Breaking Down the Latest August 2024 Patch Tuesday Report

Microsoft has released its August 2024 Patch Tuesday updates,addressing a total of 88 vulnerabilities across various products and services. This month's release includes patches for seven critical vulnerabilities and 80 important vulnerabilities, with one rated as moderate. Notably, this Patch Tuesday also includes fixes for 10 zero-day vulnerabilities, six of which were actively exploited in the wild.

Key highlights of the August 2024 Patch Tuesday include:

This month's updates cover a wide range of Microsoft products, including but not limited to Windows, Office, Azure, Dynamics 365, .NET Framework, and Microsoft Edge. Administrators and end users are strongly advised to apply these security updates promptly to mitigate potential risks.

The high number of zero-day vulnerabilities, especially those already exploited in the wild, underscores the importance of timely patching. Notable among these are vulnerabilities affecting Windows SmartScreen, the Windows kernel, and Microsoft Project.

In the following sections, we'll break down the most critical vulnerabilities, examine the zero-day threats, and provide guidance on prioritizing your patching efforts for this month's updates.

Key Highlights - Patch Tuesday August 2024

As part of August's Patch Tuesday, Microsoft addressed 88 vulnerabilities, including 10 zero-day vulnerabilities, six of which are being actively exploited in the wild. In addition to the Remote Code Execution (RCE) flaws, patches were released for privilege escalation bugs, information disclosure issues, spoofing weaknesses, security feature bypass, and denial of service vulnerabilities across a wide range of Microsoft products.

Key highlights are:

Key affected products include Windows, Office, Exchange Server, Azure, Dynamics 365, .NET Framework, Windows Hyper-V, and Microsoft Edge. Administrators and end users are advised to apply these security updates as soon as possible to ensure systems are not vulnerable to any of the fixed flaws.

This August Patch Tuesday stands out due to the high number of zero-day vulnerabilities and the range of critical issues addressed. It's crucial for organizations to prioritize these updates to protect against potential exploits, especially considering the actively exploited vulnerabilities.

Zero-day Vulnerabilities Patched in August 2024

Microsoft addressed ten zero-day vulnerabilities in the August 2024 Patch Tuesday release. Six of these vulnerabilities were being actively exploited in the wild prior to the patches being made available. Let's examine each of these critical vulnerabilities:

CVE-2024-38178 - Scripting Engine Memory Corruption Vulnerability

This vulnerability is somewhat unusual as it requires the target to be using Edge in Internet Explorer mode. An attacker could exploit this vulnerability by convincing an authenticated user to click a specially crafted URL. The South Korean National Cyber Security Center (NCSC) and AhnLab disclosed the flaw as being exploited in attacks.

CVE-2024-38193 - Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

This vulnerability allows attackers to gain SYSTEM privileges on Windows systems. The flaw was discovered by Luigino Camastra and Milánek with Gen Digital. Successful exploitation could lead to complete system compromise.

CVE-2024-38213 - Windows Mark of the Web Security Feature Bypass Vulnerability

This vulnerability allows attackers to bypass Windows Mark of the Web (MotW) security alerts. Exploitation could lead to circumvention of security warnings for files downloaded from the internet. The flaw was discovered by Peter Girnus of Trend Micro's Zero Day Initiative.

CVE-2024-38106 - Windows Kernel Elevation of Privilege Vulnerability

Microsoft fixed a Windows Kernel elevation of privileges flaw that gives SYSTEM privileges. Successful exploitation requires an attacker to win a race condition. This vulnerability highlights the ongoing importance of kernel-level security.

CVE-2024-38107 - Windows Power Dependency Coordinator Elevation of Privilege Vulnerability

This flaw in the Windows Power Dependency Coordinator allows attackers to gain SYSTEM privileges on the affected device. The Power Dependency Coordinator is a component of Modern Standby, introduced in Windows 8 to allow devices to "instantly" wake from sleep.

