In its August 2024 Patch Tuesday release, Microsoft addressed 88 vulnerabilities, including seven critical flaws and ten zero-day vulnerabilities. Notably, six of these zero-day vulnerabilities are currently being actively exploited in the wild, underscoring the urgent need for organizations to implement patches without delay.
Comprehensive Update Scope
This extensive update affects a wide range of Microsoft products, including:
- Microsoft Office and Components
- Microsoft Windows DNS
- Windows TCP/IP
- Microsoft Teams
- Windows Secure Boot
- Windows Secure Kernel Mode
- Windows Security Center
- Windows SmartScreen
- Windows App Installer
- Windows Scripting
The vulnerabilities covered include various types such as Spoofing, Denial of Service (DoS), Elevation of Privilege (EoP), Cross-site Scripting (XSS), Information Disclosure, Security Feature Bypass, and the severe Remote Code Execution (RCE).
Zero-Day Vulnerabilities Demand Immediate Attention
The six actively exploited zero-day vulnerabilities, along with three additional publicly disclosed zero-days (CVE-2024-21302, CVE-2024-38202, and CVE-2024-38199), pose a significant threat to both organizations and individuals. Additionally, there is a tenth publicly disclosed zero-day vulnerability (CVE-2024-38200) for which Microsoft has not yet released a patch, further compounding the risk.
Key Zero-Day Vulnerabilities
The following actively exploited zero-day vulnerabilities were addressed in this Patch Tuesday release:
- CVE-2024-38178: Scripting Engine Memory Corruption Vulnerability
Exploitable when an attacker convinces an authenticated user to visit a specially crafted URL, leading to memory corruption within the scripting engine and potentially arbitrary code execution.
- CVE-2024-38193: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
This flaw allows attackers to gain SYSTEM privileges by targeting a kernel entry point within the Windows Ancillary Function Driver (AFD) for WinSock, posing a significant security risk due to the potential for deep system access.
- CVE-2024-38213: Windows SmartScreen Security Feature Bypass Vulnerability
This vulnerability enables attackers to bypass Windows SmartScreen, designed to protect users from malicious websites and downloads. By tricking users into opening a malicious file, the attacker can circumvent SmartScreen’s defenses, leading to further attacks.
- CVE-2024-38106: Windows Kernel Elevation of Privilege Vulnerability
Involving a race condition within the Windows kernel, this vulnerability can be exploited to gain SYSTEM privileges. Given the kernel’s role as the core of the OS, successful exploitation could have system-wide impacts.
- CVE-2024-38189: Microsoft Project Remote Code Execution Vulnerability
Attackers can exploit this vulnerability in Microsoft Project via email or web-based attacks, potentially leading to remote code execution if a user is tricked into opening a malicious file.
- CVE-2024-38107: Windows Power Dependency Coordinator Elevation of Privilege Vulnerability
This flaw in the Power Dependency Coordinator component of Modern Standby could allow attackers to gain SYSTEM privileges, presenting a significant risk to affected systems.
CISA’s Response and Recommendations
In response to these threats, the Cybersecurity and Infrastructure Security Agency (CISA) has added the actively exploited vulnerabilities to its Known Exploited Vulnerabilities Catalog. CISA has mandated that federal agencies patch these vulnerabilities by September 3, 2024.
Recommendation: All users and organizations are strongly advised to prioritize patching these vulnerabilities immediately to mitigate potential risks and safeguard their systems.
