Friend
Professional
- Messages
- 2,653
- Reaction score
- 852
- Points
- 113
Microsoft's Patch Tuesday was marked by the elimination of 6 zero-day vulnerabilities.
Microsoft released the August Patch Tuesday update, which includes fixes for 89 vulnerabilities, including 6 actively exploited and 3 publicly disclosed zero-day. Another zero-day vulnerability that is already known remains unresolved, but Microsoft is working on an update.
Among the vulnerabilities patched as part of the update, 8 are classified as critical. These include issues related to privilege escalation, remote code execution, and information disclosure. It is noteworthy that this time the number of vulnerabilities associated with privilege escalation was the most significant — there were 36 of them.
A detailed breakdown of all patched vulnerabilities includes:
To learn more about the released non-security updates, you can check out the Windows 11 KB5041585 and Windows 10 KB5041580 updates.
6 Actively exploited zero-day Vulnerabilities in Patch Tuesday:
In addition to the aforementioned vulnerabilities, the update also addresses 4 publicly disclosed vulnerabilities, including:
In addition to Microsoft, other companies released their own security updates in August 2024. For example, the 0.0.0.0 Day vulnerability was fixed, which allowed malicious sites to bypass the browser's security features and gain access to services on the local network. Android updates have also been released to address the actively exploited RCE vulnerability, and Cisco has warned of zero-day vulnerabilities in legacy Small Business SPA 300 and SPA 500 series IP phones.
A full list of vulnerabilities addressed in the Patch Tuesday updates for August 2024 is available on this page.
Source
Microsoft released the August Patch Tuesday update, which includes fixes for 89 vulnerabilities, including 6 actively exploited and 3 publicly disclosed zero-day. Another zero-day vulnerability that is already known remains unresolved, but Microsoft is working on an update.
Among the vulnerabilities patched as part of the update, 8 are classified as critical. These include issues related to privilege escalation, remote code execution, and information disclosure. It is noteworthy that this time the number of vulnerabilities associated with privilege escalation was the most significant — there were 36 of them.
A detailed breakdown of all patched vulnerabilities includes:
- 36 Elevation of Privilege vulnerabilities;
- 4 Security Feature Bypass vulnerabilities;
- 28 Remote Code Execution (RCE)vulnerabilities;
- 8 Information Disclosure vulnerabilities;
- 6 Denial of Service (DoS)Vulnerabilities;
- 7 spoofing vulnerabilities.
To learn more about the released non-security updates, you can check out the Windows 11 KB5041585 and Windows 10 KB5041580 updates.
6 Actively exploited zero-day Vulnerabilities in Patch Tuesday:
- CVE-2024-38178 — a script engine memory corruption vulnerability that requires the client to authenticate in order to initiate remote code execution. Exploiting the vulnerability requires the user to click on a link in Microsoft Edge in Internet Explorer mode, which complicates its use. However, despite these conditions, cases of attacks using this vulnerability have already been recorded.
- CVE-2024-38193 — The Windows Helper function driver privilege escalation vulnerability for WinSock allows attackers to gain system privileges. Experts from Gen Digital discovered this problem, but Microsoft did not disclose details about how exactly the error was detected and used in the attacks.
- CVE-2024-38213 — The Windows MotW security bypass vulnerability allows you to create files that bypass Mark of the Web security alerts. Microsoft claims that the vulnerability was discovered by Trend Micro ZDI, but does not say how the bug is used in attacks.
- CVE-2024-38106 — Windows kernel vulnerability that causes privilege escalation. Successful exploitation requires winning a race condition, which makes the attack very difficult, but potentially devastating.
- CVE-2024-38107 — privilege escalation in the Windows Power Dependency Coordinator, gives hackers system privileges on a Windows device. Microsoft did not disclose who exactly reported the vulnerability or how it was exploited.
- CVE-2024-38189 — remote code execution in Microsoft Project. Cybercriminals can exploit the vulnerability if they manage to force the user to open a malicious file, for example, through a phishing attack. It is important that successful operation is only possible if the security features in Microsoft Office are disabled. Microsoft does not disclose who discovered the vulnerability or how it was used in the attacks.
In addition to the aforementioned vulnerabilities, the update also addresses 4 publicly disclosed vulnerabilities, including:
- CVE-2024-38199 in the Windows Line Printer Daemon (LPD) service, which allows you to achieve remote code execution when sending a specially created print job. The bug has already been publicly disclosed, but its source chose to remain anonymous.
- CVE-2024-21302, which is related to the Windows Downdate attack, allows you to roll back Windows updates and re-exploit patched vulnerabilities. Security researcher Alon Leviev spoke about the problem at the Black Hat 2024 conference.
- CVE-2024-38200 — a spoofing vulnerability in Microsoft Office that exposed NTLM hashes. An attacker could take advantage of the vulnerability when the victim opens a malicious file, which would force Office to establish an outgoing connection to a remote share, where the attacker could steal the sent NTLM hashes.
- CVE-2024-38202 — A Windows Update stack vulnerability that causes privilege escalation, also related to Windows Downdate. Microsoft is developing a security update to fix the bug, but it's not available yet.
In addition to Microsoft, other companies released their own security updates in August 2024. For example, the 0.0.0.0 Day vulnerability was fixed, which allowed malicious sites to bypass the browser's security features and gain access to services on the local network. Android updates have also been released to address the actively exploited RCE vulnerability, and Cisco has warned of zero-day vulnerabilities in legacy Small Business SPA 300 and SPA 500 series IP phones.
A full list of vulnerabilities addressed in the Patch Tuesday updates for August 2024 is available on this page.
Source
