Tech News
August Patch Tuesday proves busy with six zero-days to fix
IT administrators and security teams were hoping for a quiet summer but were left disappointed after Microsoft patched six actively exploited zero-day vulnerabilities and four additional issues in its latest Patch Tuesday update.
This month, malicious actors are targeting nine flaws, two of which are third-party issues from Red Hat, with critical severity ratings.
While none of these critical flaws are zero-days, they are still significant given the large number of fixes in this Patch Tuesday update, totaling over 100 once third-party issues are included.
Rapid7 lead software engineer, Adam Barnett, stated, “Microsoft has evidence of in-the-wild exploitation or public disclosure for 10 of the vulnerabilities published today, which is significantly more than usual.”
He added, “Patch Tuesday watchers will know that today’s haul of four publicly-disclosed vulnerabilities and six further exploited-in-the-wild vulnerabilities is a much larger batch than usual.”
Barnett also noted, “As something of an olive branch for defenders who may now be eyeing their to-do list with concern, Microsoft has not published any SharePoint or Exchange vulnerabilities this month.”
The six zero-days patched by Microsoft include:
- CVE-2024-38106, an elevation of privilege (EoP) vulnerability in Windows Kernel;
- CVE-2024-38107, an EoP vulnerability in Windows Power Dependency Coordinator;
- CVE-2024-38178, a remote code execution vulnerability in Scripting Engine;
- CVE-2024-38189, an RCE vulnerability in Microsoft Project;
- CVE-2024-38193, an EoP vulnerability in Windows Ancillary Function Driver for WinSock;
- CVE-2024-38213, a security feature bypass vulnerability in Windows Mark-of-the-Web.
According to Chris Goettl, Ivanti vice president of security products, updating the Windows operating system and Office will help mitigate most of the risks quickly.
Goettl highlighted CVE-2024-38189 as particularly impactful, as it allows attackers to execute arbitrary code on victims’ systems. However, there are mitigating factors such as policies to block macros and VBA macro notification settings.
For CVE-2024-38107, Goettl advised not to defer remediation despite the need for attackers to win a race condition. He urged users to consider risk-based guidance for all the zero-days listed.
The four flaws that have been publicly disclosed but not yet exploited in the wild are:
Scott Caveza, staff research engineer at Tenable, emphasized the importance of CVE-2024-38202 and CVE-2024-21302, which could allow attackers to downgrade or roll back software updates without victim interaction.
He also highlighted CVE-2024-38200, stating that it could expose NTLM hashes to remote attackers, potentially leading to NTLM relay attacks.
-
Destination3 months ago
Singapore Airlines CEO set to join board of Air India, BA News, BA
-
Tech News7 months ago
Bangladeshi police agents accused of selling citizens’ personal information on Telegram
-
Motivation6 months ago
The Top 20 Motivational Instagram Accounts to Follow (2024)
-
Guides & Tips5 months ago
Have Unlimited Korean Food at MANY Unlimited Topokki!
-
Guides & Tips5 months ago
Satisfy Your Meat and BBQ Cravings While in Texas
-
Gaming4 months ago
The Criterion Collection announces November 2024 releases, Seven Samurai 4K and more
-
Self Development7 months ago
Don’t Waste Your Time in Anger, Regrets, Worries and Grudges
-
Toys6 months ago
15 of the Best Trike & Tricycles Mums Recommend