE-2024-38211 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Vital
Microsoft Edge (Chromium-based) CVE-2024-7256 Chromium: CVE-2024-7256 Inadequate information validation in Daybreak Unknown
Microsoft Edge (Chromium-based) CVE-2024-7536 Chromium: CVE-2024-7550 Kind Confusion in V8 Unknown
Microsoft Edge (Chromium-based) CVE-2024-6990 Chromium: CVE-2024-6990 Uninitialized Use in Daybreak Unknown
Microsoft Edge (Chromium-based) CVE-2024-7255 Chromium: CVE-2024-7255 Out of bounds learn in WebTransport Unknown
Microsoft Edge (Chromium-based) CVE-2024-7534 Chromium: CVE-2024-7535 Inappropriate implementation in V8 Unknown
Microsoft Edge (Chromium-based) CVE-2024-7532 Chromium: CVE-2024-7533 Use after free in Sharing Unknown
Microsoft Edge (Chromium-based) CVE-2024-7550 Chromium: CVE-2024-7532 Out of bounds reminiscence entry in ANGLE Unknown
Microsoft Edge (Chromium-based) CVE-2024-7535 Chromium: CVE-2024-7536 Use after free in WebAudio Unknown
Microsoft Edge (Chromium-based) CVE-2024-7533 Chromium: CVE-2024-7534 Heap buffer overflow in Format Unknown
Microsoft Edge (Chromium-based) CVE-2024-38218 Microsoft Edge (HTML-based) Reminiscence Corruption Vulnerability Vital
Microsoft Edge (Chromium-based) CVE-2024-38219 Microsoft Edge (Chromium-based) Distant Code Execution Vulnerability Average
Microsoft Edge (Chromium-based) CVE-2024-38222 Microsoft Edge (Chromium-based) Info Disclosure Vulnerability Unknown
Microsoft Native Safety Authority Server (lsasrv) CVE-2024-38118 Microsoft Native Safety Authority (LSA) Server Info Disclosure Vulnerability Vital
Microsoft Native Safety Authority Server (lsasrv) CVE-2024-38122 Microsoft Native Safety Authority (LSA) Server Info Disclosure Vulnerability Vital
Microsoft Workplace CVE-2024-38200 Microsoft Workplace Spoofing Vulnerability Vital
Microsoft Workplace CVE-2024-38084 Microsoft OfficePlus Elevation of Privilege Vulnerability Vital
Microsoft Workplace Excel CVE-2024-38172 Microsoft Excel Distant Code Execution Vulnerability Vital
Microsoft Workplace Excel CVE-2024-38170 Microsoft Excel Distant Code Execution Vulnerability Vital
Microsoft Workplace Outlook CVE-2024-38173 Microsoft Outlook Distant Code Execution Vulnerability Vital
Microsoft Workplace PowerPoint CVE-2024-38171 Microsoft PowerPoint Distant Code Execution Vulnerability Vital
Microsoft Workplace Undertaking CVE-2024-38189 Microsoft Undertaking Distant Code Execution Vulnerability Vital
Microsoft Workplace Visio CVE-2024-38169 Microsoft Workplace Visio Distant Code Execution Vulnerability Vital
Microsoft Streaming Service CVE-2024-38134 Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability Vital
Microsoft Streaming Service CVE-2024-38144 Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability Vital
Microsoft Streaming Service CVE-2024-38125 Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability Vital
Microsoft Groups CVE-2024-38197 Microsoft Groups for iOS Spoofing Vulnerability Vital
Microsoft WDAC OLE DB supplier for SQL CVE-2024-38152 Home windows OLE Distant Code Execution Vulnerability Vital
Microsoft Home windows DNS CVE-2024-37968 Home windows DNS Spoofing Vulnerability Vital
Dependable Multicast Transport Driver (RMCAST) CVE-2024-38140 Home windows Dependable Multicast Transport Driver (RMCAST) Distant Code Execution Vulnerability Important
Home windows Ancillary Operate Driver for WinSock CVE-2024-38141 Home windows Ancillary Operate Driver for WinSock Elevation of Privilege Vulnerability Vital
Home windows Ancillary Operate Driver for WinSock CVE-2024-38193 Home windows Ancillary Operate Driver for WinSock Elevation of Privilege Vulnerability Vital
