Microsoft August 2024 Patch Tuesday fixes 9 zero-days, 6 exploited
15 mins read

Microsoft August 2024 Patch Tuesday fixes 9 zero-days, 6 exploited

Today is Microsoft’s August 2024 Patch Tuesday, which includes security updates for 89 flaws, including six actively exploited and three publicly disclosed zero-days. Microsoft is still working on an update for a tenth publicly disclosed zero-day.

This Patch Tuesday fixed eight critical vulnerabilities, which were a mixture of elevation of privileges, remote code execution, and information disclosure.

The number of bugs in each vulnerability category is listed below:

  • 36 Elevation of Privilege Vulnerabilities
  • 4 Security Feature Bypass Vulnerabilities
  • 28 Remote Code Execution Vulnerabilities
  • 8 Information Disclosure Vulnerabilities
  • 6 Denial of Service Vulnerabilities
  • 7 Spoofing Vulnerabilities

The number of bugs listed above do not include Microsoft Edge flaws that were disclosed earlier this month.

Ten zero-days disclosed

This month’s Patch Tuesday fixes six actively exploited and three other publicly disclosed zero-day vulnerabilities. Another publicly disclosed zero-day remains unfixed at this time, but Microsoft is working on an update.

Microsoft classifies a zero-day flaw as one that is publicly disclosed or actively exploited while no official fix is available.

The six actively exploited zero-day vulnerabilities in today’s updates are:

CVE-2024-38178 – Scripting Engine Memory Corruption Vulnerability

Microsoft says that the attack requires an authenticated client to click a link in order for an unauthenticated attacker to initiate remote code execution.

The link must be clicked in Microsoft Edge in Internet Explorer mode, making it a tricky flaw to exploit.

However, even with these pre-requisites, the South Korean National Cyber Security Center(NCSC) and AhnLab disclosed the flaw as being exploited in attacks.

CVE-2024-38193 – Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

This vulnerability allows attacks to gain SYSTEM privileges on Windows systems.

The flaw was discovered by Luigino Camastra and Milánek with Gen Digital but Microsoft did not share any details on how it was disclosed.

CVE-2024-38213 – Windows Mark of the Web Security Feature Bypass Vulnerability

This vulnerability allows attackers to create files that bypass Windows Mark of the Web security alerts.

This security feature has been subject to numerous bypasses over the year as it is an attractive target for threat actors who conduct phishing campaigns.

Microsoft says the flaw was discovered by Peter Girnus of Trend Micro’s Zero Day Initiative but did not share how it is exploited in attacks.

CVE-2024-38106 – Windows Kernel Elevation of Privilege Vulnerability

Microsoft fixed a Windows Kernel elevation of privileges flaw that gives SYSTEM privileges.

“Successful exploitation of this vulnerability requires an attacker to win a race condition,” explains Microsoft’s advisory.

“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” continued Microsoft.

Microsoft has not shared who disclosed the flaw and how it was exploited.

CVE-2024-38107 – Windows Power Dependency Coordinator Elevation of Privilege Vulnerability

Microsoft fixed a flaw that gives attackers SYSTEM privileges on the Windows device.

Microsoft has not shared who disclosed the flaw and how it was exploited.

CVE-2024-38189 – Microsoft Project Remote Code Execution Vulnerability

Microsoft fixed a Microsoft Project remote code execution vulnerability that requires security features to be disabled for exploitation.

“Exploitation requires the victim to open a malicious Microsoft Office Project file on a system where the Block macros from running in Office files from the Internet policy is disabled and VBA Macro Notification Settings are not enabled allowing the attacker to perform remote code execution,” explain the advisory.

Microsoft says that the attackers would need to trick a user into opening the malicious file, such as through phishing attacks or by luring users to websites hosting the file.

Microsoft has not disclosed who discovered the vulnerability or how it was exploited in attacks.

The four publicly disclosed vulnerabilities are:

CVE-2024-38199 – Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability

Microsoft has fixed a remote code execution vulnerability in the Windows Line Printer Daemon.

“An unauthenticated attacker could send a specially crafted print task to a shared vulnerable Windows Line Printer Daemon (LPD) service across a network. Successful exploitation could result in remote code execution on the server,” explains Microsoft’s advisory.

This vulnerability is listed as publicly disclosed but the person who disclosed it wished to remain Anonymous.

CVE-2024-21302 – Windows Secure Kernel Mode Elevation of Privilege Vulnerability

This flaw was disclosed by SafeBreach security researcher Alon Leviev as part of a Windows Downdate downgrade attack talk at Black Hat 2024.

