Table of Contents
  • Home
  • /
  • Blog
  • /
  • Breaking Down the Latest August 2024 Patch Tuesday Report
August 15, 2024
|
20m

Breaking Down the Latest August 2024 Patch Tuesday Report


August 2024 Patch Tuesday: Critical Security Updates

Microsoft has released its August 2024 Patch Tuesday updates,addressing a total of 88 vulnerabilities across various products and services. This month's release includes patches for seven critical vulnerabilities and 80 important vulnerabilities, with one rated as moderate. Notably, this Patch Tuesday also includes fixes for 10 zero-day vulnerabilities, six of which were actively exploited in the wild.

Key highlights of the August 2024 Patch Tuesday include:

  • 88 total vulnerabilities patched

  • 7 critical vulnerabilities

  • 80 important vulnerabilities

  • 1 moderate vulnerability

  • 10 zero-day vulnerabilities, including 6 actively exploited

  • 41% of vulnerabilities are Elevation of Privilege (EoP)

  • 33% of vulnerabilities are Remote Code Execution (RCE)

This month's updates cover a wide range of Microsoft products, including but not limited to Windows, Office, Azure, Dynamics 365, .NET Framework, and Microsoft Edge. Administrators and end users are strongly advised to apply these security updates promptly to mitigate potential risks.

The high number of zero-day vulnerabilities, especially those already exploited in the wild, underscores the importance of timely patching. Notable among these are vulnerabilities affecting Windows SmartScreen, the Windows kernel, and Microsoft Project.

In the following sections, we'll break down the most critical vulnerabilities, examine the zero-day threats, and provide guidance on prioritizing your patching efforts for this month's updates.

Key Highlights - Patch Tuesday August 2024

As part of August's Patch Tuesday, Microsoft addressed 88 vulnerabilities, including 10 zero-day vulnerabilities, six of which are being actively exploited in the wild. In addition to the Remote Code Execution (RCE) flaws, patches were released for privilege escalation bugs, information disclosure issues, spoofing weaknesses, security feature bypass, and denial of service vulnerabilities across a wide range of Microsoft products.

Key highlights are:

  1. Total Flaws and Zero-Day Vulnerabilities: This Patch Tuesday update resolves 88 total bugs, with 10 zero-day vulnerabilities. Six of these zero-days were actively exploited in the wild.

  2. Critical Flaws: Seven vulnerabilities were rated as Critical, including remote code execution flaws in Windows TCP/IP, Windows Network Virtualization, and the Windows Reliable Multicast Transport Driver (RMCAST).

  3. Vulnerability Types: Elevation of Privilege (EoP) vulnerabilities accounted for 41% of the patches this month, followed by Remote Code Execution (RCE) at 33%. Other types include information disclosure, denial of service, and spoofing vulnerabilities.

  4. Zero-Day Threats: The six actively exploited zero-days include vulnerabilities in Windows SmartScreen, Windows Kernel, Windows Power Dependency Coordinator, Windows Ancillary Function Driver for WinSock, Microsoft Project, and the Scripting Engine.

  5. Critical-Rated Bugs: Notable critical vulnerabilities include an RCE in Windows TCP/IP (CVE-2024-38063), RCEs in Windows Network Virtualization (CVE-2024-38159 and CVE-2024-38160), and an RCE in the Windows Reliable Multicast Transport Driver (CVE-2024-38140).

  6. Non-Critical Notables: Other important issues include multiple elevation of privilege vulnerabilities in the Windows kernel, Azure services, and various Windows components.

Key affected products include Windows, Office, Exchange Server, Azure, Dynamics 365, .NET Framework, Windows Hyper-V, and Microsoft Edge. Administrators and end users are advised to apply these security updates as soon as possible to ensure systems are not vulnerable to any of the fixed flaws.

This August Patch Tuesday stands out due to the high number of zero-day vulnerabilities and the range of critical issues addressed. It's crucial for organizations to prioritize these updates to protect against potential exploits, especially considering the actively exploited vulnerabilities.

