Tech News
Microsoft August Patch Tuesday Fixed 10 Zero-Day Vulnerabilities
The August 2024 Patch Tuesday Update bundle from Microsoft is substantial, with 10 zero-day fixes. This month’s security update also addressed 9 critical-severity vulnerabilities, patching a total of 94 bugs. The severity of the vulnerabilities addressed with August updates makes it imperative for all Microsoft users to promptly patch their systems.
Microsoft Released 10 Zero-Day Security Fixes
The most notable security patches with the August Patch Tuesday from Microsoft address the following 10 zero-day flaws. Out of these 10, 6 vulnerabilities were exploited before public disclosure and patching.
Publicly Exploited Zero-Days
- CVE-2024-38189 (CVSS 8.8; important): A remote code execution vulnerability in Microsoft Project that an adversary could exploit by enticing the victim to open a maliciously crafted Microsoft Office Project file.
- CVE-2024-38178 (CVSS 7.5; important): A memory corruption vulnerability in the Scripting Engine that an unauthenticated attacker could exploit by sending a maliciously crafted URL to the victim.
- CVE-2024-38193 (CVSS 7.8; important): A privilege escalation vulnerability in Windows Ancillary Function Driver for WinSock, granting SYSTEM privileges to an adversary. Microsoft did not provide extensive details about the exploitation.
- CVE-2024-38106 (CVSS 7.0; important): A privilege escalation flaw in Windows Kernel that could provide SYSTEM privileges to an adversary by triggering a race condition.
- CVE-2024-38107 (CVSS 7.8; important): A privilege escalation flaw affecting Windows Power Dependency Coordinator. Again, Microsoft did not reveal precise details about the exploit except that successful exploitation grants SYSTEM privileges to an attacker.
- CVE-2024-38213 (CVSS 6.5; moderate): A Windows Mark of the Web Security Feature Bypass that enables an adversary to bypass Windows SmartScreen. Exploiting the flaw requires luring the victim into opening a maliciously crafted file.
Publicly Disclosed Zero-Days
Although not exploited, the remaining 4 vulnerabilities became publicly known before Microsoft could address them. The tech giant shared mitigations for these vulnerabilities in the respective advisories.
- CVE-2024-38200 (CVSS 6.5; important): A spoofing vulnerability affecting Microsoft Office.
- CVE-2024-38199 (CVSS 9.8; important): Remote code execution vulnerability in the Windows Line Printer Daemon (LPD) Service.
- CVE-2024-21302 (CVSS 6.7; important): A privilege escalation vulnerability in Windows Secure Kernel Mode, exploiting which allowed SYSTEM privileges.
- CVE-2024-38202 (CVSS; important): A privilege escalation vulnerability in Windows Update Stack. This vulnerability, along with CVE-2024-21302, could enable downgrade attacks on unpatched Windows systems.
Other Important Patch Tuesday August 2024 Updates From Microsoft
In addition to the significant number of zero-day vulnerabilities, Microsoft also addressed 9 critical severity vulnerabilities and 74 important severity issues this month. These include various types of vulnerabilities such as denial of service, privilege escalation, information disclosure, remote code execution, security feature bypass, spoofing, tampering, and cross-site scripting.
Compared to the July Patch Tuesday, which tackled over 140 vulnerabilities, this month’s security update bundle includes 94 security fixes. Despite the seemingly lower number, it is crucial for users as it addresses numerous zero-day vulnerabilities and critical severity flaws. Therefore, all users must ensure their systems are updated promptly by manually checking for updates instead of relying on automatic updates.
We welcome your thoughts in the comments.
-
Destination3 months ago
Singapore Airlines CEO set to join board of Air India, BA News, BA
-
Tech News7 months ago
Bangladeshi police agents accused of selling citizens’ personal information on Telegram
-
Motivation6 months ago
The Top 20 Motivational Instagram Accounts to Follow (2024)
-
Guides & Tips5 months ago
Have Unlimited Korean Food at MANY Unlimited Topokki!
-
Guides & Tips5 months ago
Satisfy Your Meat and BBQ Cravings While in Texas
-
Gaming4 months ago
The Criterion Collection announces November 2024 releases, Seven Samurai 4K and more
-
Self Development7 months ago
Don’t Waste Your Time in Anger, Regrets, Worries and Grudges
-
Toys6 months ago
15 of the Best Trike & Tricycles Mums Recommend