The Windows Downdate attack unpatches fully updated Windows 10, Windows 11, and Windows Server systems to reintroduce old vulnerabilities using specially crafted updates.

This flaw allowed the attackers to gain elevated privileges to install the malicious updates.

CVE-2024-38200 – Microsoft Office Spoofing Vulnerability

Microsoft fixed a Microsoft Office vulnerability that exposes NTLM hashes as disclosed in the “NTLM – The last ride” Defcon talk.

Attackers could exploit the flaw by tricking someone into opening a malicious file, which would then force Office to make an outbound connect to a remote share where attackers could steal sent NTLM hashes.

The flaw was discovered by Jim Rush with PrivSec and was already fixed via Microsoft Office Feature Flighting on 7/30/2024.

CVE-2024-38202 – Windows Update Stack Elevation of Privilege Vulnerability

This flaw was also part of the Windows Downdate downgrade attack talk at Black Hat 2024.

Microsoft is developing a security update to mitigate this threat, but it is not yet available.

Recent updates from other companies

Other vendors who released updates or advisories in August 2024 include:

  • 0.0.0.0 Day flaw allows malicious websites to bypass browser security features and access services on a local network.
  • Android August security updates fixes actively exploited RCE.
  • CISA warned of Cisco Smart Install (SMI) feature being abused in attacks.
  • Cisco warns of critical RCE flaws in end-of-life Small Business SPA 300 and SPA 500 series IP phones.
  • New GhostWrite vulnerability lets unprivileged attackers read and write to the computer’s memory on T-Head XuanTie C910 and C920 RISC-V CPUs and control peripheral devices.
  • Ivanti releases security updates for critical vTM auth bypass with public exploit.
  • Microsoft warned about a new Office flaw tracked as CVE-2024-38200 that leaks NTLM hashes.
  • New SinkClose flaw lets attackers gain Ring -2 privileges on AMD CPUs.
  • New Linux SLUBStick flaw converts a limited heap vulnerability into an arbitrary memory read-and-write capability.
  • New Windows DownDate flaw lets attackers downgrade the operating system to reintroduce vulnerabilities.

The August 2024 Patch Tuesday Security Updates

Below is the complete list of resolved vulnerabilities in the August 2024 Patch Tuesday updates.

To access the full description of each vulnerability and the systems it affects, you can view the full report here.

