Microsoft has released its August 2024 Patch Tuesday updates,addressing a total of 88 vulnerabilities across various products and services. This month's release includes patches for seven critical vulnerabilities and 80 important vulnerabilities, with one rated as moderate. Notably, this Patch Tuesday also includes fixes for 10 zero-day vulnerabilities, six of which were actively exploited in the wild.
Key highlights of the August 2024 Patch Tuesday include:
88 total vulnerabilities patched
7 critical vulnerabilities
80 important vulnerabilities
1 moderate vulnerability
10 zero-day vulnerabilities, including 6 actively exploited
41% of vulnerabilities are Elevation of Privilege (EoP)
33% of vulnerabilities are Remote Code Execution (RCE)
This month's updates cover a wide range of Microsoft products, including but not limited to Windows, Office, Azure, Dynamics 365, .NET Framework, and Microsoft Edge. Administrators and end users are strongly advised to apply these security updates promptly to mitigate potential risks.
The high number of zero-day vulnerabilities, especially those already exploited in the wild, underscores the importance of timely patching. Notable among these are vulnerabilities affecting Windows SmartScreen, the Windows kernel, and Microsoft Project.
In the following sections, we'll break down the most critical vulnerabilities, examine the zero-day threats, and provide guidance on prioritizing your patching efforts for this month's updates.
As part of August's Patch Tuesday, Microsoft addressed 88 vulnerabilities, including 10 zero-day vulnerabilities, six of which are being actively exploited in the wild. In addition to the Remote Code Execution (RCE) flaws, patches were released for privilege escalation bugs, information disclosure issues, spoofing weaknesses, security feature bypass, and denial of service vulnerabilities across a wide range of Microsoft products.
Key highlights are:
Total Flaws and Zero-Day Vulnerabilities: This Patch Tuesday update resolves 88 total bugs, with 10 zero-day vulnerabilities. Six of these zero-days were actively exploited in the wild.
Critical Flaws: Seven vulnerabilities were rated as Critical, including remote code execution flaws in Windows TCP/IP, Windows Network Virtualization, and the Windows Reliable Multicast Transport Driver (RMCAST).
Vulnerability Types: Elevation of Privilege (EoP) vulnerabilities accounted for 41% of the patches this month, followed by Remote Code Execution (RCE) at 33%. Other types include information disclosure, denial of service, and spoofing vulnerabilities.
Zero-Day Threats: The six actively exploited zero-days include vulnerabilities in Windows SmartScreen, Windows Kernel, Windows Power Dependency Coordinator, Windows Ancillary Function Driver for WinSock, Microsoft Project, and the Scripting Engine.
Critical-Rated Bugs: Notable critical vulnerabilities include an RCE in Windows TCP/IP (CVE-2024-38063), RCEs in Windows Network Virtualization (CVE-2024-38159 and CVE-2024-38160), and an RCE in the Windows Reliable Multicast Transport Driver (CVE-2024-38140).
Non-Critical Notables: Other important issues include multiple elevation of privilege vulnerabilities in the Windows kernel, Azure services, and various Windows components.
Key affected products include Windows, Office, Exchange Server, Azure, Dynamics 365, .NET Framework, Windows Hyper-V, and Microsoft Edge. Administrators and end users are advised to apply these security updates as soon as possible to ensure systems are not vulnerable to any of the fixed flaws.
This August Patch Tuesday stands out due to the high number of zero-day vulnerabilities and the range of critical issues addressed. It's crucial for organizations to prioritize these updates to protect against potential exploits, especially considering the actively exploited vulnerabilities.