Home windows App Installer CVE-2024-38177 Home windows App Installer Spoofing Vulnerability Vital
Home windows Clipboard Digital Channel Extension CVE-2024-38131 Clipboard Digital Channel Extension Distant Code Execution Vulnerability Vital
Home windows Cloud Information Mini Filter Driver CVE-2024-38215 Home windows Cloud Information Mini Filter Driver Elevation of Privilege Vulnerability Vital
Home windows Frequent Log File System Driver CVE-2024-38196 Home windows Frequent Log File System Driver Elevation of Privilege Vulnerability Vital
Home windows Compressed Folder CVE-2024-38165 Home windows Compressed Folder Tampering Vulnerability Vital
Home windows Deployment Providers CVE-2024-38138 Home windows Deployment Providers Distant Code Execution Vulnerability Vital
Home windows DWM Core Library CVE-2024-38150 Home windows DWM Core Library Elevation of Privilege Vulnerability Vital
Home windows DWM Core Library CVE-2024-38147 Microsoft DWM Core Library Elevation of Privilege Vulnerability Vital
Home windows Preliminary Machine Configuration CVE-2024-38223 Home windows Preliminary Machine Configuration Elevation of Privilege Vulnerability Vital
Home windows IP Routing Administration Snapin CVE-2024-38114 Home windows IP Routing Administration Snapin Distant Code Execution Vulnerability Vital
Home windows IP Routing Administration Snapin CVE-2024-38116 Home windows IP Routing Administration Snapin Distant Code Execution Vulnerability Vital
Home windows IP Routing Administration Snapin CVE-2024-38115 Home windows IP Routing Administration Snapin Distant Code Execution Vulnerability Vital
Home windows Kerberos CVE-2024-29995 Home windows Kerberos Elevation of Privilege Vulnerability Vital
Home windows Kernel CVE-2024-38151 Home windows Kernel Info Disclosure Vulnerability Vital
Home windows Kernel CVE-2024-38133 Home windows Kernel Elevation of Privilege Vulnerability Vital
Home windows Kernel CVE-2024-38127 Home windows Hyper-V Elevation of Privilege Vulnerability Vital
Home windows Kernel CVE-2024-38153 Home windows Kernel Elevation of Privilege Vulnerability Vital
Home windows Kernel CVE-2024-38106 Home windows Kernel Elevation of Privilege Vulnerability Vital
Home windows Kernel-Mode Drivers CVE-2024-38187 Home windows Kernel-Mode Driver Elevation of Privilege Vulnerability Vital
Home windows Kernel-Mode Drivers CVE-2024-38191 Kernel Streaming Service Driver Elevation of Privilege Vulnerability Vital
Home windows Kernel-Mode Drivers CVE-2024-38184 Home windows Kernel-Mode Driver Elevation of Privilege Vulnerability Vital
Home windows Kernel-Mode Drivers CVE-2024-38186 Home windows Kernel-Mode Driver Elevation of Privilege Vulnerability Vital
Home windows Kernel-Mode Drivers CVE-2024-38185 Home windows Kernel-Mode Driver Elevation of Privilege Vulnerability Vital
Home windows Layer-2 Bridge Community Driver CVE-2024-38146 Home windows Layer-2 Bridge Community Driver Denial of Service Vulnerability Vital
Home windows Layer-2 Bridge Community Driver CVE-2024-38145 Home windows Layer-2 Bridge Community Driver Denial of Service Vulnerability Vital
Home windows Mark of the Net (MOTW) CVE-2024-38213 Home windows Mark of the Net Safety Function Bypass Vulnerability Average
Home windows Cell Broadband CVE-2024-38161 Home windows Cell Broadband Driver Distant Code Execution Vulnerability Vital
Home windows Community Tackle Translation (NAT) CVE-2024-38132 Home windows Community Tackle Translation (NAT) Denial of Service Vulnerability Vital
Home windows Community Tackle Translation (NAT) CVE-2024-38126 Home windows Community Tackle Translation (NAT) Denial of Service Vulnerability Vital
Home windows Community Virtualization CVE-2024-38160 Home windows Community Virtualization Distant Code Execution Vulnerability Important