Zero-day Vulnerabilities Patched in August 2024

Microsoft addressed ten zero-day vulnerabilities in the August 2024 Patch Tuesday release. Six of these vulnerabilities were being actively exploited in the wild prior to the patches being made available. Let's examine each of these critical vulnerabilities:

CVE ID
Title
Exploited?
Publicly disclosed?
CVSS v3 Base Score
CVE-2024-38178
Scripting Engine Memory Corruption Vulnerability
Yes
No
7.5
CVE-2024-38193
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Yes
No
7.8
CVE-2024-38213
Windows Mark of the Web Security Feature Bypass Vulnerability
Yes
No
6.5
CVE-2024-38106
Windows Kernel Elevation of Privilege Vulnerability
Yes
No
7
CVE-2024-38107
Windows Power Dependency Coordinator Elevation of Privilege Vulnerability
Yes
No
7.8
CVE-2024-38189
Microsoft Project Remote Code Execution Vulnerability
Yes
No
8.8
CVE-2024-38199
Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability
No
Yes
9.8
CVE-2024-21302
Windows Secure Kernel Mode Elevation of Privilege Vulnerability
No
Yes
6.7
CVE-2024-38200
Microsoft Office Spoofing Vulnerability
No
Yes
6.5
CVE-2024-38202
Windows Update Stack Elevation of Privilege Vulnerability
No
Yes
7.3

CVE-2024-38178 - Scripting Engine Memory Corruption Vulnerability

This vulnerability is somewhat unusual as it requires the target to be using Edge in Internet Explorer mode. An attacker could exploit this vulnerability by convincing an authenticated user to click a specially crafted URL. The South Korean National Cyber Security Center (NCSC) and AhnLab disclosed the flaw as being exploited in attacks.

CVE-2024-38193 - Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

This vulnerability allows attackers to gain SYSTEM privileges on Windows systems. The flaw was discovered by Luigino Camastra and Milánek with Gen Digital. Successful exploitation could lead to complete system compromise.

CVE-2024-38213 - Windows Mark of the Web Security Feature Bypass Vulnerability

This vulnerability allows attackers to bypass Windows Mark of the Web (MotW) security alerts. Exploitation could lead to circumvention of security warnings for files downloaded from the internet. The flaw was discovered by Peter Girnus of Trend Micro's Zero Day Initiative.

CVE-2024-38106 - Windows Kernel Elevation of Privilege Vulnerability

Microsoft fixed a Windows Kernel elevation of privileges flaw that gives SYSTEM privileges. Successful exploitation requires an attacker to win a race condition. This vulnerability highlights the ongoing importance of kernel-level security.

CVE-2024-38107 - Windows Power Dependency Coordinator Elevation of Privilege Vulnerability

This flaw in the Windows Power Dependency Coordinator allows attackers to gain SYSTEM privileges on the affected device. The Power Dependency Coordinator is a component of Modern Standby, introduced in Windows 8 to allow devices to "instantly" wake from sleep.

CVE-2024-38189 - Microsoft Project Remote Code Execution Vulnerability

This vulnerability in Microsoft Project allows for remote code execution. Exploitation requires the victim to open a malicious Microsoft Office Project file on a system where certain security features are disabled. This highlights the importance of maintaining default security settings in Microsoft Office products.

CVE-2024-38199 - Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability

Although not actively exploited, this publicly disclosed vulnerability in the Windows Line Printer Daemon could allow an unauthenticated attacker to send a specially crafted print task to a shared vulnerable Windows LPD service, potentially resulting in remote code execution on the server.

CVE-2024-21302 - Windows Secure Kernel Mode Elevation of Privilege Vulnerability

This flaw was disclosed as part of a Windows Downdate downgrade attack presentation at Black Hat 2024. It allows attackers to gain elevated privileges to install malicious updates, potentially reintroducing old vulnerabilities to fully updated Windows systems.

CVE-2024-38200 - Microsoft Office Spoofing Vulnerability

This vulnerability in Microsoft Office could expose NTLM hashes. Attackers could exploit the flaw by tricking someone into opening a malicious file, which would then force Office to make an outbound connection to a remote share where attackers could steal sent NTLM hashes.

