Microsoft August 2024 Patch Tuesday fixes 9 zero-days, 6 exploited

Microsoft May 2024 Patch Tuesday fixes 3 zero-days, 61 flaws


Today is Microsoft’s August 2024 Patch Tuesday, which includes security updates for 89 flaws, including six actively exploited and three publicly disclosed zero-days. Microsoft is still working on an update for a tenth publicly disclosed zero-day.

This Patch Tuesday fixed eight critical vulnerabilities, which were a mixture of elevation of privileges, remote code execution, and information disclosure.

The number of bugs in each vulnerability category is listed below:

  • 36 Elevation of Privilege Vulnerabilities
  • 4 Security Feature Bypass Vulnerabilities
  • 28 Remote Code Execution Vulnerabilities
  • 8 Information Disclosure Vulnerabilities
  • 6 Denial of Service Vulnerabilities
  • 7 Spoofing Vulnerabilities

The number of bugs listed above do not include Microsoft Edge flaws that were disclosed earlier this month.

To learn more about the non-security updates released today, you can review our dedicated articles on the new Windows 11 KB5041585 update  and Windows 10 KB5041580 update.

Tend zero-days disclosed

This month’s Patch Tuesday fixes six actively exploited and three other publicly disclosed zero-day vulnerabilities. Another publicly disclosed zero-day remains unfixed at this time, but Microsoft is working on an update.

Microsoft classifies a zero-day flaw as one that is publicly disclosed or actively exploited while no official fix is available.

The six actively exploited zero-day vulnerabilities in today’s updates are:

CVE-2024-38178 – Scripting Engine Memory Corruption Vulnerability

Microsoft says that the attack requires an authenticated client to click a link in order for an unauthenticated attacker to initiate remote code execution.

The link must be clicked in Microsoft Edge in Internet Explorer mode, making it a tricky flaw to exploit.

However, even with these pre-requisites, the South Korean National Cyber Security Center(NCSC) and AhnLab disclosed the flaw as being exploited in attacks.

CVE-2024-38193 – Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

This vulnerability allows attacks to gain SYSTEM privileges on Windows systems.

The flaw was discovered by Luigino Camastra and Milánek with Gen Digital but Microsoft did not share any details on how it was disclosed.

CVE-2024-38213 – Windows Mark of the Web Security Feature Bypass Vulnerability

This vulnerability allows attackers to create files that bypass Windows Mark of the Web security alerts.

This security feature has been subject to numerous bypasses over the year as it is an attractive target for threat actors who conduct phishing campaigns.

Microsoft says the flaw was discovered by Peter Girnus of Trend Micro’s Zero Day Initiative but did not share how it is exploited in attacks.

CVE-2024-38106 – Windows Kernel Elevation of Privilege Vulnerability

Microsoft fixed a Windows Kernel elevation of privileges flaw that gives SYSTEM privileges.

“Successful exploitation of this vulnerability requires an attacker to win a race condition,” explains Microsoft’s advisory.

“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” continued Microsoft.

Microsoft has not shared who disclosed the flaw and how it was exploited.

CVE-2024-38107 – Windows Power Dependency Coordinator Elevation of Privilege Vulnerability

Microsoft fixed a flaw that gives attackers SYSTEM privileges on the Windows device.

Microsoft has not shared who disclosed the flaw and how it was exploited.

CVE-2024-38189 – Microsoft Project Remote Code Execution Vulnerability

Microsoft fixed a Microsoft Project remote code execution vulnerability that requires security features to be disabled for exploitation.

“Exploitation requires the victim to open a malicious Microsoft Office Project file on a system where the Block macros from running in Office files from the Internet policy is disabled and VBA Macro Notification Settings are not enabled allowing the attacker to perform remote code execution,” explain the advisory.

Microsoft says that the attackers would need to trick a user into opening the malicious file, such as through phishing attacks or by luring users to websites hosting the file.

Microsoft has not disclosed who discovered the vulnerability or how it was exploited in attacks.

The four publicly disclosed vulnerabilities are:

CVE-2024-38199 – Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability

Microsoft has fixed a remote code execution vulnerability in the Windows Line Printer Daemon.

“An unauthenticated attacker could send a specially crafted print task to a shared vulnerable Windows Line Printer Daemon (LPD) service across a network. Successful exploitation could result in remote code execution on the server,” explains Microsoft’s advisory.

This vulnerability is listed as publicly disclosed but the person who disclosed it wished to remain Anonymous.

CVE-2024-21302 – Windows Secure Kernel Mode Elevation of Privilege Vulnerability

This flaw was disclosed by SafeBreach security researcher Alon Leviev as part of a Windows Downdate downgrade attack talk at Black Hat 2024.