Microsoft addressed ten zero-day vulnerabilities in the August 2024 Patch Tuesday release. Six of these vulnerabilities were being actively exploited in the wild prior to the patches being made available. Let's examine each of these critical vulnerabilities:
CVE ID
|
Title
|
Exploited?
|
Publicly disclosed?
|
CVSS v3 Base Score
|
CVE-2024-38178
|
Scripting Engine Memory Corruption Vulnerability
|
Yes
|
No
|
7.5
|
CVE-2024-38193
|
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
|
Yes
|
No
|
7.8
|
CVE-2024-38213
|
Windows Mark of the Web Security Feature Bypass Vulnerability
|
Yes
|
No
|
6.5
|
CVE-2024-38106
|
Windows Kernel Elevation of Privilege Vulnerability
|
Yes
|
No
|
7
|
CVE-2024-38107
|
Windows Power Dependency Coordinator Elevation of Privilege Vulnerability
|
Yes
|
No
|
7.8
|
CVE-2024-38189
|
Microsoft Project Remote Code Execution Vulnerability
|
Yes
|
No
|
8.8
|
CVE-2024-38199
|
Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability
|
No
|
Yes
|
9.8
|
CVE-2024-21302
|
Windows Secure Kernel Mode Elevation of Privilege Vulnerability
|
No
|
Yes
|
6.7
|
CVE-2024-38200
|
Microsoft Office Spoofing Vulnerability
|
No
|
Yes
|
6.5
|
CVE-2024-38202
|
Windows Update Stack Elevation of Privilege Vulnerability
|
No
|
Yes
|
7.3
|
This vulnerability is somewhat unusual as it requires the target to be using Edge in Internet Explorer mode. An attacker could exploit this vulnerability by convincing an authenticated user to click a specially crafted URL. The South Korean National Cyber Security Center (NCSC) and AhnLab disclosed the flaw as being exploited in attacks.
This vulnerability allows attackers to gain SYSTEM privileges on Windows systems. The flaw was discovered by Luigino Camastra and Milánek with Gen Digital. Successful exploitation could lead to complete system compromise.
This vulnerability allows attackers to bypass Windows Mark of the Web (MotW) security alerts. Exploitation could lead to circumvention of security warnings for files downloaded from the internet. The flaw was discovered by Peter Girnus of Trend Micro's Zero Day Initiative.
Microsoft fixed a Windows Kernel elevation of privileges flaw that gives SYSTEM privileges. Successful exploitation requires an attacker to win a race condition. This vulnerability highlights the ongoing importance of kernel-level security.
This flaw in the Windows Power Dependency Coordinator allows attackers to gain SYSTEM privileges on the affected device. The Power Dependency Coordinator is a component of Modern Standby, introduced in Windows 8 to allow devices to "instantly" wake from sleep.
This vulnerability in Microsoft Project allows for remote code execution. Exploitation requires the victim to open a malicious Microsoft Office Project file on a system where certain security features are disabled. This highlights the importance of maintaining default security settings in Microsoft Office products.
Although not actively exploited, this publicly disclosed vulnerability in the Windows Line Printer Daemon could allow an unauthenticated attacker to send a specially crafted print task to a shared vulnerable Windows LPD service, potentially resulting in remote code execution on the server.
This flaw was disclosed as part of a Windows Downdate downgrade attack presentation at Black Hat 2024. It allows attackers to gain elevated privileges to install malicious updates, potentially reintroducing old vulnerabilities to fully updated Windows systems.
This vulnerability in Microsoft Office could expose NTLM hashes. Attackers could exploit the flaw by tricking someone into opening a malicious file, which would then force Office to make an outbound connection to a remote share where attackers could steal sent NTLM hashes.
Also part of the Windows Downdate downgrade attack disclosure at Black Hat 2024, this vulnerability in the Windows Update Stack could allow an attacker with basic privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of Virtualization Based Security (VBS).
The high number of zero-day vulnerabilities, particularly those being actively exploited, underscores the critical nature of this month's Patch Tuesday. Organizations should prioritize the application of these patches to mitigate the risk of potential attacks leveraging these vulnerabilities.
