News

Microsoft August 2024 Patch Tuesday: Key Highlights

/ by tlblog

microsoft-patch-tuesday

Microsoft’s Patch Tuesday for August 2024 brings a substantial update, addressing a total of 88 vulnerabilities, including six that have already been exploited in the wild and four that have been publicly disclosed. This month’s update is critical for organizations to apply promptly, especially considering the higher-than-usual number of in-the-wild exploits and public disclosures.

Release Notes: https://msrc.microsoft.com/update-guide/releaseNote/2024-Aug

Key Highlights:

  • Total vulnerabilities addressed: 88
  • Exploited in the wild: 6
  • Publicly disclosed: 4
  • Critical Remote Code Execution (RCE) vulnerabilities: 5
  • Browser vulnerabilities (published separately): 11

Noteworthy Vulnerabilities

1. Windows OS Downgrade Attack

  • CVE-2024-38202 and CVE-2024-21302: These two vulnerabilities were revealed at the Black Hat conference by SafeBreach and involve the Windows Update Stack. The first, CVE-2024-38202, allows attackers to exploit the elevation of privilege by convincing an admin to perform a system restore, potentially leading to corruption in the Windows system files. The second, CVE-2024-21302, permits the replacement of updated Windows system files with older versions, reintroducing previously patched vulnerabilities. Notably, while patches are available for the latter, remediation requires careful application to avoid boot loops.

2. Windows WinSock (CVE-2024-38193)

  • This elevation of privilege (EoP) vulnerability in the Windows Ancillary Function Driver for WinSock has been exploited in the wild. Exploitation could grant attackers SYSTEM privileges through a use-after-free memory management flaw. Immediate patching is crucial.

3. Windows Power Dependency Coordinator (CVE-2024-38107)

  • Another EoP vulnerability that’s been exploited in the wild, this flaw also allows SYSTEM privileges with minimal attack complexity. Given its ease of exploitation, this should be prioritized.

4. Windows Kernel (CVE-2024-38106)

  • Exploited via a race condition related to memory locking, this vulnerability also results in SYSTEM privileges. Interestingly, no patch is available for Windows Server 2012, raising questions about the vulnerability’s origins or Microsoft’s patching strategy.

5. Windows SmartScreen (CVE-2024-38213)

  • This zero-day MotW bypass vulnerability allows attackers to circumvent SmartScreen warnings, leading to potential system compromise if a user opens a malicious file. Although less impactful than similar vulnerabilities, it remains a significant threat.

6. Edge Internet Explorer Mode (CVE-2024-38178)

  • Exploited in the wild, this vulnerability requires user interaction and specific conditions, such as enabling Internet Explorer mode in Edge. While its exploitation complexity is higher, it still poses a risk that should be mitigated through patching.

7. Microsoft Project (CVE-2024-38189)

  • This RCE vulnerability in Microsoft Project could be exploited if a user opens a malicious file, though its impact is limited by default settings that block macros from running.

8. Microsoft Office (CVE-2024-38200)

  • Disclosed last week, this spoofing vulnerability allows for NTLM hash exposure through a malicious link. Microsoft has already applied an alternative fix via Feature Flighting, but users should apply the August patches for full remediation.

9. Windows Line Printer Daemon (CVE-2024-38199)

  • This RCE vulnerability in the Windows Line Printer Daemon service could be exploited by sending a malicious print task across the network. Although less concerning for those who have migrated away from LPD, patches are available for affected systems.

Other Notable Updates

  • SharePoint and Exchange: No new vulnerabilities were reported this month, a welcome relief for admins managing these critical services.
  • Visual Studio for Mac: All versions will retire on August 31, 2024, and no further updates, including security patches, will be provided. Developers are encouraged to transition to the C# Dev Kit for Visual Studio Code.

Conclusion

This month’s Patch Tuesday is significant, with numerous critical updates that require immediate attention, particularly the six known-exploited vulnerabilities. Administrators should prioritize patching to mitigate these risks and ensure the security of their systems.