The Windows Downdate attack unpatches fully updated Windows 10, Windows 11, and Windows Server systems to reintroduce old vulnerabilities using specially crafted updates.

This flaw allowed the attackers to gain elevated privileges to install the malicious updates.

CVE-2024-38200 – Microsoft Office Spoofing Vulnerability

Microsoft fixed a Microsoft Office vulnerability that exposes NTLM hashes as disclosed in the “NTLM – The last ride” Defcon talk.

Attackers could exploit the flaw by tricking someone into opening a malicious file, which would then force Office to make an outbound connect to a remote share where attackers could steal sent NTLM hashes.

The flaw was discovered by Jim Rush with PrivSec and was already fixed via Microsoft Office Feature Flighting on 7/30/2024.

CVE-2024-38202 – Windows Update Stack Elevation of Privilege Vulnerability

This flaw was also part of the Windows Downdate downgrade attack talk at Black Hat 2024.

Microsoft is developing a security update to mitigate this threat, but it is not yet available.

Recent updates from other companies

Other vendors who released updates or advisories in August 2024 include:

  • 0.0.0.0 Day flaw allows malicious websites to bypass browser security features and access services on a local network.
  • Android August security updates fixes actively exploited RCE.
  • CISA warned of Cisco Smart Install (SMI) feature being abused in attacks.
  • Cisco warns of critical RCE flaws in end-of-life Small Business SPA 300 and SPA 500 series IP phones.
  • New GhostWrite flaw  GhostWrite vulnerability lets unprivileged attackers read and write to the computer’s memory on T-Head XuanTie C910 and C920 RISC-V CPUs and control peripheral devices.
  • Ivanti releases security update for critical vTM auth bypass with public exploit.
  • Microsoft warned about new Office flaw tracked as CVE-2024-38200 that leaks NTLM hashes.
  • New SinkClose flaw lets attackers gain Ring -2 privileges on AMD CPUs.
  • New Linux SLUBStick flaw converts a limited heap vulnerability into an arbitrary memory read-and-write capability.
  • New Windows DownDate flaw lets attackers downgrade the operating system to reintroduce vulnerabilities.

The August 2024 Patch Tuesday Security Updates

Below is the complete list of resolved vulnerabilities in the August 2024 Patch Tuesday updates.

To access the full description of each vulnerability and the systems it affects, you can view the full report here.