CVE-2024-38202 - Windows Update Stack Elevation of Privilege Vulnerability

Also part of the Windows Downdate downgrade attack disclosure at Black Hat 2024, this vulnerability in the Windows Update Stack could allow an attacker with basic privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of Virtualization Based Security (VBS).

The high number of zero-day vulnerabilities, particularly those being actively exploited, underscores the critical nature of this month's Patch Tuesday. Organizations should prioritize the application of these patches to mitigate the risk of potential attacks leveraging these vulnerabilities.

Critical Vulnerabilities Patched in August 2024

Out of the 88 vulnerabilities addressed in the August 2024 Patch Tuesday, seven were rated as Critical. Let's examine these high-severity vulnerabilities in detail:

CVE ID
Title
CVSS v3 Base Score
Affected Component
CVE-2024-38159
Windows Network Virtualization Remote Code Execution Vulnerability
9.1
Windows Network Virtualization
CVE-2024-38160
Windows Network Virtualization Remote Code Execution Vulnerability
9.1
Windows Network Virtualization
CVE-2024-38063
Windows TCP/IP Remote Code Execution Vulnerability
9.8
Windows TCP/IP
CVE-2024-38140
Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability
9.8
Windows RMCAST
CVE-2024-38166
Microsoft Dynamics 365 Cross-site Scripting Vulnerability
8.2
Microsoft Dynamics 365
CVE-2024-38206
Microsoft Copilot Studio Information Disclosure Vulnerability
8.5
Microsoft Copilot Studio
CVE-2024-38109
Azure Health Bot Elevation of Privilege Vulnerability
9.1
Azure Health Bot
CVE-2022-3775
Heap-based out-of-bounds write when rendering certain Unicode sequences
7.1
Windows Secure Boot

CVE-2024-38159 & CVE-2024-38160: Windows Network Virtualization Remote Code Execution Vulnerability

These two vulnerabilities in Windows Network Virtualization could allow remote code execution. Both have a CVSS v3 base score of 9.1. An attacker could exploit these vulnerabilities by leveraging an unchecked return value in the wnv.sys component of Windows Server 2016. Successful exploitation could lead to unauthorized memory writes or freeing a valid block currently in use, potentially resulting in a critical guest-to-host escape in virtualized environments.

CVE-2024-38063: Windows TCP/IP Remote Code Execution Vulnerability

This critical vulnerability in Windows TCP/IP has a CVSS v3 base score of 9.8. An unauthenticated attacker could exploit this vulnerability by sending specially crafted IPv6 packets to a Windows machine, potentially leading to remote code execution. Microsoft notes that this vulnerability is "wormable," meaning it could spread without user interaction, making it particularly dangerous.

CVE-2024-38140: Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability

With a CVSS v3 base score of 9.8, this critical vulnerability affects the Windows Reliable Multicast Transport Driver. An unauthenticated attacker could exploit this vulnerability by sending specially crafted packets to a Windows Pragmatic General Multicast (PGM) open socket on the server. No user interaction is required for exploitation, increasing its potential impact.

CVE-2024-38166: Microsoft Dynamics 365 Cross-site Scripting Vulnerability

This critical vulnerability in Microsoft Dynamics 365 has a CVSS v3 base score of 8.2. An unauthenticated attacker could exploit this vulnerability by convincing a user to click on a specially crafted link, potentially leading to cross-site scripting attacks.

CVE-2024-38206: Microsoft Copilot Studio Information Disclosure Vulnerability

With a CVSS v3 base score of 8.5, this critical vulnerability in Microsoft Copilot Studio could allow an authenticated attacker to bypass Server-Side Request Forgery (SSRF) protection and disclose sensitive information over a network.

CVE-2024-38109: Azure Health Bot Elevation of Privilege Vulnerability

This critical vulnerability in Azure Health Bot has a CVSS v3 base score of 9.1. An authenticated attacker could exploit a Server-Side Request Forgery (SSRF) vulnerability to elevate privileges over a network.