Out of the 88 vulnerabilities addressed in the August 2024 Patch Tuesday, seven were rated as Critical. Let's examine these high-severity vulnerabilities in detail:
CVE ID
|
Title
|
CVSS v3 Base Score
|
Affected Component
|
CVE-2024-38159
|
Windows Network Virtualization Remote Code Execution Vulnerability
|
9.1
|
Windows Network Virtualization
|
CVE-2024-38160
|
Windows Network Virtualization Remote Code Execution Vulnerability
|
9.1
|
Windows Network Virtualization
|
CVE-2024-38063
|
Windows TCP/IP Remote Code Execution Vulnerability
|
9.8
|
Windows TCP/IP
|
CVE-2024-38140
|
Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability
|
9.8
|
Windows RMCAST
|
CVE-2024-38166
|
Microsoft Dynamics 365 Cross-site Scripting Vulnerability
|
8.2
|
Microsoft Dynamics 365
|
CVE-2024-38206
|
Microsoft Copilot Studio Information Disclosure Vulnerability
|
8.5
|
Microsoft Copilot Studio
|
CVE-2024-38109
|
Azure Health Bot Elevation of Privilege Vulnerability
|
9.1
|
Azure Health Bot
|
CVE-2022-3775
|
Heap-based out-of-bounds write when rendering certain Unicode sequences
|
7.1
|
Windows Secure Boot
|
These two vulnerabilities in Windows Network Virtualization could allow remote code execution. Both have a CVSS v3 base score of 9.1. An attacker could exploit these vulnerabilities by leveraging an unchecked return value in the wnv.sys component of Windows Server 2016. Successful exploitation could lead to unauthorized memory writes or freeing a valid block currently in use, potentially resulting in a critical guest-to-host escape in virtualized environments.
This critical vulnerability in Windows TCP/IP has a CVSS v3 base score of 9.8. An unauthenticated attacker could exploit this vulnerability by sending specially crafted IPv6 packets to a Windows machine, potentially leading to remote code execution. Microsoft notes that this vulnerability is "wormable," meaning it could spread without user interaction, making it particularly dangerous.
With a CVSS v3 base score of 9.8, this critical vulnerability affects the Windows Reliable Multicast Transport Driver. An unauthenticated attacker could exploit this vulnerability by sending specially crafted packets to a Windows Pragmatic General Multicast (PGM) open socket on the server. No user interaction is required for exploitation, increasing its potential impact.
This critical vulnerability in Microsoft Dynamics 365 has a CVSS v3 base score of 8.2. An unauthenticated attacker could exploit this vulnerability by convincing a user to click on a specially crafted link, potentially leading to cross-site scripting attacks.
With a CVSS v3 base score of 8.5, this critical vulnerability in Microsoft Copilot Studio could allow an authenticated attacker to bypass Server-Side Request Forgery (SSRF) protection and disclose sensitive information over a network.
This critical vulnerability in Azure Health Bot has a CVSS v3 base score of 9.1. An authenticated attacker could exploit a Server-Side Request Forgery (SSRF) vulnerability to elevate privileges over a network.
While Microsoft has not released detailed information about this vulnerability, it is rated as critical with a CVSS v3 base score of 7.1. It affects Windows Secure Boot and could potentially lead to a secure boot bypass.
In total, 88 vulnerabilities were addressed in August's Patch Tuesday. Elevation of Privilege (EoP) vulnerabilities lead the count this month, followed closely by Remote Code Execution (RCE) bugs. Here's a breakdown of the vulnerabilities by category:
Elevation of Privilege: 36
Remote Code Execution: 28
Information Disclosure: 8
Denial of Service: 6
Spoofing: 7
Security Feature Bypass: 4
Elevation of Privilege vulnerabilities continue to be a significant concern, representing 41% of the total patches this month. These types of vulnerabilities can allow attackers to gain higher-level permissions on a system, potentially leading to full system compromise.
Remote Code Execution vulnerabilities are the second most prevalent, accounting for 33% of the fixes. RCE flaws are particularly dangerous as they can allow attackers to execute arbitrary code on target systems, often leading to complete system takeover.
Information Disclosure vulnerabilities, while fewer in number, can still pose significant risks by potentially leaking sensitive data to unauthorized parties.
Denial of Service vulnerabilities, though less common this month, can still cause significant disruption to system availability if exploited.
Spoofing vulnerabilities, while not as numerous, can be leveraged in sophisticated phishing attacks or to bypass security controls.
Security Feature Bypass vulnerabilities, though least in number, can be particularly concerning as they may allow attackers to circumvent key security mechanisms.