CVE-2024-38189 - Microsoft Project Remote Code Execution Vulnerability

This vulnerability in Microsoft Project allows for remote code execution. Exploitation requires the victim to open a malicious Microsoft Office Project file on a system where certain security features are disabled. This highlights the importance of maintaining default security settings in Microsoft Office products.

CVE-2024-38199 - Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability

Although not actively exploited, this publicly disclosed vulnerability in the Windows Line Printer Daemon could allow an unauthenticated attacker to send a specially crafted print task to a shared vulnerable Windows LPD service, potentially resulting in remote code execution on the server.

CVE-2024-21302 - Windows Secure Kernel Mode Elevation of Privilege Vulnerability

This flaw was disclosed as part of a Windows Downdate downgrade attack presentation at Black Hat 2024. It allows attackers to gain elevated privileges to install malicious updates, potentially reintroducing old vulnerabilities to fully updated Windows systems.

CVE-2024-38200 - Microsoft Office Spoofing Vulnerability

This vulnerability in Microsoft Office could expose NTLM hashes. Attackers could exploit the flaw by tricking someone into opening a malicious file, which would then force Office to make an outbound connection to a remote share where attackers could steal sent NTLM hashes.

CVE-2024-38202 - Windows Update Stack Elevation of Privilege Vulnerability

Also part of the Windows Downdate downgrade attack disclosure at Black Hat 2024, this vulnerability in the Windows Update Stack could allow an attacker with basic privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of Virtualization Based Security (VBS).

The high number of zero-day vulnerabilities, particularly those being actively exploited, underscores the critical nature of this month's Patch Tuesday. Organizations should prioritize the application of these patches to mitigate the risk of potential attacks leveraging these vulnerabilities.

Critical Vulnerabilities Patched in August 2024

Out of the 88 vulnerabilities addressed in the August 2024 Patch Tuesday, seven were rated as Critical. Let's examine these high-severity vulnerabilities in detail:

CVE-2024-38159 & CVE-2024-38160: Windows Network Virtualization Remote Code Execution Vulnerability

These two vulnerabilities in Windows Network Virtualization could allow remote code execution. Both have a CVSS v3 base score of 9.1. An attacker could exploit these vulnerabilities by leveraging an unchecked return value in the wnv.sys component of Windows Server 2016. Successful exploitation could lead to unauthorized memory writes or freeing a valid block currently in use, potentially resulting in a critical guest-to-host escape in virtualized environments.

CVE-2024-38063: Windows TCP/IP Remote Code Execution Vulnerability

This critical vulnerability in Windows TCP/IP has a CVSS v3 base score of 9.8. An unauthenticated attacker could exploit this vulnerability by sending specially crafted IPv6 packets to a Windows machine, potentially leading to remote code execution. Microsoft notes that this vulnerability is "wormable," meaning it could spread without user interaction, making it particularly dangerous.

CVE-2024-38140: Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability

With a CVSS v3 base score of 9.8, this critical vulnerability affects the Windows Reliable Multicast Transport Driver. An unauthenticated attacker could exploit this vulnerability by sending specially crafted packets to a Windows Pragmatic General Multicast (PGM) open socket on the server. No user interaction is required for exploitation, increasing its potential impact.

CVE-2024-38166: Microsoft Dynamics 365 Cross-site Scripting Vulnerability

This critical vulnerability in Microsoft Dynamics 365 has a CVSS v3 base score of 8.2. An unauthenticated attacker could exploit this vulnerability by convincing a user to click on a specially crafted link, potentially leading to cross-site scripting attacks.

CVE-2024-38206: Microsoft Copilot Studio Information Disclosure Vulnerability

With a CVSS v3 base score of 8.5, this critical vulnerability in Microsoft Copilot Studio could allow an authenticated attacker to bypass Server-Side Request Forgery (SSRF) protection and disclose sensitive information over a network.

CVE-2024-38109: Azure Health Bot Elevation of Privilege Vulnerability

This critical vulnerability in Azure Health Bot has a CVSS v3 base score of 9.1. An authenticated attacker could exploit a Server-Side Request Forgery (SSRF) vulnerability to elevate privileges over a network.