Tag CVE ID CVE Title Severity
.NET and Visual Studio CVE-2024-38168 .NET and Visual Studio Denial of Service Vulnerability Important
.NET and Visual Studio CVE-2024-38167 .NET and Visual Studio Information Disclosure Vulnerability Important
Azure Connected Machine Agent CVE-2024-38162 Azure Connected Machine Agent Elevation of Privilege Vulnerability Important
Azure Connected Machine Agent CVE-2024-38098 Azure Connected Machine Agent Elevation of Privilege Vulnerability Important
Azure CycleCloud CVE-2024-38195 Azure CycleCloud Remote Code Execution Vulnerability Important
Azure Health Bot CVE-2024-38109 Azure Health Bot Elevation of Privilege Vulnerability Critical
Azure IoT SDK CVE-2024-38158 Azure IoT SDK Remote Code Execution Vulnerability Important
Azure IoT SDK CVE-2024-38157 Azure IoT SDK Remote Code Execution Vulnerability Important
Azure Stack CVE-2024-38108 Azure Stack Hub Spoofing Vulnerability Important
Azure Stack CVE-2024-38201 Azure Stack Hub Elevation of Privilege Vulnerability Important
Line Printer Daemon Service (LPD) CVE-2024-38199 Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability Important
Microsoft Bluetooth Driver CVE-2024-38123 Windows Bluetooth Driver Information Disclosure Vulnerability Important
Microsoft Copilot Studio CVE-2024-38206 Microsoft Copilot Studio Information Disclosure Vulnerability Critical
Microsoft Dynamics CVE-2024-38166 Microsoft Dynamics 365 Cross-site Scripting Vulnerability Critical
Microsoft Dynamics CVE-2024-38211 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Important
Microsoft Edge (Chromium-based) CVE-2024-7256 Chromium: CVE-2024-7256 Insufficient data validation in Dawn Unknown
Microsoft Edge (Chromium-based) CVE-2024-7536 Chromium: CVE-2024-7550 Type Confusion in V8 Unknown
Microsoft Edge (Chromium-based) CVE-2024-6990 Chromium: CVE-2024-6990 Uninitialized Use in Dawn Unknown
Microsoft Edge (Chromium-based) CVE-2024-7255 Chromium: CVE-2024-7255 Out of bounds read in WebTransport Unknown
Microsoft Edge (Chromium-based) CVE-2024-7534 Chromium: CVE-2024-7535 Inappropriate implementation in V8 Unknown
Microsoft Edge (Chromium-based) CVE-2024-7532 Chromium: CVE-2024-7533 Use after free in Sharing Unknown
Microsoft Edge (Chromium-based) CVE-2024-7550 Chromium: CVE-2024-7532 Out of bounds memory access in ANGLE Unknown
Microsoft Edge (Chromium-based) CVE-2024-7535 Chromium: CVE-2024-7536 Use after free in WebAudio Unknown
Microsoft Edge (Chromium-based) CVE-2024-7533 Chromium: CVE-2024-7534 Heap buffer overflow in Layout Unknown
Microsoft Edge (Chromium-based) CVE-2024-38218 Microsoft Edge (HTML-based) Memory Corruption Vulnerability Important
Microsoft Edge (Chromium-based) CVE-2024-38219 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Moderate
Microsoft Edge (Chromium-based) CVE-2024-38222 Microsoft Edge (Chromium-based) Information Disclosure Vulnerability Unknown
Microsoft Local Security Authority Server (lsasrv) CVE-2024-38118 Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability Important
Microsoft Local Security Authority Server (lsasrv) CVE-2024-38122 Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability Important
Microsoft Office CVE-2024-38200 Microsoft Office Spoofing Vulnerability Important
Microsoft Office CVE-2024-38084 Microsoft OfficePlus Elevation of Privilege Vulnerability Important
Microsoft Office Excel CVE-2024-38172 Microsoft Excel Remote Code Execution Vulnerability Important
Microsoft Office Excel CVE-2024-38170 Microsoft Excel Remote Code Execution Vulnerability Important
Microsoft Office Outlook CVE-2024-38173 Microsoft Outlook Remote Code Execution Vulnerability Important
Microsoft Office PowerPoint CVE-2024-38171 Microsoft PowerPoint Remote Code Execution Vulnerability Important
Microsoft Office Project CVE-2024-38189 Microsoft Project Remote Code Execution Vulnerability Important
Microsoft Office Visio CVE-2024-38169 Microsoft Office Visio Remote Code Execution Vulnerability Important
Microsoft Streaming Service CVE-2024-38134 Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability Important
Microsoft Streaming Service CVE-2024-38144 Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability Important
Microsoft Streaming Service CVE-2024-38125 Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability Important
Microsoft Teams CVE-2024-38197 Microsoft Teams for iOS Spoofing Vulnerability Important
Microsoft WDAC OLE DB provider for SQL CVE-2024-38152 Windows OLE Remote Code Execution Vulnerability Important
Microsoft Windows DNS CVE-2024-37968 Windows DNS Spoofing Vulnerability Important
Reliable Multicast Transport Driver (RMCAST) CVE-2024-38140 Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability Critical
Windows Ancillary Function Driver for WinSock CVE-2024-38141 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important
Windows Ancillary Function Driver for WinSock CVE-2024-38193 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important
Windows App Installer CVE-2024-38177 Windows App Installer Spoofing Vulnerability Important
Windows Clipboard Virtual Channel Extension CVE-2024-38131 Clipboard Virtual Channel Extension Remote Code Execution Vulnerability Important
Windows Cloud Files Mini Filter Driver CVE-2024-38215 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Important
Windows Common Log File System Driver CVE-2024-38196 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important
Windows Compressed Folder CVE-2024-38165 Windows Compressed Folder Tampering Vulnerability Important
Windows Deployment Services CVE-2024-38138 Windows Deployment Services Remote Code Execution Vulnerability Important
Windows DWM Core Library CVE-2024-38150 Windows DWM Core Library Elevation of Privilege Vulnerability Important
Windows DWM Core Library CVE-2024-38147 Microsoft DWM Core Library Elevation of Privilege Vulnerability Important
Windows Initial Machine Configuration CVE-2024-38223 Windows Initial Machine Configuration Elevation of Privilege Vulnerability Important