The table below shows the CVE IDs mapped to these vulnerability types from Microsoft's August 2024 Patch Tuesday:
Vulnerability Category
|
CVE IDs
|
Elevation of Privilege
|
CVE-2024-38193, CVE-2024-38106, CVE-2024-38107, CVE-2024-38109, CVE-2024-38133, CVE-2024-38141, CVE-2024-38142, CVE-2024-38147, CVE-2024-38150, CVE-2024-38153, CVE-2024-38163, CVE-2024-38184, CVE-2024-38185, CVE-2024-38186, CVE-2024-38187, CVE-2024-38196, CVE-2024-38198, CVE-2024-38201, CVE-2024-38202, CVE-2024-38215, ... (36 total)
|
Remote Code Execution
|
CVE-2024-38063, CVE-2024-38140, CVE-2024-38159, CVE-2024-38160, CVE-2024-38189, CVE-2024-38199, CVE-2024-38131, CVE-2024-38138, CVE-2024-38152, CVE-2024-38161, CVE-2024-38170, CVE-2024-38171, CVE-2024-38172, CVE-2024-38173, ... (28 total)
|
Information Disclosure
|
CVE-2024-38118, CVE-2024-38122, CVE-2024-38123, CVE-2024-38151, CVE-2024-38155, CVE-2024-38167, CVE-2024-38206, CVE-2024-38214
|
Denial of Service
|
CVE-2024-38126, CVE-2024-38132, CVE-2024-38145, CVE-2024-38146, CVE-2024-38148, CVE-2024-38168
|
Spoofing
|
CVE-2024-37968, CVE-2024-38108, CVE-2024-38177, CVE-2024-38180, CVE-2024-38197, CVE-2024-38200, CVE-2024-38218
|
Security Feature Bypass
|
CVE-2024-21302, CVE-2024-38213, CVE-2023-40547, CVE-2022-2601
|
Microsoft's August 2024 Patch Tuesday includes updates for a broad range of its products, applications, and services. Here are the key products and components that have received patches:
Product Name
|
No. of Vulnerabilities Patched
|
Windows Message Queuing
|
20
|
Windows
|
16
|
Windows Layer 2 Tunneling Protocol
|
9
|
SQL Server
|
6
|
Microsoft Message Queuing
|
5
|
Skype for Business
|
4
|
Microsoft Office
|
3
|
Windows Kernel
|
3
|
Win32k
|
3
|
Cryptographic Services
|
3
|
.NET Framework
|
3
|
Windows TCP/IP
|
3
|
Windows Deployment Services
|
3
|
Microsoft Dynamics
|
3
|
Azure
|
2
|
Hyper-V
|
2
|
Windows Named Pipe File System
|
2
|
Azure SDK
|
2
|
Microsoft Graphics Component
|
2
|
Windows RDP
|
2
|
Microsoft QUIC
|
2
|
Remote Desktop Client
|
1
|
Microsoft SharePoint Server
|
1
|
Microsoft ODBC Driver
|
1
|
Microsoft Bluetooth Driver
|
1
|
Microsoft AllJoyn API
|
1
|
Windows Hyper-V
|
1
|
Windows Subsystem for Linux
|
1
|
Windows HTML Platform
|
1
|
Azure DevOps
|
1
|
Microsoft Windows Search Component
|
1
|
Windows Mixed Reality Developer Tools
|
1
|
Microsoft Common Data Model SDK
|
1
|
Windows Setup Files Cleanup
|
1
|
HTTP/2
|
1
|
Azure Real Time Operating System
|
1
|
Windows Active Template Library
|
1
|
Windows NT OS Kernel
|
1
|
Windows Resilient File System (ReFS)
|
1
|
Windows Client/Server Runtime Subsystem
|
1
|
Windows TPM
|
1
|
Windows Virtual Trusted Platform Module
|
1
|
Windows Mark of the Web (MOTW)
|
1
|
Active Directory Domain Services
|
1
|
Windows Microsoft DirectMusic
|
1
|
Microsoft WDAC OLE DB provider for SQL
|
1
|
Microsoft Windows Media Foundation
|
1
|
Windows DHCP Server
|
1
|
Windows Power Management Service
|
1
|
Windows Error Reporting
|
1
|
Windows Remote Procedure Call
|
1
|
Microsoft Exchange Server
|
1
|
Windows Runtime C++ Template Library
|
1
|
Windows IIS
|
1
|
Microsoft Edge (Chromium-based)
|
1
|
Windows IKE Extension
|
1
|
Download the complete list of vulnerabilities by products patched in August 2024 Patch Tuesday here.
