Microsoft on Tuesday shipped fixes to deal with a complete of 90 safety flaws, together with 10 zero-days, of which six have come below lively exploitation within the wild.
Of the 90 bugs, seven are rated Essential, 79 are rated Vital, and one is rated Average in severity. That is additionally along with 36 vulnerabilities that the tech big resolved in its Edge browser since final month.
The Patch Tuesday updates are notable for addressing six actively exploited zero-days –
- CVE-2024-38189 (CVSS rating: 8.8) – Microsoft Venture Distant Code Execution Vulnerability
- CVE-2024-38178 (CVSS rating: 7.5) – Home windows Scripting Engine Reminiscence Corruption Vulnerability
- CVE-2024-38193 (CVSS rating: 7.8) – Home windows Ancillary Operate Driver for WinSock Elevation of Privilege Vulnerability
- CVE-2024-38106 (CVSS rating: 7.0) – Home windows Kernel Elevation of Privilege Vulnerability
- CVE-2024-38107 (CVSS rating: 7.8) – Home windows Energy Dependency Coordinator Elevation of Privilege Vulnerability
- CVE-2024-38213 (CVSS rating: 6.5) – Home windows Mark of the Net Safety Function Bypass Vulnerability
CVE-2024-38213, which permits attackers to bypass SmartScreen protections, requires an attacker to ship the person a malicious file and persuade them to open it. Credited with discovering and reporting the flaw is Development Micro’s Peter Girnus, suggesting that it could possibly be a bypass for CVE-2024-21412 or CVE-2023-36025, which have been beforehand exploited by DarkGate malware operators.
The event has prompted the U.S. Cybersecurity and Infrastructure Safety Company (CISA) to add the failings to its Recognized Exploited Vulnerabilities (KEV) catalog, which obligates federal businesses to use the fixes by September 3, 2024.
4 of the under CVEs are listed as publicly identified –
- CVE-2024-38200 (CVSS rating: 7.5) – Microsoft Workplace Spoofing Vulnerability
- CVE-2024-38199 (CVSS rating: 9.8) – Home windows Line Printer Daemon (LPD) Service Distant Code Execution Vulnerability
- CVE-2024-21302 (CVSS rating: 6.7) – Home windows Safe Kernel Mode Elevation of Privilege Vulnerability
- CVE-2024-38202 (CVSS rating: 7.3) – Home windows Replace Stack Elevation of Privilege Vulnerability
“An attacker could leverage this vulnerability by enticing a victim to access a specially crafted file, likely via a phishing email,” Scott Caveza, employees analysis engineer at Tenable, stated about CVE-2024-38200.
“Successful exploitation of the vulnerability could result in the victim exposing New Technology Lan Manager (NTLM) hashes to a remote attacker. NTLM hashes could be abused in NTLM relay or pass-the-hash attacks to further an attacker’s foothold into an organization.”
The replace additionally addresses a privilege escalation flaw within the Print Spooler part (CVE-2024-38198, CVSS rating: 7.8), which permits an attacker to achieve SYSTEM privileges. “Successful exploitation of this vulnerability requires an attacker to win a race condition,” Microsoft stated.
That stated, Microsoft has but to launch updates for CVE-2024-38202 and CVE-2024-21302, which could possibly be abused to stage downgrade assaults towards the Home windows replace structure and exchange present variations of the working system recordsdata with older variations.
The disclosure follows a report from Fortra a couple of denial-of-service (DoS) flaw within the Frequent Log File System (CLFS) driver (CVE-2024-6768, CVSS rating: 6.8) that might trigger a system crash, leading to Blue Display of Dying (BSoD).
When reached for remark, a Microsoft spokesperson informed The Hacker Information that the problem “does not meet the bar for immediate servicing under our severity classification guidelines and we will consider it for a future product update.”
“The technique described requires an attacker to have already gained code execution capabilities on the target machine and it does not grant elevated permissions. We encourage customers to practice good computing habits online, including exercising caution when running programs that are not recognized by the user,” the spokesperson added.
Software program Patches from Different Distributors
Along with Microsoft, safety updates have additionally been launched by different distributors over the previous few weeks to rectify a number of vulnerabilities, together with —