Windows IP Routing Management Snapin CVE-2024-38114 Windows IP Routing Management Snapin Remote Code Execution Vulnerability Important
Windows IP Routing Management Snapin CVE-2024-38116 Windows IP Routing Management Snapin Remote Code Execution Vulnerability Important
Windows IP Routing Management Snapin CVE-2024-38115 Windows IP Routing Management Snapin Remote Code Execution Vulnerability Important
Windows Kerberos CVE-2024-29995 Windows Kerberos Elevation of Privilege Vulnerability Important
Windows Kernel CVE-2024-38151 Windows Kernel Information Disclosure Vulnerability Important
Windows Kernel CVE-2024-38133 Windows Kernel Elevation of Privilege Vulnerability Important
Windows Kernel CVE-2024-38127 Windows Hyper-V Elevation of Privilege Vulnerability Important
Windows Kernel CVE-2024-38153 Windows Kernel Elevation of Privilege Vulnerability Important
Windows Kernel CVE-2024-38106 Windows Kernel Elevation of Privilege Vulnerability Important
Windows Kernel-Mode Drivers CVE-2024-38187 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Important
Windows Kernel-Mode Drivers CVE-2024-38191 Kernel Streaming Service Driver Elevation of Privilege Vulnerability Important
Windows Kernel-Mode Drivers CVE-2024-38184 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Important
Windows Kernel-Mode Drivers CVE-2024-38186 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Important
Windows Kernel-Mode Drivers CVE-2024-38185 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Important
Windows Layer-2 Bridge Network Driver CVE-2024-38146 Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability Important
Windows Layer-2 Bridge Network Driver CVE-2024-38145 Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability Important
Windows Mark of the Web (MOTW) CVE-2024-38213 Windows Mark of the Web Security Feature Bypass Vulnerability Moderate
Windows Mobile Broadband CVE-2024-38161 Windows Mobile Broadband Driver Remote Code Execution Vulnerability Important
Windows Network Address Translation (NAT) CVE-2024-38132 Windows Network Address Translation (NAT) Denial of Service Vulnerability Important
Windows Network Address Translation (NAT) CVE-2024-38126 Windows Network Address Translation (NAT) Denial of Service Vulnerability Important
Windows Network Virtualization CVE-2024-38160 Windows Network Virtualization Remote Code Execution Vulnerability Critical
Windows Network Virtualization CVE-2024-38159 Windows Network Virtualization Remote Code Execution Vulnerability Critical
Windows NT OS Kernel CVE-2024-38135 Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability Important
Windows NTFS CVE-2024-38117 NTFS Elevation of Privilege Vulnerability Important
Windows Power Dependency Coordinator CVE-2024-38107 Windows Power Dependency Coordinator Elevation of Privilege Vulnerability Important
Windows Print Spooler Components CVE-2024-38198 Windows Print Spooler Elevation of Privilege Vulnerability Important
Windows Resource Manager CVE-2024-38137 Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability Important
Windows Resource Manager CVE-2024-38136 Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability Important
Windows Routing and Remote Access Service (RRAS) CVE-2024-38130 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important
Windows Routing and Remote Access Service (RRAS) CVE-2024-38128 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important
Windows Routing and Remote Access Service (RRAS) CVE-2024-38154 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important
Windows Routing and Remote Access Service (RRAS) CVE-2024-38121 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important
Windows Routing and Remote Access Service (RRAS) CVE-2024-38214 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Important
Windows Routing and Remote Access Service (RRAS) CVE-2024-38120 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important
Windows Scripting CVE-2024-38178 Scripting Engine Memory Corruption Vulnerability Important
Windows Secure Boot CVE-2022-3775 Redhat: CVE-2022-3775 grub2 – Heap based out-of-bounds write when rendering certain Unicode sequences Critical
Windows Secure Boot CVE-2023-40547 Redhat: CVE-2023-40547 Shim – RCE in HTTP boot support may lead to secure boot bypass Critical
Windows Secure Boot CVE-2022-2601 Redhat: CVE-2022-2601 grub2 – Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass Important
Windows Secure Kernel Mode CVE-2024-21302 Windows Secure Kernel Mode Elevation of Privilege Vulnerability Important
Windows Secure Kernel Mode CVE-2024-38142 Windows Secure Kernel Mode Elevation of Privilege Vulnerability Important
Windows Security Center CVE-2024-38155 Security Center Broker Information Disclosure Vulnerability Important
Windows SmartScreen CVE-2024-38180 Windows SmartScreen Security Feature Bypass Vulnerability Important
Windows TCP/IP CVE-2024-38063 Windows TCP/IP Remote Code Execution Vulnerability Critical
Windows Transport Security Layer (TLS) CVE-2024-38148 Windows Secure Channel Denial of Service Vulnerability Important
Windows Update Stack CVE-2024-38202 Windows Update Stack Elevation of Privilege Vulnerability Important
Windows Update Stack CVE-2024-38163 Windows Update Stack Elevation of Privilege Vulnerability Important
Windows WLAN Auto Config Service CVE-2024-38143 Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability Important



Source link
lol

Today is Microsoft’s August 2024 Patch Tuesday, which includes security updates for 89 flaws, including six actively exploited and three publicly disclosed zero-days. Microsoft is still working on an update for a tenth publicly disclosed zero-day. This Patch Tuesday fixed eight critical vulnerabilities, which were a mixture of elevation of privileges, remote code execution, and…

Leave a Reply

Your email address will not be published. Required fields are marked *