CVE
|
Title
|
Exploited?
|
Publicly disclosed?
|
CVSSv3 base score
|
---|---|---|---|---|
Windows App Installer Spoofing Vulnerability
|
No
|
No
|
7.8
|
|
CVE
|
Title
|
Exploited?
|
Publicly disclosed?
|
CVSSv3 base score
|
---|---|---|---|---|
Azure Stack Hub Spoofing Vulnerability
|
No
|
No
|
9.3
|
|
Azure Health Bot Elevation of Privilege Vulnerability
|
No
|
No
|
9.1
|
|
Azure CycleCloud Remote Code Execution Vulnerability
|
No
|
No
|
7.8
|
|
Azure Connected Machine Agent Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Azure Connected Machine Agent Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Azure Stack Hub Elevation of Privilege Vulnerability
|
No
|
No
|
7
|
CVE
|
Title
|
Exploited?
|
Publicly disclosed?
|
CVSSv3 base score
|
---|---|---|---|---|
Microsoft Edge (HTML-based) Memory Corruption Vulnerability
|
No
|
No
|
8.4
|
|
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
|
No
|
No
|
6.5
|
|
Chromium: CVE-2024-7550 Type Confusion in V8
|
No
|
No
|
N/A
|
|
Chromium: CVE-2024-7536 Use after free in WebAudio
|
No
|
No
|
N/A
|
|
Chromium: CVE-2024-7535 Inappropriate implementation in V8
|
No
|
No
|
N/A
|
|
Chromium: CVE-2024-7534 Heap buffer overflow in Layout
|
No
|
No
|
N/A
|
|
Chromium: CVE-2024-7533 Use after free in Sharing
|
No
|
No
|
N/A
|
|
Chromium: CVE-2024-7532 Out of bounds memory access in ANGLE
|
No
|
No
|
N/A
|
|
Chromium: CVE-2024-7256 Insufficient data validation in Dawn
|
No
|
No
|
N/A
|
|
Chromium: CVE-2024-7255 Out of bounds read in WebTransport
|
No
|
No
|
N/A
|
|
Chromium: CVE-2024-6990 Uninitialized Use in Dawn
|
No
|
No
|
N/A
|
|
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
|
No
|
No
|
N/A
|
CVE
|
Title
|
Exploited?
|
Publicly disclosed?
|
CVSSv3 base score
|
---|---|---|---|---|
.NET and Visual Studio Denial of Service Vulnerability
|
No
|
No
|
7.5
|
|
Azure IoT SDK Remote Code Execution Vulnerability
|
No
|
No
|
7
|
|
Azure IoT SDK Remote Code Execution Vulnerability
|
No
|
No
|
7
|
|
.NET and Visual Studio Information Disclosure Vulnerability
|
No
|
No
|
6.5
|
CVE
|
Title
|
Exploited?
|
Publicly disclosed?
|
CVSSv3 base score
|
---|---|---|---|---|
Redhat: CVE-2022-2601 grub2 - Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass
|
No
|
No
|
8.6
|
|
Redhat: CVE-2022-3775 grub2 - Heap based out-of-bounds write when rendering certain Unicode sequences
|
No
|
No
|
7.1
|
CVE
|
Title
|
Exploited?
|
Publicly disclosed?
|
CVSSv3 base score
|
---|---|---|---|---|
Microsoft Dynamics 365 Cross-site Scripting Vulnerability
|
No
|
No
|
8.2
|
|
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
|
No
|
No
|
8.2
|
CVE
|
Title
|
Exploited?
|
Publicly disclosed?
