Microsoft August 2024 Patch Tuesday fixes 9 zero-days, 6 exploited

In the present day is Microsoft’s August 2024 Patch Tuesday, which incorporates security updates for 89 flaws, together with six actively exploited and three publicly disclosed zero-days. Microsoft remains to be engaged on an replace for a tenth publicly disclosed zero-day.

This Patch Tuesday mounted eight vital vulnerabilities, which had been a combination of elevation of privileges, distant code execution, and data disclosure.

The variety of bugs in every vulnerability class is listed beneath:

• 36 Elevation of Privilege Vulnerabilities
• 4 Safety Function Bypass Vulnerabilities
• 28 Distant Code Execution Vulnerabilities
• 8 Info Disclosure Vulnerabilities
• 6 Denial of Service Vulnerabilities
• 7 Spoofing Vulnerabilities

The variety of bugs listed above don’t embrace Microsoft Edge flaws that had been disclosed earlier this month.

To study extra in regards to the non-security updates launched in the present day, you possibly can overview our devoted articles on the brand new Home windows 11 KB5041585 replace  and Home windows 10 KB5041580 replace.

Have a tendency zero-days disclosed

This month’s Patch Tuesday fixes six actively exploited and three different publicly disclosed zero-day vulnerabilities. One other publicly disclosed zero-day stays unfixed right now, however Microsoft is engaged on an replace.

Microsoft classifies a zero-day flaw as one that’s publicly disclosed or actively exploited whereas no official repair is offered.

The six actively exploited zero-day vulnerabilities in in the present day’s updates are:

CVE-2024-38178 – Scripting Engine Reminiscence Corruption Vulnerability

Microsoft says that the assault requires an authenticated consumer to click on a hyperlink to ensure that an unauthenticated attacker to provoke distant code execution.

The hyperlink should be clicked in Microsoft Edge in Web Explorer mode, making it a difficult flaw to use.

Nonetheless, even with these pre-requisites, the South Korean Nationwide Cyber Safety Heart(NCSC) and AhnLab disclosed the flaw as being exploited in assaults.

CVE-2024-38193 – Home windows Ancillary Operate Driver for WinSock Elevation of Privilege Vulnerability

This vulnerability permits assaults to achieve SYSTEM privileges on Home windows programs.

The flaw was found by Luigino Camastra and Milánek with Gen Digital however Microsoft didn’t share any particulars on the way it was disclosed.

CVE-2024-38213 – Home windows Mark of the Net Safety Function Bypass Vulnerability

This vulnerability permits attackers to create information that bypass Home windows Mark of the Net security alerts.

This security characteristic has been topic to quite a few bypasses over the 12 months as it’s a gorgeous goal for menace actors who conduct phishing campaigns.

Microsoft says the flaw was found by Peter Girnus of Development Micro’s Zero Day Initiative however didn’t share how it’s exploited in assaults.

CVE-2024-38106 – Home windows Kernel Elevation of Privilege Vulnerability

Microsoft mounted a Home windows Kernel elevation of privileges flaw that provides SYSTEM privileges.

“Profitable exploitation of this vulnerability requires an attacker to win a race situation,” explains Microsoft’s advisory.

“An attacker who efficiently exploited this vulnerability might acquire SYSTEM privileges,” continued Microsoft.

Microsoft has not shared who disclosed the flaw and the way it was exploited.

CVE-2024-38107 – Home windows Energy Dependency Coordinator Elevation of Privilege Vulnerability

Microsoft mounted a flaw that provides attackers SYSTEM privileges on the Home windows gadget.

Microsoft has not shared who disclosed the flaw and the way it was exploited.

CVE-2024-38189 – Microsoft Challenge Distant Code Execution Vulnerability

Microsoft mounted a Microsoft Challenge distant code execution vulnerability that requires security options to be disabled for exploitation.

“Exploitation requires the sufferer to open a malicious Microsoft Workplace Challenge file on a system the place the Block macros from operating in Workplace information from the Web coverage is disabled and VBA Macro Notification Settings will not be enabled permitting the attacker to carry out distant code execution,” clarify the advisory.

Microsoft says that the attackers would wish to trick a consumer into opening the malicious file, equivalent to by way of phishing assaults or by luring customers to web sites internet hosting the file.

Microsoft has not disclosed who found the vulnerability or the way it was exploited in assaults.

The 4 publicly disclosed vulnerabilities are:

CVE-2024-38199 – Home windows Line Printer Daemon (LPD) Service Distant Code Execution Vulnerability

Microsoft has mounted a distant code execution vulnerability within the Home windows Line Printer Daemon.

“An unauthenticated attacker might ship a specifically crafted print job to a shared weak Home windows Line Printer Daemon (LPD) service throughout a community. Profitable exploitation might lead to distant code execution on the server,” explains Microsoft’s advisory.

This vulnerability is listed as publicly disclosed however the one that disclosed it wished to stay Nameless.

CVE-2024-21302 – Home windows Safe Kernel Mode Elevation of Privilege Vulnerability

This flaw was disclosed by SafeBreach security researcher Alon Leviev as a part of a Home windows Downdate downgrade assault discuss at Black Hat 2024.

The Home windows Downdate assault unpatches totally up to date Home windows 10, Home windows 11, and Home windows Server programs to reintroduce previous vulnerabilities utilizing specifically crafted updates.

This flaw allowed the attackers to achieve elevated privileges to put in the malicious updates.

CVE-2024-38200 – Microsoft Workplace Spoofing Vulnerability

Microsoft mounted a Microsoft Workplace vulnerability that exposes NTLM hashes as disclosed within the “NTLM – The final experience” Defcon discuss.

Attackers might exploit the flaw by tricking somebody into opening a malicious file, which might then drive Workplace to make an outbound hook up with a distant share the place attackers might steal despatched NTLM hashes.

The flaw was found by Jim Rush with PrivSec and was already mounted by way of Microsoft Workplace Function Flighting on 7/30/2024.

CVE-2024-38202 – Home windows Replace Stack Elevation of Privilege Vulnerability

This flaw was additionally a part of the Home windows Downdate downgrade assault discuss at Black Hat 2024.

Microsoft is growing a security replace to mitigate this menace, however it’s not but out there.

Current updates from different firms

Different distributors who launched updates or advisories in August 2024 embrace:

• 0.0.0.0 Day flaw permits malicious web sites to bypass browser security options and entry companies on a neighborhood community.
• Android August security updates fixes actively exploited RCE.
• CISA warned of Cisco Sensible Set up (SMI) characteristic being abused in assaults.
• Cisco warns of vital RCE flaws in end-of-life Small Enterprise SPA 300 and SPA 500 collection IP telephones.
• New GhostWrite flaw  GhostWrite vulnerability lets unprivileged attackers learn and write to the pc’s reminiscence on T-Head XuanTie C910 and C920 RISC-V CPUs and management peripheral units.
• Ivanti releases security replace for vital vTM auth bypass with public exploit.
• Microsoft warned about new Workplace flaw tracked as CVE-2024-38200 that leaks NTLM hashes.
• New SinkClose flaw lets attackers acquire Ring -2 privileges on AMD CPUs.
• New Linux SLUBStick flaw converts a restricted heap vulnerability into an arbitrary reminiscence read-and-write functionality.
• New Home windows DownDate flaw lets attackers downgrade the working system to reintroduce vulnerabilities.

The August 2024 Patch Tuesday Safety Updates

Beneath is the whole checklist of resolved vulnerabilities within the August 2024 Patch Tuesday updates.

To entry the complete description of every vulnerability and the programs it impacts, you possibly can view the full report right here.