Tagged

You might also like

crowdstrike

Unpacking the Recent CrowdStrike Falcon Sensor Incident

On July 19, 2024, CrowdStrike faced a significant issue with its Falcon sensor update, causing system crashes for some Windows users. A thorough root cause analysis revealed a discrepancy in input fields within the sensor's Content Interpreter. CrowdStrike has implemented several mitigation steps and engaged third-party reviews to enhance the sensor's reliability and security.

Read more »

ublock chrome manifest v3

Updates: uBlock Origin Users Transition to Manifest v3

As Google Chrome transitions to Manifest v3, users of uBlock Origin need to prepare for significant changes. This shift affects the extension’s functionality and highlights the need to explore alternatives to maintain strong ad-blocking and cybersecurity measures. Learn more about the transition, the introduction of uBlock Origin Lite, and how to navigate this change effectively.

Read more »

Windows 11 March 2024 Security Update

Ensure your Windows 11 system stays secure and reliable with the March 2024 security update, addressing critical vulnerabilities and introducing improvements tailored to different system versions. Learn about the highlights, security vulnerabilities, and how to update in this comprehensive blog post.

Read more »

SpyShelter 15.0.2.503 is here

Experience enhanced cybersecurity with SpyShelter 15.0.2.503, featuring PUP protection, customizable alerts, and Extreme Privacy Mode for maximum digital defense.

Read more »

ShareX 16.0.0: Elevating Screen Capture to New Heights

ShareX 16.0.0 is the latest release in the evolution of screen capturing and sharing tools. With enhancements like improved screen recording, simplified scrolling capture, and powerful image editing features, ShareX continues to redefine what's possible for power users. Discover how ShareX 16.0.0 can streamline your workflow and elevate your creativity to new heights.

Read more »

GitHub RepoJacking: A Threat to Open Source Security

A recent analysis by AquaSec reveals that approximately 37,000 GitHub repositories, including those of tech giants like Google and Lyft, are vulnerable to RepoJacking—a hacking technique exploiting repository renaming. This threat exposes users to potential malicious code injection, highlighting the urgent need for proactive security measures.

Read more »

Windows 11 Build 22635.3286 Introduces Enhanced Copilot Text Assistance

Windows Insiders in the Beta Channel can now leverage enhanced Copilot text assistance in Windows 11 Build 22635.3286. Copilot dynamically assists with text-related tasks, offering a range of options like summarization and explanation upon text copying. Additionally, users can initiate actions with images seamlessly, further enhancing productivity within the Windows environment.

Read more »

Windows 10 KB5001716 Update Fails with Error 0x80070643: Troubleshooting and Fix

Microsoft's latest Windows 10 KB5001716 update rollout encounters a significant hurdle, with numerous users reporting installation failures accompanied by error code 0x80070643. Despite Microsoft's efforts to enhance system functionality, the update's deployment has been marred by widespread issues, prompting frustration among users.

Read more »

Cloudflare release: Firewall for AI

Cloudflare's Firewall for AI is a groundbreaking solution designed to safeguard Large Language Models (LLMs) from a range of threats. With advanced detection algorithms and comprehensive security measures, this innovative firewall ensures the integrity and reliability of AI-powered applications.

Read more »

AdwCleaner 8.4.2 Release: Enhancing Security and Stability

AdwCleaner 8.4.2 marks a significant step forward in combating adware and potentially unwanted programs. With enhanced security measures and stability improvements, this release ensures a seamless experience for users seeking to rid their systems of unwanted software.

Read more »

$2,751 Bounty Award: Avada WordPress Theme Vulnerability Patched

Discover the details behind the recent $2,751 bounty awarded for patching an arbitrary file upload vulnerability in the Avada WordPress theme. Learn about the responsible disclosure process, the technical analysis, and recommendations for safeguarding your website.

Read more »

$2,063 Bounty Awarded for Patched SQL Injection Vulnerability in Ultimate Member WordPress Plugin

Recently, a critical security flaw was discovered in Ultimate Member, a widely-used WordPress plugin, exposing over 200,000 websites to potential exploits. Learn how a $2,063 bounty was awarded for patching this SQL Injection vulnerability and how users can safeguard their sites against similar threats.

Read more »

To top

Table of Contents

Index

Discover more from ToolsLib Blog

Subscribe now to keep reading and get access to the full archive.

Continue reading