|
CVSSv3 base score
|
---|---|---|---|---|
Microsoft Project Remote Code Execution Vulnerability
|
Yes
|
No
|
8.8
|
|
Microsoft Copilot Studio Information Disclosure Vulnerability
|
No
|
No
|
8.5
|
|
Microsoft PowerPoint Remote Code Execution Vulnerability
|
No
|
No
|
7.8
|
|
Microsoft OfficePlus Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Microsoft Office Visio Remote Code Execution Vulnerability
|
No
|
No
|
7.8
|
|
Microsoft Excel Remote Code Execution Vulnerability
|
No
|
No
|
7.8
|
|
Microsoft Excel Remote Code Execution Vulnerability
|
No
|
No
|
7.1
|
|
Microsoft Outlook Remote Code Execution Vulnerability
|
No
|
No
|
6.7
|
|
Microsoft Teams for iOS Spoofing Vulnerability
|
No
|
No
|
6.5
|
|
Microsoft Office Spoofing Vulnerability
|
No
|
Yes
|
6.5
|
CVE
|
Title
|
Exploited?
|
Publicly disclosed?
|
CVSSv3 base score
|
---|---|---|---|---|
Windows Network Virtualization Remote Code Execution Vulnerability
|
No
|
No
|
9.1
|
|
Windows Network Virtualization Remote Code Execution Vulnerability
|
No
|
No
|
9.1
|
|
Windows Update Stack Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Windows Secure Kernel Mode Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Windows Kernel Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Windows DWM Core Library Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Microsoft DWM Core Library Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Windows Secure Channel Denial of Service Vulnerability
|
No
|
No
|
7.5
|
|
Windows Deployment Services Remote Code Execution Vulnerability
|
No
|
No
|
7.5
|
|
Windows Update Stack Elevation of Privilege Vulnerability
|
No
|
Yes
|
7.3
|
|
Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability
|
No
|
No
|
7
|
|
Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability
|
No
|
No
|
7
|
|
Windows Kernel Elevation of Privilege Vulnerability
|
Yes
|
No
|
7
|
|
Windows Mobile Broadband Driver Remote Code Execution Vulnerability
|
No
|
No
|
6.8
|
|
Windows Secure Kernel Mode Elevation of Privilege Vulnerability
|
No
|
Yes
|
6.7
|
|
Windows Compressed Folder Tampering Vulnerability
|
No
|
No
|
6.5
|
|
Security Center Broker Information Disclosure Vulnerability
|
No
|
No
|
5.5
|
|
Windows Bluetooth Driver Information Disclosure Vulnerability
|
No
|
No
|
4.4
|
|
Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability
|
No
|
No
|
4.2
|
CVE
|
Title
|
Exploited?
|
Publicly disclosed?
|
CVSSv3 base score
|
---|---|---|---|---|
Windows TCP/IP Remote Code Execution Vulnerability
|
No
|
No
|
9.8
|
|
Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability
|
No
|
No
|
9.8
|
|
Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability
|
No
|
Yes
|
9.8
|
|
Windows SmartScreen Security Feature Bypass Vulnerability
|
No
|
No
|
8.8
|
|
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
Windows IP Routing Management Snapin Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
Windows IP Routing Management Snapin Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
Windows IP Routing Management Snapin Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
|
No
|
No
|
8.8
|
|
Clipboard Virtual Channel Extension Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
Redhat: CVE-2023-40547 Shim - RCE in HTTP boot support may lead to secure boot bypass
|
No
|
No
|
8.3
|
|
Windows Kerberos Elevation of Privilege Vulnerability
|
No
|
No
|
8.1
|
|
Windows Power Dependency Coordinator Elevation of Privilege Vulnerability
|
Yes
|
No
|
7.8
|
|
Windows OLE Remote Code Execution Vulnerability
|
No
|
No
|
7.8
|
|
Windows Kernel Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Windows Hyper-V Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Windows Common Log File System Driver Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
|
Yes
|
No
|
7.8
|
|
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
NTFS Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Kernel Streaming Service Driver Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Windows Print Spooler Elevation of Privilege Vulnerability
|
No
|
No
|
7.5
|
|
Windows Network Address Translation (NAT) Denial of Service Vulnerability
|
No
|
No
|
7.5
|
|
Windows Network Address Translation (NAT) Denial of Service Vulnerability
|
No
|
No
|
7.5
|
|
Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability
|
No
|
No
|
7.5
|
|
Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability
|
No
|
No
|
7.5
|
|
Windows DNS Spoofing Vulnerability
|
No
|
No
|
7.5
|
|
Scripting Engine Memory Corruption Vulnerability
|
Yes
|
No
|
7.5
|
|
Windows Initial Machine Configuration Elevation of Privilege Vulnerability
|
No
|
No
|
6.8
|
|
Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
|
No
|
No
|
6.5
|
|
Windows Mark of the Web Security Feature Bypass Vulnerability
|
Yes
|
No
|
6.5
|
|
Windows Kernel Information Disclosure Vulnerability
|
No
|
No
|
5.5
|
|
Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability
|
No
|
No
|
5.5
|
|
Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability
|
No
|
No
|
5.5
|
Microsoft's August 2024 Patch Tuesday addressed 88 vulnerabilities, including ten zero-day vulnerabilities, six of which were actively exploited in the wild. This release fixed a variety of vulnerability types, with Elevation of Privilege issues being most prevalent at 41% of the total, followed by Remote Code Execution at 33%.