TagCVE IDCVE TitleSeverity
.NET and Visual StudioCVE-2024-38168.NET and Visual Studio Denial of Service VulnerabilityImportant
.NET and Visual StudioCVE-2024-38167.NET and Visual Studio Information Disclosure VulnerabilityImportant
Azure Connected Machine AgentCVE-2024-38162Azure Connected Machine Agent Elevation of Privilege VulnerabilityImportant
Azure Connected Machine AgentCVE-2024-38098Azure Connected Machine Agent Elevation of Privilege VulnerabilityImportant
Azure CycleCloudCVE-2024-38195Azure CycleCloud Remote Code Execution VulnerabilityImportant
Azure Health BotCVE-2024-38109Azure Health Bot Elevation of Privilege VulnerabilityCritical
Azure IoT SDKCVE-2024-38158Azure IoT SDK Remote Code Execution VulnerabilityImportant
Azure IoT SDKCVE-2024-38157Azure IoT SDK Remote Code Execution VulnerabilityImportant
Azure StackCVE-2024-38108Azure Stack Hub Spoofing VulnerabilityImportant
Azure StackCVE-2024-38201Azure Stack Hub Elevation of Privilege VulnerabilityImportant
Line Printer Daemon Service (LPD)CVE-2024-38199Windows Line Printer Daemon (LPD) Service Remote Code Execution VulnerabilityImportant
Microsoft Bluetooth DriverCVE-2024-38123Windows Bluetooth Driver Information Disclosure VulnerabilityImportant
Microsoft Copilot StudioCVE-2024-38206Microsoft Copilot Studio Information Disclosure VulnerabilityCritical
Microsoft DynamicsCVE-2024-38166Microsoft Dynamics 365 Cross-site Scripting VulnerabilityCritical
Microsoft DynamicsCVE-2024-38211Microsoft Dynamics 365 (on-premises) Cross-site Scripting VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2024-7256Chromium: CVE-2024-7256 Insufficient data validation in DawnUnknown
Microsoft Edge (Chromium-based)CVE-2024-7536Chromium: CVE-2024-7550 Type Confusion in V8Unknown
Microsoft Edge (Chromium-based)CVE-2024-6990Chromium: CVE-2024-6990 Uninitialized Use in DawnUnknown
Microsoft Edge (Chromium-based)CVE-2024-7255Chromium: CVE-2024-7255 Out of bounds read in WebTransportUnknown
Microsoft Edge (Chromium-based)CVE-2024-7534Chromium: CVE-2024-7535 Inappropriate implementation in V8Unknown
Microsoft Edge (Chromium-based)CVE-2024-7532Chromium: CVE-2024-7533 Use after free in SharingUnknown
Microsoft Edge (Chromium-based)CVE-2024-7550Chromium: CVE-2024-7532 Out of bounds memory access in ANGLEUnknown
Microsoft Edge (Chromium-based)CVE-2024-7535Chromium: CVE-2024-7536 Use after free in WebAudioUnknown
Microsoft Edge (Chromium-based)CVE-2024-7533Chromium: CVE-2024-7534 Heap buffer overflow in LayoutUnknown
Microsoft Edge (Chromium-based)CVE-2024-38218Microsoft Edge (HTML-based) Memory Corruption VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2024-38219Microsoft Edge (Chromium-based) Remote Code Execution VulnerabilityModerate
Microsoft Edge (Chromium-based)CVE-2024-38222Microsoft Edge (Chromium-based) Information Disclosure VulnerabilityUnknown
Microsoft Local Security Authority Server (lsasrv)CVE-2024-38118Microsoft Local Security Authority (LSA) Server Information Disclosure VulnerabilityImportant
Microsoft Local Security Authority Server (lsasrv)CVE-2024-38122Microsoft Local Security Authority (LSA) Server Information Disclosure VulnerabilityImportant
Microsoft OfficeCVE-2024-38200Microsoft Office Spoofing VulnerabilityImportant
Microsoft OfficeCVE-2024-38084Microsoft OfficePlus Elevation of Privilege VulnerabilityImportant
Microsoft Office ExcelCVE-2024-38172Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2024-38170Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office OutlookCVE-2024-38173Microsoft Outlook Remote Code Execution VulnerabilityImportant
Microsoft Office PowerPointCVE-2024-38171Microsoft PowerPoint Remote Code Execution VulnerabilityImportant
Microsoft Office ProjectCVE-2024-38189Microsoft Project Remote Code Execution VulnerabilityImportant
Microsoft Office VisioCVE-2024-38169Microsoft Office Visio Remote Code Execution VulnerabilityImportant
Microsoft Streaming ServiceCVE-2024-38134Kernel Streaming WOW Thunk Service Driver Elevation of Privilege VulnerabilityImportant
Microsoft Streaming ServiceCVE-2024-38144Kernel Streaming WOW Thunk Service Driver Elevation of Privilege VulnerabilityImportant
Microsoft Streaming ServiceCVE-2024-38125Kernel Streaming WOW Thunk Service Driver Elevation of Privilege VulnerabilityImportant
Microsoft TeamsCVE-2024-38197Microsoft Teams for iOS Spoofing VulnerabilityImportant
Microsoft WDAC OLE DB provider for SQLCVE-2024-38152Windows OLE Remote Code Execution VulnerabilityImportant
Microsoft Windows DNSCVE-2024-37968Windows DNS Spoofing VulnerabilityImportant
Reliable Multicast Transport Driver (RMCAST)CVE-2024-38140Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution VulnerabilityCritical
Windows Ancillary Function Driver for WinSockCVE-2024-38141Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityImportant
Windows Ancillary Function Driver for WinSockCVE-2024-38193Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityImportant
Windows App InstallerCVE-2024-38177Windows App Installer Spoofing VulnerabilityImportant
Windows Clipboard Virtual Channel ExtensionCVE-2024-38131Clipboard Virtual Channel Extension Remote Code Execution VulnerabilityImportant
Windows Cloud Files Mini Filter DriverCVE-2024-38215Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityImportant
Windows Common Log File System DriverCVE-2024-38196Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
Windows Compressed FolderCVE-2024-38165Windows Compressed Folder Tampering VulnerabilityImportant