CVE-2022-3775: Heap-based out-of-bounds write when rendering certain Unicode sequences

While Microsoft has not released detailed information about this vulnerability, it is rated as critical with a CVSS v3 base score of 7.1. It affects Windows Secure Boot and could potentially lead to a secure boot bypass.

Vulnerabilities by Category

In total, 88 vulnerabilities were addressed in August's Patch Tuesday. Elevation of Privilege (EoP) vulnerabilities lead the count this month, followed closely by Remote Code Execution (RCE) bugs. Here's a breakdown of the vulnerabilities by category:

  • Elevation of Privilege: 36

  • Remote Code Execution: 28

  • Information Disclosure: 8

  • Denial of Service: 6

  • Spoofing: 7

  • Security Feature Bypass: 4

Elevation of Privilege vulnerabilities continue to be a significant concern, representing 41% of the total patches this month. These types of vulnerabilities can allow attackers to gain higher-level permissions on a system, potentially leading to full system compromise.

Remote Code Execution vulnerabilities are the second most prevalent, accounting for 33% of the fixes. RCE flaws are particularly dangerous as they can allow attackers to execute arbitrary code on target systems, often leading to complete system takeover.

Information Disclosure vulnerabilities, while fewer in number, can still pose significant risks by potentially leaking sensitive data to unauthorized parties.

Denial of Service vulnerabilities, though less common this month, can still cause significant disruption to system availability if exploited.

Spoofing vulnerabilities, while not as numerous, can be leveraged in sophisticated phishing attacks or to bypass security controls.

Security Feature Bypass vulnerabilities, though least in number, can be particularly concerning as they may allow attackers to circumvent key security mechanisms.

The table below shows the CVE IDs mapped to these vulnerability types from Microsoft's August 2024 Patch Tuesday:

Vulnerability Category
CVE IDs
Elevation of Privilege
CVE-2024-38193, CVE-2024-38106, CVE-2024-38107, CVE-2024-38109, CVE-2024-38133, CVE-2024-38141, CVE-2024-38142, CVE-2024-38147, CVE-2024-38150, CVE-2024-38153, CVE-2024-38163, CVE-2024-38184, CVE-2024-38185, CVE-2024-38186, CVE-2024-38187, CVE-2024-38196, CVE-2024-38198, CVE-2024-38201, CVE-2024-38202, CVE-2024-38215, ... (36 total)
Remote Code Execution
CVE-2024-38063, CVE-2024-38140, CVE-2024-38159, CVE-2024-38160, CVE-2024-38189, CVE-2024-38199, CVE-2024-38131, CVE-2024-38138, CVE-2024-38152, CVE-2024-38161, CVE-2024-38170, CVE-2024-38171, CVE-2024-38172, CVE-2024-38173, ... (28 total)
Information Disclosure
CVE-2024-38118, CVE-2024-38122, CVE-2024-38123, CVE-2024-38151, CVE-2024-38155, CVE-2024-38167, CVE-2024-38206, CVE-2024-38214
Denial of Service
CVE-2024-38126, CVE-2024-38132, CVE-2024-38145, CVE-2024-38146, CVE-2024-38148, CVE-2024-38168
Spoofing
CVE-2024-37968, CVE-2024-38108, CVE-2024-38177, CVE-2024-38180, CVE-2024-38197, CVE-2024-38200, CVE-2024-38218
Security Feature Bypass
CVE-2024-21302, CVE-2024-38213, CVE-2023-40547, CVE-2022-2601

List of Products Patched in August 2024 Patch Tuesday Report

Microsoft's August 2024 Patch Tuesday includes updates for a broad range of its products, applications, and services. Here are the key products and components that have received patches:

Product Name
No. of Vulnerabilities Patched
Windows Message Queuing
20
Windows
16
Windows Layer 2 Tunneling Protocol
9
SQL Server
6
Microsoft Message Queuing
5
Skype for Business
4
Microsoft Office
3
Windows Kernel
3
Win32k
3
Cryptographic Services
3
.NET Framework
3
Windows TCP/IP
3
Windows Deployment Services
3
Microsoft Dynamics
3
Azure
2
Hyper-V
2
Windows Named Pipe File System
2
Azure SDK
2
Microsoft Graphics Component
2
Windows RDP
2
Microsoft QUIC
2
Remote Desktop Client
1
Microsoft SharePoint Server
1
Microsoft ODBC Driver
1
Microsoft Bluetooth Driver
1
Microsoft AllJoyn API
1
Windows Hyper-V
1
Windows Subsystem for Linux
1
Windows HTML Platform
1
Azure DevOps
1
Microsoft Windows Search Component
1
Windows Mixed Reality Developer Tools
1
Microsoft Common Data Model SDK
1
Windows Setup Files Cleanup
1
HTTP/2
1
Azure Real Time Operating System
1
Windows Active Template Library
1
Windows NT OS Kernel
1
Windows Resilient File System (ReFS)
1
Windows Client/Server Runtime Subsystem
1
Windows TPM
1
Windows Virtual Trusted Platform Module
1
Windows Mark of the Web (MOTW)
1
Active Directory Domain Services
1
Windows Microsoft DirectMusic
1
Microsoft WDAC OLE DB provider for SQL
1
Microsoft Windows Media Foundation
1
Windows DHCP Server
1
Windows Power Management Service
1
Windows Error Reporting
1
Windows Remote Procedure Call
1
Microsoft Exchange Server
1
Windows Runtime C++ Template Library
1
Windows IIS
1
Microsoft Edge (Chromium-based)
1
Windows IKE Extension
1

Complete List of Vulnerabilities Patched in August 2024 Patch Tuesday

Download the complete list of vulnerabilities by products patched in August 2024 Patch Tuesday here. 

Apps vulnerabilities

CVE
Title
Exploited?
Publicly disclosed?
CVSSv3 base score
Windows App Installer Spoofing Vulnerability
No
No
7.8

Azure vulnerabilities

CVE
Title
Exploited?
Publicly disclosed?
CVSSv3 base score
Azure Stack Hub Spoofing Vulnerability
No
No
9.3
Azure Health Bot Elevation of Privilege Vulnerability
No
No
9.1
Azure CycleCloud Remote Code Execution Vulnerability
No
No
7.8
Azure Connected Machine Agent Elevation of Privilege Vulnerability
No
No
7.8
Azure Connected Machine Agent Elevation of Privilege Vulnerability
No
No
7.8
Azure Stack Hub Elevation of Privilege Vulnerability
No
No
7

Browser vulnerabilities

CVE
Title
Exploited?
Publicly disclosed?
CVSSv3 base score
Microsoft Edge (HTML-based) Memory Corruption Vulnerability
No
No
8.4
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
No
No
6.5
Chromium: CVE-2024-7550 Type Confusion in V8
No
No
N/A
Chromium: CVE-2024-7536 Use after free in WebAudio
No
No
N/A
Chromium: CVE-2024-7535 Inappropriate implementation in V8
No
No
N/A
Chromium: CVE-2024-7534 Heap buffer overflow in Layout
No
No
N/A
Chromium: CVE-2024-7533 Use after free in Sharing
No
No
N/A
Chromium: CVE-2024-7532 Out of bounds memory access in ANGLE
No
No
N/A
Chromium: CVE-2024-7256 Insufficient data validation in Dawn
No
No
N/A
Chromium: CVE-2024-7255 Out of bounds read in WebTransport
No
No
N/A
Chromium: CVE-2024-6990 Uninitialized Use in Dawn
No
No
N/A
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
No
No
N/A

Developer Tools vulnerabilities

CVE
Title
Exploited?
Publicly disclosed?
CVSSv3 base score
.NET and Visual Studio Denial of Service Vulnerability
No
No
7.5
Azure IoT SDK Remote Code Execution Vulnerability
No
No
7
Azure IoT SDK Remote Code Execution Vulnerability
No
No
7
.NET and Visual Studio Information Disclosure Vulnerability
No
No
6.5

