The August 2024 Patch Tuesday Replace bundle from Microsoft is large, with 10 zero-day fixes. This month’s safety replace additionally addressed 9 critical-severity vulnerabilities, patching 94 bugs in whole. The severity of the vulnerabilities addressed with August updates makes it essential for all Microsoft customers to patch their programs instantly.
Microsoft Launched 10 Zero-Day Safety Fixes
Essentially the most noteworthy safety patches with August Patch Tuesday from Microsoft handle the next 10 zero-day flaws. Out of those 10, the next 6 vulnerabilities went underneath assault prior public disclosure and patching.
Publicly Exploited Zero-Days
- CVE-2024-38189 (CVSS 8.8; essential): A distant code execution vulnerability in Microsoft Mission that an adversary might set off by luring the sufferer into opening a maliciously crafted Microsoft Workplace Mission file.
- CVE-2024-38178 (CVSS 7.5; essential): A reminiscence corruption vulnerability within the Scripting Engine that an unauthenticated attacker might exploit by sending a maliciously crafted URL to the sufferer.
- CVE-2024-38193 (CVSS 7.8; essential): A privilege escalation vulnerability in Home windows Ancillary Perform Driver for WinSock, permitting SYSTEM privileges to an adversary. Microsoft didn’t share many particulars in regards to the exploitation.
- CVE-2024-38106 (CVSS 7.0; essential): A privilege escalation flaw in Home windows Kernel that might permit SYSTEM privileges to an adversary upon triggering a race situation.
- CVE-2024-38107 (CVSS 7.8; essential): A privilege escalation flaw affecting Home windows Energy Dependency Coordinator. Once more, Microsoft didn’t share exact particulars in regards to the exploit moreover disclosing that profitable exploitation of this vulnerability grants SYSTEM privileges to an attacker.
- CVE-2024-38213 (CVSS 6.5; reasonable): A Home windows Mark of the Internet Safety Characteristic Bypass that permits an adversary to bypass Home windows SmartScreen. Exploiting the flaw requires an adversary to lure the sufferer into opening a maliciously crafted file.
Publicly Disclosed Zero-Days
Whereas not exploited, the remaining 4 vulnerabilities grew to become publicly recognized earlier than Microsoft might repair them. The tech big shared mitigations for these vulnerabilities within the respective advisories.
- CVE-2024-38200 (CVSS 6.5; essential): A spoofing vulnerability affecting Microsoft Workplace.
- CVE-2024-38199 (CVSS 9.8; essential): Distant code execution vulnerability within the Home windows Line Printer Daemon (LPD) Service.
- CVE-2024-21302 (CVSS 6.7; essential): A privilege escalation vulnerability in Home windows Safe Kernel Mode, exploiting which allowed SYSTEM privileges.
- CVE-2024-38202 (CVSS; essential): A privilege escalation vulnerability in Home windows Replace Stack. This vulnerability, along with CVE-2024-21302, might permit downgrade assaults that unpatch Home windows programs.
Different Necessary Patch Tuesday August 2024 Updates From Microsoft
Alongside the massive variety of zero-day vulnerabilities, Microsoft additionally addressed 9 essential severity vulnerabilities and 74 essential severity points this month. These embody 6 denial of service vulnerabilities, 30 privilege escalation points, 9 info disclosure flaws, 28 distant code execution vulnerabilities, 2 safety function bypass points, 4 spoofing flaws, a single tampering problem, and a pair of cross-site scripting vulnerabilities.
When in comparison with the July Patch Tuesday, which addressed over 140 vulnerabilities, this month’s safety replace bundle seems slightly modest in that it consists of 94 safety fixes. Nevertheless, it’s extra essential for customers because it addresses an enormous variety of zero-day vulnerabilities and significant severity flaws. Due to this fact, all customers should be certain that their programs are up to date as quickly as doable by manually checking for updates as a substitute of ready for the automated updates to reach.
Tell us your ideas within the feedback.