Windows Deployment ServicesCVE-2024-38138Windows Deployment Services Remote Code Execution VulnerabilityImportant
Windows DWM Core LibraryCVE-2024-38150Windows DWM Core Library Elevation of Privilege VulnerabilityImportant
Windows DWM Core LibraryCVE-2024-38147Microsoft DWM Core Library Elevation of Privilege VulnerabilityImportant
Windows Initial Machine ConfigurationCVE-2024-38223Windows Initial Machine Configuration Elevation of Privilege VulnerabilityImportant
Windows IP Routing Management SnapinCVE-2024-38114Windows IP Routing Management Snapin Remote Code Execution VulnerabilityImportant
Windows IP Routing Management SnapinCVE-2024-38116Windows IP Routing Management Snapin Remote Code Execution VulnerabilityImportant
Windows IP Routing Management SnapinCVE-2024-38115Windows IP Routing Management Snapin Remote Code Execution VulnerabilityImportant
Windows KerberosCVE-2024-29995Windows Kerberos Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2024-38151Windows Kernel Information Disclosure VulnerabilityImportant
Windows KernelCVE-2024-38133Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2024-38127Windows Hyper-V Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2024-38153Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2024-38106Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows Kernel-Mode DriversCVE-2024-38187Windows Kernel-Mode Driver Elevation of Privilege VulnerabilityImportant
Windows Kernel-Mode DriversCVE-2024-38191Kernel Streaming Service Driver Elevation of Privilege VulnerabilityImportant
Windows Kernel-Mode DriversCVE-2024-38184Windows Kernel-Mode Driver Elevation of Privilege VulnerabilityImportant
Windows Kernel-Mode DriversCVE-2024-38186Windows Kernel-Mode Driver Elevation of Privilege VulnerabilityImportant
Windows Kernel-Mode DriversCVE-2024-38185Windows Kernel-Mode Driver Elevation of Privilege VulnerabilityImportant
Windows Layer-2 Bridge Network DriverCVE-2024-38146Windows Layer-2 Bridge Network Driver Denial of Service VulnerabilityImportant
Windows Layer-2 Bridge Network DriverCVE-2024-38145Windows Layer-2 Bridge Network Driver Denial of Service VulnerabilityImportant
Windows Mark of the Web (MOTW)CVE-2024-38213Windows Mark of the Web Security Feature Bypass VulnerabilityModerate
Windows Mobile BroadbandCVE-2024-38161Windows Mobile Broadband Driver Remote Code Execution VulnerabilityImportant
Windows Network Address Translation (NAT)CVE-2024-38132Windows Network Address Translation (NAT) Denial of Service VulnerabilityImportant
Windows Network Address Translation (NAT)CVE-2024-38126Windows Network Address Translation (NAT) Denial of Service VulnerabilityImportant
Windows Network VirtualizationCVE-2024-38160Windows Network Virtualization Remote Code Execution VulnerabilityCritical
Windows Network VirtualizationCVE-2024-38159Windows Network Virtualization Remote Code Execution VulnerabilityCritical
Windows NT OS KernelCVE-2024-38135Windows Resilient File System (ReFS) Elevation of Privilege VulnerabilityImportant
Windows NTFSCVE-2024-38117NTFS Elevation of Privilege VulnerabilityImportant
Windows Power Dependency CoordinatorCVE-2024-38107Windows Power Dependency Coordinator Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2024-38198Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Resource ManagerCVE-2024-38137Windows Resource Manager PSM Service Extension Elevation of Privilege VulnerabilityImportant
Windows Resource ManagerCVE-2024-38136Windows Resource Manager PSM Service Extension Elevation of Privilege VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2024-38130Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2024-38128Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2024-38154Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2024-38121Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2024-38214Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2024-38120Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows ScriptingCVE-2024-38178Scripting Engine Memory Corruption VulnerabilityImportant
Windows Secure BootCVE-2022-3775Redhat: CVE-2022-3775 grub2 – Heap based out-of-bounds write when rendering certain Unicode sequencesCritical
Windows Secure BootCVE-2023-40547Redhat: CVE-2023-40547 Shim – RCE in HTTP boot support may lead to secure boot bypassCritical
Windows Secure BootCVE-2022-2601Redhat: CVE-2022-2601 grub2 – Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypassImportant
Windows Secure Kernel ModeCVE-2024-21302Windows Secure Kernel Mode Elevation of Privilege VulnerabilityImportant
Windows Secure Kernel ModeCVE-2024-38142Windows Secure Kernel Mode Elevation of Privilege VulnerabilityImportant
Windows Security CenterCVE-2024-38155Security Center Broker Information Disclosure VulnerabilityImportant
Windows SmartScreenCVE-2024-38180Windows SmartScreen Security Feature Bypass VulnerabilityImportant
Windows TCP/IPCVE-2024-38063Windows TCP/IP Remote Code Execution VulnerabilityCritical
Windows Transport Security Layer (TLS)CVE-2024-38148Windows Secure Channel Denial of Service VulnerabilityImportant
Windows Update StackCVE-2024-38202Windows Update Stack Elevation of Privilege VulnerabilityImportant
Windows Update StackCVE-2024-38163Windows Update Stack Elevation of Privilege VulnerabilityImportant
Windows WLAN Auto Config ServiceCVE-2024-38143Windows WLAN AutoConfig Service Elevation of Privilege VulnerabilityImportant

Leave a Reply

Your email address will not be published. Required fields are marked *