Microsoft August 2024 Patch Tuesday fixes 9 zero-days, 6 exploited

Nowadays is Microsoft’s August 2024 Patch Tuesday, which incorporates safety updates for 89 flaws, together with six actively exploited and 3 publicly disclosed zero-days. Microsoft continues to be running on an replace for a 10th publicly disclosed zero-day.

This Patch Tuesday mounted 8 important vulnerabilities, that have been a mix of elevation of privileges, far off code execution, and knowledge disclosure.

The selection of insects in every vulnerability class is indexed beneath:

• 36 Elevation of Privilege Vulnerabilities
• 4 Safety Characteristic Bypass Vulnerabilities
• 28 Far flung Code Execution Vulnerabilities
• 8 Knowledge Disclosure Vulnerabilities
• 6 Denial of Provider Vulnerabilities
• 7 Spoofing Vulnerabilities

The selection of insects indexed above don’t come with Microsoft Edge flaws that have been disclosed previous this month.

To be told extra in regards to the non-security updates launched as of late, you’ll be able to assessment our devoted articles at the new Home windows 11 KB5041585 replace  and Home windows 10 KB5041580 replace.

Generally tend zero-days disclosed

This month’s Patch Tuesday fixes six actively exploited and 3 different publicly disclosed zero-day vulnerabilities. Every other publicly disclosed zero-day stays unfixed right now, however Microsoft is operating on an replace.

Microsoft classifies a zero-day flaw as one this is publicly disclosed or actively exploited whilst no reliable repair is to be had.

The six actively exploited zero-day vulnerabilities in as of late’s updates are:

CVE-2024-38178 – Scripting Engine Reminiscence Corruption Vulnerability

Microsoft says that the assault calls for an authenticated consumer to click on a hyperlink to ensure that an unauthenticated attacker to begin far off code execution.

The hyperlink will have to be clicked in Microsoft Edge in Web Explorer mode, making it a tough flaw to take advantage of.

Alternatively, even with those pre-requisites, the South Korean Nationwide Cyber Safety Middle(NCSC) and AhnLab disclosed the flaw as being exploited in assaults.

CVE-2024-38193 – Home windows Ancillary Serve as Driving force for WinSock Elevation of Privilege Vulnerability

This vulnerability lets in assaults to realize SYSTEM privileges on Home windows methods.

The flaw used to be came upon via Luigino Camastra and Milánek with Gen Virtual however Microsoft didn’t proportion any main points on the way it used to be disclosed.

CVE-2024-38213 – Home windows Mark of the Internet Safety Characteristic Bypass Vulnerability

This vulnerability lets in attackers to create information that bypass Home windows Mark of the Internet safety indicators.

This safety characteristic has been matter to a lot of bypasses over the 12 months as it’s a beautiful goal for danger actors who habits phishing campaigns.

Microsoft says the flaw used to be came upon via Peter Girnus of Pattern Micro’s 0 Day Initiative however didn’t proportion how it’s exploited in assaults.

CVE-2024-38106 – Home windows Kernel Elevation of Privilege Vulnerability

Microsoft mounted a Home windows Kernel elevation of privileges flaw that provides SYSTEM privileges.

“A hit exploitation of this vulnerability calls for an attacker to win a race situation,” explains Microsoft’s advisory.

“An attacker who effectively exploited this vulnerability may just achieve SYSTEM privileges,” persisted Microsoft.

Microsoft has now not shared who disclosed the flaw and the way it used to be exploited.

CVE-2024-38107 – Home windows Energy Dependency Coordinator Elevation of Privilege Vulnerability

Microsoft mounted a flaw that provides attackers SYSTEM privileges at the Home windows instrument.

Microsoft has now not shared who disclosed the flaw and the way it used to be exploited.

CVE-2024-38189 – Microsoft Undertaking Far flung Code Execution Vulnerability

Microsoft mounted a Microsoft Undertaking far off code execution vulnerability that calls for safety features to be disabled for exploitation.