Home windows Community Virtualization CVE-2024-38159 Home windows Community Virtualization Distant Code Execution Vulnerability Important
Home windows NT OS Kernel CVE-2024-38135 Home windows Resilient File System (ReFS) Elevation of Privilege Vulnerability Vital
Home windows NTFS CVE-2024-38117 NTFS Elevation of Privilege Vulnerability Vital
Home windows Energy Dependency Coordinator CVE-2024-38107 Home windows Energy Dependency Coordinator Elevation of Privilege Vulnerability Vital
Home windows Print Spooler Parts CVE-2024-38198 Home windows Print Spooler Elevation of Privilege Vulnerability Vital
Home windows Useful resource Supervisor CVE-2024-38137 Home windows Useful resource Supervisor PSM Service Extension Elevation of Privilege Vulnerability Vital
Home windows Useful resource Supervisor CVE-2024-38136 Home windows Useful resource Supervisor PSM Service Extension Elevation of Privilege Vulnerability Vital
Home windows Routing and Distant Entry Service (RRAS) CVE-2024-38130 Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability Vital
Home windows Routing and Distant Entry Service (RRAS) CVE-2024-38128 Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability Vital
Home windows Routing and Distant Entry Service (RRAS) CVE-2024-38154 Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability Vital
Home windows Routing and Distant Entry Service (RRAS) CVE-2024-38121 Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability Vital
Home windows Routing and Distant Entry Service (RRAS) CVE-2024-38214 Home windows Routing and Distant Entry Service (RRAS) Info Disclosure Vulnerability Vital
Home windows Routing and Distant Entry Service (RRAS) CVE-2024-38120 Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability Vital
Home windows Scripting CVE-2024-38178 Scripting Engine Reminiscence Corruption Vulnerability Vital
Home windows Safe Boot CVE-2022-3775 Redhat: CVE-2022-3775 grub2 – Heap based mostly out-of-bounds write when rendering sure Unicode sequences Important
Home windows Safe Boot CVE-2023-40547 Redhat: CVE-2023-40547 Shim – RCE in HTTP boot assist could result in safe boot bypass Important
Home windows Safe Boot CVE-2022-2601 Redhat: CVE-2022-2601 grub2 – Buffer overflow in grub_font_construct_glyph() can result in out-of-bound write and doable safe boot bypass Vital
Home windows Safe Kernel Mode CVE-2024-21302 Home windows Safe Kernel Mode Elevation of Privilege Vulnerability Vital
Home windows Safe Kernel Mode CVE-2024-38142 Home windows Safe Kernel Mode Elevation of Privilege Vulnerability Vital
Home windows Safety Heart CVE-2024-38155 Safety Heart Dealer Info Disclosure Vulnerability Vital
Home windows SmartScreen CVE-2024-38180 Home windows SmartScreen Safety Function Bypass Vulnerability Vital
Home windows TCP/IP CVE-2024-38063 Home windows TCP/IP Distant Code Execution Vulnerability Important
Home windows Transport Safety Layer (TLS) CVE-2024-38148 Home windows Safe Channel Denial of Service Vulnerability Vital
Home windows Replace Stack CVE-2024-38202 Home windows Replace Stack Elevation of Privilege Vulnerability Vital
Home windows Replace Stack CVE-2024-38163 Home windows Replace Stack Elevation of Privilege Vulnerability Vital
Home windows WLAN Auto Config Service CVE-2024-38143 Home windows WLAN AutoConfig Service Elevation of Privilege Vulnerability Vital

Recent articles

INTERPOL Pushes for

î ‚Dec 18, 2024î „Ravie LakshmananCyber Fraud / Social engineering INTERPOL is...

Patch Alert: Essential Apache Struts Flaw Discovered, Exploitation Makes an attempt Detected

î ‚Dec 18, 2024î „Ravie LakshmananCyber Assault / Vulnerability Risk actors are...