Mariner Windows ESU vulnerabilities

CVE
Title
Exploited?
Publicly disclosed?
CVSSv3 base score
Redhat: CVE-2022-2601 grub2 - Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass
No
No
8.6
Redhat: CVE-2022-3775 grub2 - Heap based out-of-bounds write when rendering certain Unicode sequences
No
No
7.1

Microsoft Dynamics vulnerabilities

CVE
Title
Exploited?
Publicly disclosed?
CVSSv3 base score
Microsoft Dynamics 365 Cross-site Scripting Vulnerability
No
No
8.2
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
No
No
8.2

Microsoft Office vulnerabilities

CVE
Title
Exploited?
Publicly disclosed?
CVSSv3 base score
Microsoft Project Remote Code Execution Vulnerability
Yes
No
8.8
Microsoft Copilot Studio Information Disclosure Vulnerability
No
No
8.5
Microsoft PowerPoint Remote Code Execution Vulnerability
No
No
7.8
Microsoft OfficePlus Elevation of Privilege Vulnerability
No
No
7.8
Microsoft Office Visio Remote Code Execution Vulnerability
No
No
7.8
Microsoft Excel Remote Code Execution Vulnerability
No
No
7.8
Microsoft Excel Remote Code Execution Vulnerability
No
No
7.1
Microsoft Outlook Remote Code Execution Vulnerability
No
No
6.7
Microsoft Teams for iOS Spoofing Vulnerability
No
No
6.5
Microsoft Office Spoofing Vulnerability
No
Yes
6.5

Windows vulnerabilities

CVE
Title
Exploited?
Publicly disclosed?
CVSSv3 base score
Windows Network Virtualization Remote Code Execution Vulnerability
No
No
9.1
Windows Network Virtualization Remote Code Execution Vulnerability
No
No
9.1
Windows Update Stack Elevation of Privilege Vulnerability
No
No
7.8
Windows Secure Kernel Mode Elevation of Privilege Vulnerability
No
No
7.8
Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability
No
No
7.8
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
No
No
7.8
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
No
No
7.8
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
No
No
7.8
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
No
No
7.8
Windows Kernel Elevation of Privilege Vulnerability
No
No
7.8
Windows DWM Core Library Elevation of Privilege Vulnerability
No
No
7.8
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
No
No
7.8
Microsoft DWM Core Library Elevation of Privilege Vulnerability
No
No
7.8
Windows Secure Channel Denial of Service Vulnerability
No
No
7.5
Windows Deployment Services Remote Code Execution Vulnerability
No
No
7.5
Windows Update Stack Elevation of Privilege Vulnerability
No
Yes
7.3
Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability
No
No
7
Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability
No
No
7
Windows Kernel Elevation of Privilege Vulnerability
Yes
No
7
Windows Mobile Broadband Driver Remote Code Execution Vulnerability
No
No
6.8
Windows Secure Kernel Mode Elevation of Privilege Vulnerability
No
Yes
6.7
Windows Compressed Folder Tampering Vulnerability
No
No
6.5
Security Center Broker Information Disclosure Vulnerability
No
No
5.5
Windows Bluetooth Driver Information Disclosure Vulnerability
No
No
4.4
Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability
No
No
4.2

