HomeWinBuzzer NewsPatch Tuesday August 2024: Microsoft Fixes Exploited Zero-Days

Patch Tuesday August 2024: Microsoft Fixes Exploited Zero-Days

Microsoft has released August Patch Tuesday with 89 security fixes, including a record nine zero-days, six of which were actively exploited.

-

In its August 2024 Patch Tuesday release, has remedied 89 security vulnerabilities. Among these, a record nine are , with six already being actively used by attackers and three disclosed publicly. A fix for a tenth zero-day is still in development.

Breakdown of Vulnerabilities

The update addresses numerous security issues, including eight classified as critical. These span a range of problems such as privilege escalation, remote code execution, information leakage, and denial of service.

Specifically, the fixes encompass 36 elevation of privilege flaws, four security feature bypasses, 28 remote code execution issues, eight information disclosure bugs, six denial of service flaws, and seven spoofing problems. Notably, vulnerabilities in mentioned earlier in the month are not included in these figures.

Actively Exploited Zero-Day Vulnerabilities

Several of the actively exploited zero-days include:

  • CVE-2024-38178: This involves memory corruption within the scripting engine, which requires an authenticated user to click a link in Microsoft Edge using Internet Explorer mode. It's categorized under CWE-843.
  • CVE-2024-38193: Found in the Windows Ancillary Function Driver for WinSock, this flaw permits attackers to gain SYSTEM privileges.
  • CVE-2024-38213: A bypass in Windows Mark of the Web that lets attackers create files circumventing security prompts.
  • CVE-2024-38106: Involves a race condition in Windows Kernel, leading to elevation of privilege. It's identified as CWE-591.
  • CVE-2024-38107: A use-after-free vulnerability in the Windows Power Dependency Coordinator, categorized under CWE-416.
  • CVE-2024-38189: This remote code execution problem in Microsoft Project requires users to open a malicious file with certain security features disabled, stemming from improper input validation classified as CWE-20.

Publicly Disclosed Vulnerabilities

  • CVE-2024-38199: A remote code execution issue within the Windows Line Printer Daemon (LPD) service, tagged as CWE-416.
  • CVE-2024-21302: An elevation of privilege flaw in Windows Secure Kernel Mode, discussed at Black Hat 2024, which lets attackers replace system files with vulnerable versions.
  • CVE-2024-38200: A spoofing vulnerability in Microsoft Office, exposing NTLM hashes, revealed at Defcon.
  • CVE-2024-38202: Another elevation of privilege bug in the Stack, enabling basic users to “undo” patches or bypass VBS features.

During Black Hat 2024, two new zero-days were discovered, detailing rollback attacks on Windows 10, Windows 11, and Windows Server. These flaws allow an updated system to downgrade to an older, less secure version, evading Endpoint Detection and Response (EDR) protections and leaving minimal traces. Although a patch is not yet available, Microsoft has offered mitigation steps.

Security vulnerabilities in Windows Smart App Control and SmartScreen have been exploited for over six years, allowing hackers to bypass security alerts. A new issue with LNK files, dubbed “LNK stomping,” lets attackers circumvent Smart App Control. Additional vulnerabilities discovered by Elastic Security Labs further weaken the defenses provided by Smart App Control and SmartScreen.

Luke Jones
Luke Jones
Luke has been writing about Microsoft and the wider tech industry for over 10 years. With a degree in creative and professional writing, Luke looks for the interesting spin when covering AI, Windows, Xbox, and more.
Mastodon