Microsoft’s latest Patch Tuesday release on August 2024 has sent ripples through the cybersecurity community, delivering crucial fixes for a staggering 90 security vulnerabilities across its software ecosystem. Among these, 10 zero-day exploits stand out, with six already being actively exploited in the wild. This update underscores the relentless challenges posed by cyber threats and the continuous need for vigilant patch management.
Breakdown of the Vulnerabilities
Out of the 90 vulnerabilities addressed, seven are classified as Critical, 79 as Important, and one as Moderate in severity. The patch also includes resolutions for 36 vulnerabilities previously identified in Microsoft’s Edge browser.
The most alarming aspect of this update is the six actively exploited zero-day vulnerabilities:
- CVE-2024-38189 (CVSS score: 8.8) – A remote code execution vulnerability in Microsoft Project that could allow attackers to execute arbitrary code.
- CVE-2024-38178 (CVSS score: 7.5) – A memory corruption vulnerability in the Windows Scripting Engine, potentially leading to code execution.
- CVE-2024-38193 (CVSS score: 7.8) – An elevation of privilege vulnerability in the Windows Ancillary Function Driver for WinSock.
- CVE-2024-38106 (CVSS score: 7.0) – A Windows Kernel elevation of privilege vulnerability that could allow attackers to gain elevated access.
- CVE-2024-38107 (CVSS score: 7.8) – An elevation of privilege vulnerability in the Windows Power Dependency Coordinator.
- CVE-2024-38213 (CVSS score: 6.5) – A bypass of the Windows Mark of the Web security feature, allowing attackers to evade SmartScreen protections.
Focus on CVE-2024-38213: A Growing Threat
CVE-2024-38213 stands out as a particularly concerning vulnerability. By exploiting this flaw, attackers can bypass SmartScreen protections, a security feature designed to prevent malicious files from executing. To exploit this vulnerability, attackers must convince users to open a malicious file. The discovery, credited to Peter Girnus of Trend Micro, suggests it may be related to previous vulnerabilities (CVE-2024-21412 and CVE-2023-36025) that were exploited by operators of the DarkGate malware.
Given the severity of CVE-2024-38213, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added it, along with the other five zero-day vulnerabilities, to its Known Exploited Vulnerabilities (KEV) catalog. This move mandates that federal agencies apply the necessary fixes by September 3, 2024, reflecting the urgent need to address these threats.
Other Publicly Known Vulnerabilities
In addition to the actively exploited zero-days, four other vulnerabilities have been publicly disclosed:
- CVE-2024-38200 (CVSS score: 7.5) – A Microsoft Office spoofing vulnerability that could lead to the exposure of New Technology Lan Manager (NTLM) hashes. This exposure could facilitate NTLM relay or pass-the-hash attacks, further compromising an organization’s security.
- CVE-2024-38199 (CVSS score: 9.8) – A remote code execution vulnerability in the Windows Line Printer Daemon (LPD) service, posing a significant risk of remote attacks.
- CVE-2024-21302 (CVSS score: 6.7) – An elevation of privilege vulnerability in Windows Secure Kernel Mode.
- CVE-2024-38202 (CVSS score: 7.3) – A Windows Update Stack elevation of privilege vulnerability that could be used to stage downgrade attacks against Windows update architecture.
Security experts, including Scott Caveza of Tenable, have emphasized the risks associated with these vulnerabilities, particularly CVE-2024-38200. Attackers could potentially lure victims into accessing a specially crafted file, leading to the exposure of NTLM hashes. These hashes are critical in NTLM relay or pass-the-hash attacks, which could allow attackers to further entrench themselves within an organization’s network.
Print Spooler Vulnerability: An Escalation Concern
Another significant flaw addressed in this patch is the privilege escalation vulnerability in the Print Spooler component (CVE-2024-38198, CVSS score: 7.8). If exploited, this vulnerability could allow an attacker to gain SYSTEM privileges, which would give them complete control over the affected system. The exploitation of this vulnerability requires the attacker to win a race condition, making it a complex but potentially devastating attack vector.
Missing Patches: Future Risks Loom
Despite the comprehensive nature of this Patch Tuesday release, Microsoft has yet to release updates for two vulnerabilities: CVE-2024-38202 and CVE-2024-21302. These vulnerabilities could be exploited to stage downgrade attacks against the Windows update architecture, potentially allowing attackers to replace current versions of system files with older, vulnerable versions.
Broader Industry Impact
Microsoft’s patch release coincides with updates from several other major vendors, including Adobe, AMD, Apple, Cisco, Google, and many more. These vendors have also released security updates over the past few weeks to address critical vulnerabilities in their products. The timing highlights the broader industry-wide effort to stay ahead of increasingly sophisticated cyber threats.
Conclusion: The Ongoing Battle Against Cyber Threats
Microsoft’s August 2024 Patch Tuesday is a stark reminder of the persistent and evolving nature of cyber threats. The inclusion of 10 zero-day vulnerabilities, with six actively exploited, underscores the critical importance of timely patch management. Organizations must remain vigilant, applying these updates promptly to safeguard against potential exploits. As the cybersecurity landscape continues to shift, the collaborative efforts of software vendors and security researchers remain essential in mitigating risks and protecting users worldwide.
Follow us on 
(Twitter) for real time updates and exclusive content.
Interesting Article : GhostWrite Vulnerability: A Critical Threat to T-Head RISC-V CPUs
Hi there to all, for the reason that I am genuinely keen of reading this website’s post to be updated on a regular basis. It carries pleasant stuff.