“Exploitation calls for the sufferer to open a malicious Microsoft Place of business Undertaking document on a gadget the place the Block macros from operating in Place of business information from the Web coverage is disabled and VBA Macro Notification Settings aren’t enabled permitting the attacker to accomplish far off code execution,” provide an explanation for the advisory.

Microsoft says that the attackers would want to trick a person into opening the malicious document, similar to thru phishing assaults or via luring customers to internet sites internet hosting the document.

Microsoft has now not disclosed who came upon the vulnerability or the way it used to be exploited in assaults.

The 4 publicly disclosed vulnerabilities are:

CVE-2024-38199 – Home windows Line Printer Daemon (LPD) Provider Far flung Code Execution Vulnerability

Microsoft has mounted a far off code execution vulnerability within the Home windows Line Printer Daemon.

“An unauthenticated attacker may just ship a specifically crafted print process to a shared susceptible Home windows Line Printer Daemon (LPD) provider throughout a community. A hit exploitation may just lead to far off code execution at the server,” explains Microsoft’s advisory.

This vulnerability is indexed as publicly disclosed however the one who disclosed it needed to stay Nameless.

CVE-2024-21302 – Home windows Safe Kernel Mode Elevation of Privilege Vulnerability

This flaw used to be disclosed via SafeBreach safety researcher Alon Leviev as a part of a Home windows Downdate downgrade assault communicate at Black Hat 2024.

The Home windows Downdate assault unpatches absolutely up to date Home windows 10, Home windows 11, and Home windows Server methods to reintroduce previous vulnerabilities the usage of specifically crafted updates.

This flaw allowed the attackers to realize increased privileges to put in the malicious updates.

CVE-2024-38200 – Microsoft Place of business Spoofing Vulnerability

Microsoft mounted a Microsoft Place of business vulnerability that exposes NTLM hashes as disclosed within the “NTLM – The remaining experience” Defcon communicate.

Attackers may just exploit the flaw via tricking somebody into opening a malicious document, which might then pressure Place of business to make an outbound connect with a far off proportion the place attackers may just thieve despatched NTLM hashes.

The flaw used to be came upon via Jim Rush with PrivSec and used to be already mounted by means of Microsoft Place of business Characteristic Flighting on 7/30/2024.

CVE-2024-38202 – Home windows Replace Stack Elevation of Privilege Vulnerability

This flaw used to be additionally a part of the Home windows Downdate downgrade assault communicate at Black Hat 2024.

Microsoft is growing a safety replace to mitigate this danger, however it’s not but to be had.

Fresh updates from different firms

Different distributors who launched updates or advisories in August 2024 come with:

• 0.0.0.0 Day flaw lets in malicious internet sites to circumvent browser safety features and get right of entry to products and services on a neighborhood community.
• Android August safety updates fixes actively exploited RCE.
• CISA warned of Cisco Good Set up (SMI) characteristic being abused in assaults.
• Cisco warns of important RCE flaws in end-of-life Small Trade SPA 300 and SPA 500 sequence IP telephones.
• New GhostWrite flaw  GhostWrite vulnerability we could unprivileged attackers learn and write to the pc’s reminiscence on T-Head XuanTie C910 and C920 RISC-V CPUs and keep an eye on peripheral gadgets.
• Ivanti releases safety replace for important vTM auth bypass with public exploit.
• Microsoft warned about new Place of business flaw tracked as CVE-2024-38200 that leaks NTLM hashes.
• New SinkClose flaw we could attackers achieve Ring -2 privileges on AMD CPUs.
• New Linux SLUBStick flaw converts a restricted heap vulnerability into an arbitrary reminiscence read-and-write capacity.
• New Home windows DownDate flaw we could attackers downgrade the running gadget to reintroduce vulnerabilities.

The August 2024 Patch Tuesday Safety Updates

Beneath is your complete listing of resolved vulnerabilities within the August 2024 Patch Tuesday updates.

To get right of entry to the total description of every vulnerability and the methods it impacts, you’ll be able to view the complete document right here.