Windows ESU vulnerabilities

CVE
Title
Exploited?
Publicly disclosed?
CVSSv3 base score
Windows TCP/IP Remote Code Execution Vulnerability
No
No
9.8
Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability
No
No
9.8
Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability
No
Yes
9.8
Windows SmartScreen Security Feature Bypass Vulnerability
No
No
8.8
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
No
No
8.8
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
No
No
8.8
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
No
No
8.8
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
No
No
8.8
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
No
No
8.8
Windows IP Routing Management Snapin Remote Code Execution Vulnerability
No
No
8.8
Windows IP Routing Management Snapin Remote Code Execution Vulnerability
No
No
8.8
Windows IP Routing Management Snapin Remote Code Execution Vulnerability
No
No
8.8
Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
No
No
8.8
Clipboard Virtual Channel Extension Remote Code Execution Vulnerability
No
No
8.8
Redhat: CVE-2023-40547 Shim - RCE in HTTP boot support may lead to secure boot bypass
No
No
8.3
Windows Kerberos Elevation of Privilege Vulnerability
No
No
8.1
Windows Power Dependency Coordinator Elevation of Privilege Vulnerability
Yes
No
7.8
Windows OLE Remote Code Execution Vulnerability
No
No
7.8
Windows Kernel Elevation of Privilege Vulnerability
No
No
7.8
Windows Hyper-V Elevation of Privilege Vulnerability
No
No
7.8
Windows Common Log File System Driver Elevation of Privilege Vulnerability
No
No
7.8
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Yes
No
7.8
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
No
No
7.8
NTFS Elevation of Privilege Vulnerability
No
No
7.8
Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
No
No
7.8
Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
No
No
7.8
Kernel Streaming Service Driver Elevation of Privilege Vulnerability
No
No
7.8
Windows Print Spooler Elevation of Privilege Vulnerability
No
No
7.5
Windows Network Address Translation (NAT) Denial of Service Vulnerability
No
No
7.5
Windows Network Address Translation (NAT) Denial of Service Vulnerability
No
No
7.5
Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability
No
No
7.5
Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability
No
No
7.5
Windows DNS Spoofing Vulnerability
No
No
7.5
Scripting Engine Memory Corruption Vulnerability
Yes
No
7.5
Windows Initial Machine Configuration Elevation of Privilege Vulnerability
No
No
6.8
Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
No
No
6.5
Windows Mark of the Web Security Feature Bypass Vulnerability
Yes
No
6.5
Windows Kernel Information Disclosure Vulnerability
No
No
5.5
Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability
No
No
5.5
Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability
No
No
5.5

Bottom Line

Microsoft's August 2024 Patch Tuesday addressed 88 vulnerabilities, including ten zero-day vulnerabilities, six of which were actively exploited in the wild. This release fixed a variety of vulnerability types, with Elevation of Privilege issues being most prevalent at 41% of the total, followed by Remote Code Execution at 33%.

Seven vulnerabilities were rated as Critical, including remote code execution flaws in Windows TCP/IP, Windows Network Virtualization, and the Windows Reliable Multicast Transport Driver (RMCAST). The two critical bugs in Windows Network Virtualization (CVE-2024-38159 and CVE-2024-38160) could allow guest-to-host escapes in virtualized environments, posing significant risks.

These zero-days span various components of the Windows ecosystem and should be prioritized for patching due to their active exploitation status.

Other important vulnerabilities include multiple remote code execution flaws in Office components, SharePoint Server, and the ODBC driver. Several privilege escalation vulnerabilities in Windows kernel and Azure services were also addressed.

In total, 88 security gaps were closed in this month's release. Here's a summary of the vulnerabilities by severity:

Severity
Count
Critical
7
Important
80
Moderate
1

Prioritizing the critical vulnerabilities and actively exploited zero-days can help mitigate the most pressing risks. However, given the broad scope of affected products and the variety of vulnerability types, organizations should strive to apply all relevant patches as soon as possible after appropriate testing.

This August Patch Tuesday underscores the ongoing importance of robust patch management practices and the need for organizations to stay vigilant against evolving security threats across Microsoft's product ecosystem.

We aim to keep readers informed each month in our Patch Tuesday reports. Please follow our website thesecmaster.com or subscribe to our social media pages on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium & Instagram to receive similar updates.

You may also like these articles:

Arun KL

Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.

Recently added

Report

View All

Learn More About Cyber Security Security & Technology

“Knowledge Arsenal: Empowering Your Security Journey through Continuous Learning”

Cybersecurity All-in-One For Dummies - 1st Edition

"Cybersecurity All-in-One For Dummies" offers a comprehensive guide to securing personal and business digital assets from cyber threats, with actionable insights from industry experts.

Tools

Featured

View All

Learn Something New with Free Email subscription

Subscribe

Subscribe