Connect with us

Tech News

August Patch Tuesday proves busy with six zero-days to fix

Published

on

August Patch Tuesday proves busy with six zero-days to fix

IT administrators and security teams were hoping for a quiet summer but were left disappointed after Microsoft patched six actively exploited zero-day vulnerabilities and four additional issues in its latest Patch Tuesday update.

This month, malicious actors are targeting nine flaws, two of which are third-party issues from Red Hat, with critical severity ratings.

While none of these critical flaws are zero-days, they are still significant given the large number of fixes in this Patch Tuesday update, totaling over 100 once third-party issues are included.

Rapid7 lead software engineer, Adam Barnett, stated, “Microsoft has evidence of in-the-wild exploitation or public disclosure for 10 of the vulnerabilities published today, which is significantly more than usual.”

He added, “Patch Tuesday watchers will know that today’s haul of four publicly-disclosed vulnerabilities and six further exploited-in-the-wild vulnerabilities is a much larger batch than usual.”

Barnett also noted, “As something of an olive branch for defenders who may now be eyeing their to-do list with concern, Microsoft has not published any SharePoint or Exchange vulnerabilities this month.”

The six zero-days patched by Microsoft include:

  • CVE-2024-38106, an elevation of privilege (EoP) vulnerability in Windows Kernel;
  • CVE-2024-38107, an EoP vulnerability in Windows Power Dependency Coordinator;
  • CVE-2024-38178, a remote code execution vulnerability in Scripting Engine;
  • CVE-2024-38189, an RCE vulnerability in Microsoft Project;
  • CVE-2024-38193, an EoP vulnerability in Windows Ancillary Function Driver for WinSock;
  • CVE-2024-38213, a security feature bypass vulnerability in Windows Mark-of-the-Web.

According to Chris Goettl, Ivanti vice president of security products, updating the Windows operating system and Office will help mitigate most of the risks quickly.

Goettl highlighted CVE-2024-38189 as particularly impactful, as it allows attackers to execute arbitrary code on victims’ systems. However, there are mitigating factors such as policies to block macros and VBA macro notification settings.

For CVE-2024-38107, Goettl advised not to defer remediation despite the need for attackers to win a race condition. He urged users to consider risk-based guidance for all the zero-days listed.

The four flaws that have been publicly disclosed but not yet exploited in the wild are:

Scott Caveza, staff research engineer at Tenable, emphasized the importance of CVE-2024-38202 and CVE-2024-21302, which could allow attackers to downgrade or roll back software updates without victim interaction.

He also highlighted CVE-2024-38200, stating that it could expose NTLM hashes to remote attackers, potentially leading to NTLM relay attacks.

See also  ICO and NCA sign MoU to provide joint support for cyber crime victims

Trending