CVE-2022-3775: Heap-based out-of-bounds write when rendering certain Unicode sequences

While Microsoft has not released detailed information about this vulnerability, it is rated as critical with a CVSS v3 base score of 7.1. It affects Windows Secure Boot and could potentially lead to a secure boot bypass.

Vulnerabilities by Category

In total, 88 vulnerabilities were addressed in August's Patch Tuesday. Elevation of Privilege (EoP) vulnerabilities lead the count this month, followed closely by Remote Code Execution (RCE) bugs. Here's a breakdown of the vulnerabilities by category:

Elevation of Privilege vulnerabilities continue to be a significant concern, representing 41% of the total patches this month. These types of vulnerabilities can allow attackers to gain higher-level permissions on a system, potentially leading to full system compromise.

Remote Code Execution vulnerabilities are the second most prevalent, accounting for 33% of the fixes. RCE flaws are particularly dangerous as they can allow attackers to execute arbitrary code on target systems, often leading to complete system takeover.

Information Disclosure vulnerabilities, while fewer in number, can still pose significant risks by potentially leaking sensitive data to unauthorized parties.

Denial of Service vulnerabilities, though less common this month, can still cause significant disruption to system availability if exploited.

Spoofing vulnerabilities, while not as numerous, can be leveraged in sophisticated phishing attacks or to bypass security controls.

Security Feature Bypass vulnerabilities, though least in number, can be particularly concerning as they may allow attackers to circumvent key security mechanisms.

The table below shows the CVE IDs mapped to these vulnerability types from Microsoft's August 2024 Patch Tuesday:

List of Products Patched in August 2024 Patch Tuesday Report

Microsoft's August 2024 Patch Tuesday includes updates for a broad range of its products, applications, and services. Here are the key products and components that have received patches:

Complete List of Vulnerabilities Patched in August 2024 Patch Tuesday

Download the complete list of vulnerabilities by products patched in August 2024 Patch Tuesday here. 

Apps vulnerabilities

Azure vulnerabilities

Browser vulnerabilities

Developer Tools vulnerabilities

Mariner Windows ESU vulnerabilities

Microsoft Dynamics vulnerabilities

Microsoft Office vulnerabilities

Windows vulnerabilities

Windows ESU vulnerabilities

Bottom Line

Microsoft's August 2024 Patch Tuesday addressed 88 vulnerabilities, including ten zero-day vulnerabilities, six of which were actively exploited in the wild. This release fixed a variety of vulnerability types, with Elevation of Privilege issues being most prevalent at 41% of the total, followed by Remote Code Execution at 33%.

Seven vulnerabilities were rated as Critical, including remote code execution flaws in Windows TCP/IP, Windows Network Virtualization, and the Windows Reliable Multicast Transport Driver (RMCAST). The two critical bugs in Windows Network Virtualization (CVE-2024-38159 and CVE-2024-38160) could allow guest-to-host escapes in virtualized environments, posing significant risks.

These zero-days span various components of the Windows ecosystem and should be prioritized for patching due to their active exploitation status.

Other important vulnerabilities include multiple remote code execution flaws in Office components, SharePoint Server, and the ODBC driver. Several privilege escalation vulnerabilities in Windows kernel and Azure services were also addressed.

In total, 88 security gaps were closed in this month's release. Here's a summary of the vulnerabilities by severity:

Prioritizing the critical vulnerabilities and actively exploited zero-days can help mitigate the most pressing risks. However, given the broad scope of affected products and the variety of vulnerability types, organizations should strive to apply all relevant patches as soon as possible after appropriate testing.

This August Patch Tuesday underscores the ongoing importance of robust patch management practices and the need for organizations to stay vigilant against evolving security threats across Microsoft's product ecosystem.

We aim to keep readers informed each month in our Patch Tuesday reports. Please follow our website thesecmaster.com or subscribe to our social media pages on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium & Instagram to receive similar updates.

You may also like these articles: