August 2024 Patch Tuesday: Microsoft Addresses 9 Zero-Day Exploits

• Microsoft regularly releases a collection of patches on the second Tuesday of each month. The August 2024 Patch Tuesday update includes 90 vulnerabilities.
• Of the nine zero-day exploits, six are actively exploited, and three are publicly disclosed.

Microsoft releases a monthly security update on the second Tuesday of each month. This week, the company addressed and released fixes for 90 Microsoft vulnerabilities and 12 non-Microsoft CVEs. Nine zero-day vulnerabilities were addressed.

The August patch Tuesday release is nearly half the size of last month’s update, which identified 142 flaws. Most of this month’s vulnerabilities are categorized as elevation of privilege (39%), followed by remote code execution (33%).

August 2024 Patch Tuesday Zero-Day Vulnerabilities

Actively Exploited

• CVE-2024-38106 is a vulnerability in the Windows Kernel that allows for the elevation of privilege and could allow an attacker to gain system privileges. It ranks high in severity with a CVSS score of 7
• CVE-2024-38107 is also an elevation of privilege vulnerability in the Windows Power Dependency Coordinator. It ranks high in severity with a CVSS score of 7.8.
• CVE-2024-38178 allows an attacker to initiate remote code execution via a vulnerability in the scripting engine that allows for memory corruption. It ranks high in severity with a CVSS score of 7.5.
• CVE-2024-38189 is a vulnerability in Microsoft Project that could allow for remote code execution if the victim has disabled the block macros feature and opens a malicious file. It ranks high in severity with a CVSS score of 8.8.
• CVE-2024-38193 impacts the Windows Ancillary Function Driver for WinSock and could be used by an attacker to gain system privileges. It ranks high in severity with a CVSS score of 7.8.
• CVE-2024-38213 allows an attacker to bypass the SmartScreen user experience and the Windows Mark of the Web security feature. According to Microsoft, the exploit requires the victim to open a malicious file. It ranks medium in severity with a CVSS score of 6.5.

Publicly Disclosed

• CVE-2024-21302 is an escalation of privilege vulnerability in Windows systems in which the attacker can use administrator privileges to replace Windows files with outdated versions. It ranks as medium severity with a CVSS score of 6.7, but it was presented at last week’s BlackHat conference, and Microsoft warns that this “may change the threat landscape.”
• CVE-2024-38199 is a vulnerability that would allow an attacker to exploit the Windows Line Printer Daemon (LPD) service to gain access to the server and execute code remotely. It ranks critical in severity and has a CVSS score of 9.8 but is unlikely to be exploited as the LPD has been deprecated since Windows Server 2012.
• CVE-2024-38200 has a medium severity CVSS score of 6.5 and could allow spoofing of Microsoft Office content when NTLM is used for authentication.

August 2024 Patch Tuesday Critical Vulnerabilities

The August 2024 Patch Tuesday update contains eight vulnerabilities that Microsoft deems critical. It recommends that users immediately apply updates. These vulnerabilities impact a variety of Windows services and Microsoft applications.

Azure Health Bot

CVE-2024-38109
Exploit: An attacker with valid authentication can leverage a Server-Side Request Forgery vulnerability within Microsoft Azure Health Bot to gain elevated privileges across a network.

Microsoft Copilot Studio

CVE-2024-38206
Exploit: An attacker with valid credentials can bypass Microsoft Copilot Studio’s Server-Side Request Forgery protection to leak sensitive information over a network.

Microsoft Dynamics

CVE-2024-38166
Exploit:An unauthenticated attacker can use cross-site scripting while Microsoft Dynamics 365 is generating web pages by tricking users into clicking on a malicious link.

Reliable Multicast Transport Driver (RMCAST)

CVE-2024-38140
Exploit: An unauthenticated attacker needs no user interaction to send packets to a Windows Pragmatic General Multicast (PGM) open socket that could execute remote code.

Windows Network Virtualization

CVE-2024-38159
CVE-2024-38160
Exploit: An attacker who has obtained elevated privileges on a virtual machine could cause a critical guest-to-host escape through remote code execution.

Windows Secure Boot

CVE-2022-3775
CVE-2023-40547
Exploit: A vulnerability in the Linux Shim bootloader on systems that are running Linux may lead to the bypass of the secure boot security feature.

Windows TCP/IP

CVE-2024-38063
Exploit: Repeatedly sending specially crafted IPv6 packets to a Windows machine could enable remote code execution.

August 2024 Patch Tuesday Breakdown

The vulnerability categorization for August 2024 Patch Tuesday is as follows:

• 36 Elevation of Privileges
• 28 Remote Code Execution
• 8 Information Disclosure
• 7 Spoofing
• 6 Denial of Service
• 4 Security Feature Bypass
• 1 Tampering

Microsoft’s Security Response Center has a complete list of vulnerabilitiesOpens a new window , including the CVE number, base CVSS score and vectors, potential for exploitability, and more.

MORE ON VULNERABILITY MANAGEMENT

• What Are Common Vulnerabilities and Exposures (CVE)?
• What Is Patch Management? Process and Best Practices
• The Vulnerabilities of Traditional Patch Management