Microsoft’s Patch Tuesday for August 2024 brings a substantial update, addressing a total of 88 vulnerabilities, including six that have already been exploited in the wild and four that have been publicly disclosed. This month’s update is critical for organizations to apply promptly, especially considering the higher-than-usual number of in-the-wild exploits and public disclosures.
Release Notes: https://msrc.microsoft.com/update-guide/releaseNote/2024-Aug
Key Highlights:
- Total vulnerabilities addressed: 88
- Exploited in the wild: 6
- Publicly disclosed: 4
- Critical Remote Code Execution (RCE) vulnerabilities: 5
- Browser vulnerabilities (published separately): 11
Noteworthy Vulnerabilities
1. Windows OS Downgrade Attack
- CVE-2024-38202 and CVE-2024-21302: These two vulnerabilities were revealed at the Black Hat conference by SafeBreach and involve the Windows Update Stack. The first, CVE-2024-38202, allows attackers to exploit the elevation of privilege by convincing an admin to perform a system restore, potentially leading to corruption in the Windows system files. The second, CVE-2024-21302, permits the replacement of updated Windows system files with older versions, reintroducing previously patched vulnerabilities. Notably, while patches are available for the latter, remediation requires careful application to avoid boot loops.
2. Windows WinSock (CVE-2024-38193)
- This elevation of privilege (EoP) vulnerability in the Windows Ancillary Function Driver for WinSock has been exploited in the wild. Exploitation could grant attackers SYSTEM privileges through a use-after-free memory management flaw. Immediate patching is crucial.
3. Windows Power Dependency Coordinator (CVE-2024-38107)
- Another EoP vulnerability that’s been exploited in the wild, this flaw also allows SYSTEM privileges with minimal attack complexity. Given its ease of exploitation, this should be prioritized.
4. Windows Kernel (CVE-2024-38106)
- Exploited via a race condition related to memory locking, this vulnerability also results in SYSTEM privileges. Interestingly, no patch is available for Windows Server 2012, raising questions about the vulnerability’s origins or Microsoft’s patching strategy.
5. Windows SmartScreen (CVE-2024-38213)
- This zero-day MotW bypass vulnerability allows attackers to circumvent SmartScreen warnings, leading to potential system compromise if a user opens a malicious file. Although less impactful than similar vulnerabilities, it remains a significant threat.
6. Edge Internet Explorer Mode (CVE-2024-38178)
- Exploited in the wild, this vulnerability requires user interaction and specific conditions, such as enabling Internet Explorer mode in Edge. While its exploitation complexity is higher, it still poses a risk that should be mitigated through patching.
7. Microsoft Project (CVE-2024-38189)
- This RCE vulnerability in Microsoft Project could be exploited if a user opens a malicious file, though its impact is limited by default settings that block macros from running.
8. Microsoft Office (CVE-2024-38200)
- Disclosed last week, this spoofing vulnerability allows for NTLM hash exposure through a malicious link. Microsoft has already applied an alternative fix via Feature Flighting, but users should apply the August patches for full remediation.
9. Windows Line Printer Daemon (CVE-2024-38199)
- This RCE vulnerability in the Windows Line Printer Daemon service could be exploited by sending a malicious print task across the network. Although less concerning for those who have migrated away from LPD, patches are available for affected systems.
Other Notable Updates
- SharePoint and Exchange: No new vulnerabilities were reported this month, a welcome relief for admins managing these critical services.
- Visual Studio for Mac: All versions will retire on August 31, 2024, and no further updates, including security patches, will be provided. Developers are encouraged to transition to the C# Dev Kit for Visual Studio Code.
Conclusion
This month’s Patch Tuesday is significant, with numerous critical updates that require immediate attention, particularly the six known-exploited vulnerabilities. Administrators should prioritize patching to mitigate these risks and ensure the security of their systems.