Seven vulnerabilities were rated as Critical, including remote code execution flaws in Windows TCP/IP, Windows Network Virtualization, and the Windows Reliable Multicast Transport Driver (RMCAST). The two critical bugs in Windows Network Virtualization (CVE-2024-38159 and CVE-2024-38160) could allow guest-to-host escapes in virtualized environments, posing significant risks.
These zero-days span various components of the Windows ecosystem and should be prioritized for patching due to their active exploitation status.
Other important vulnerabilities include multiple remote code execution flaws in Office components, SharePoint Server, and the ODBC driver. Several privilege escalation vulnerabilities in Windows kernel and Azure services were also addressed.
In total, 88 security gaps were closed in this month's release. Here's a summary of the vulnerabilities by severity:
Severity
|
Count
|
Critical
|
7
|
Important
|
80
|
Moderate
|
1
|
Prioritizing the critical vulnerabilities and actively exploited zero-days can help mitigate the most pressing risks. However, given the broad scope of affected products and the variety of vulnerability types, organizations should strive to apply all relevant patches as soon as possible after appropriate testing.
This August Patch Tuesday underscores the ongoing importance of robust patch management practices and the need for organizations to stay vigilant against evolving security threats across Microsoft's product ecosystem.
We aim to keep readers informed each month in our Patch Tuesday reports. Please follow our website thesecmaster.com or subscribe to our social media pages on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium & Instagram to receive similar updates.
You may also like these articles:
Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.
“Knowledge Arsenal: Empowering Your Security Journey through Continuous Learning”
"Cybersecurity All-in-One For Dummies" offers a comprehensive guide to securing personal and business digital assets from cyber threats, with actionable insights from industry experts.
BurpGPT is a cutting-edge Burp Suite extension that harnesses the power of OpenAI's language models to revolutionize web application security testing. With customizable prompts and advanced AI capabilities, BurpGPT enables security professionals to uncover bespoke vulnerabilities, streamline assessments, and stay ahead of evolving threats.
PentestGPT, developed by Gelei Deng and team, revolutionizes penetration testing by harnessing AI power. Leveraging OpenAI's GPT-4, it automates and streamlines the process, making it efficient and accessible. With advanced features and interactive guidance, PentestGPT empowers testers to identify vulnerabilities effectively, representing a significant leap in cybersecurity.
Tenable BurpGPT is a powerful Burp Suite extension that leverages OpenAI's advanced language models to analyze HTTP traffic and identify potential security risks. By automating vulnerability detection and providing AI-generated insights, BurpGPT dramatically reduces manual testing efforts for security researchers, developers, and pentesters.
Microsoft Security Copilot is a revolutionary AI-powered security solution that empowers cybersecurity professionals to identify and address potential breaches effectively. By harnessing advanced technologies like OpenAI's GPT-4 and Microsoft's extensive threat intelligence, Security Copilot streamlines threat detection and response, enabling defenders to operate at machine speed and scale.