Today is Microsoft's August 2024 Patch Tuesday, which includes security updates for 89 flaws, including six actively exploited and three publicly disclosed zero-days. Microsoft is still working on an update for a tenth publicly disclosed zero-day.
This Patch Tuesday fixed eight critical vulnerabilities, which were a mixture of elevation of privileges, remote code execution, and information disclosure.
The number of bugs in each vulnerability category is listed below:
- 36 Elevation of Privilege Vulnerabilities
- 4 Security Feature Bypass Vulnerabilities
- 28 Remote Code Execution Vulnerabilities
- 8 Information Disclosure Vulnerabilities
- 6 Denial of Service Vulnerabilities
- 7 Spoofing Vulnerabilities
The number of bugs listed above do not include Microsoft Edge flaws that were disclosed earlier this month.
To learn more about the non-security updates released today, you can review our dedicated articles on the new Windows 11 KB5041585 update and Windows 10 KB5041580 update.
Ten zero-days disclosed
This month's Patch Tuesday fixes six actively exploited and three other publicly disclosed zero-day vulnerabilities. Another publicly disclosed zero-day remains unfixed at this time, but Microsoft is working on an update.
Microsoft classifies a zero-day flaw as one that is publicly disclosed or actively exploited while no official fix is available.
The six actively exploited zero-day vulnerabilities in today's updates are:
CVE-2024-38178 - Scripting Engine Memory Corruption Vulnerability
Microsoft says that the attack requires an authenticated client to click a link in order for an unauthenticated attacker to initiate remote code execution.
The link must be clicked in Microsoft Edge in Internet Explorer mode, making it a tricky flaw to exploit.
However, even with these pre-requisites, the South Korean National Cyber Security Center(NCSC) and AhnLab disclosed the flaw as being exploited in attacks.
CVE-2024-38193 - Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
This vulnerability allows attacks to gain SYSTEM privileges on Windows systems.
The flaw was discovered by Luigino Camastra and Milánek with Gen Digital but Microsoft did not share any details on how it was disclosed.
CVE-2024-38213 - Windows Mark of the Web Security Feature Bypass Vulnerability
This vulnerability allows attackers to create files that bypass Windows Mark of the Web security alerts.
This security feature has been subject to numerous bypasses over the year as it is an attractive target for threat actors who conduct phishing campaigns.
Microsoft says the flaw was discovered by Peter Girnus of Trend Micro's Zero Day Initiative but did not share how it is exploited in attacks.
CVE-2024-38106 - Windows Kernel Elevation of Privilege Vulnerability
Microsoft fixed a Windows Kernel elevation of privileges flaw that gives SYSTEM privileges.
"Successful exploitation of this vulnerability requires an attacker to win a race condition," explains Microsoft's advisory.
"An attacker who successfully exploited this vulnerability could gain SYSTEM privileges," continued Microsoft.
Microsoft has not shared who disclosed the flaw and how it was exploited.
CVE-2024-38107 - Windows Power Dependency Coordinator Elevation of Privilege Vulnerability
Microsoft fixed a flaw that gives attackers SYSTEM privileges on the Windows device.
Microsoft has not shared who disclosed the flaw and how it was exploited.
CVE-2024-38189 - Microsoft Project Remote Code Execution Vulnerability
Microsoft fixed a Microsoft Project remote code execution vulnerability that requires security features to be disabled for exploitation.
"Exploitation requires the victim to open a malicious Microsoft Office Project file on a system where the Block macros from running in Office files from the Internet policy is disabled and VBA Macro Notification Settings are not enabled allowing the attacker to perform remote code execution," explain the advisory.
Microsoft says that the attackers would need to trick a user into opening the malicious file, such as through phishing attacks or by luring users to websites hosting the file.
Microsoft has not disclosed who discovered the vulnerability or how it was exploited in attacks.
The four publicly disclosed vulnerabilities are:
CVE-2024-38199 - Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability
Microsoft has fixed a remote code execution vulnerability in the Windows Line Printer Daemon.
"An unauthenticated attacker could send a specially crafted print task to a shared vulnerable Windows Line Printer Daemon (LPD) service across a network. Successful exploitation could result in remote code execution on the server," explains Microsoft's advisory.
This vulnerability is listed as publicly disclosed but the person who disclosed it wished to remain Anonymous.
CVE-2024-21302 - Windows Secure Kernel Mode Elevation of Privilege Vulnerability
This flaw was disclosed by SafeBreach security researcher Alon Leviev as part of a Windows Downdate downgrade attack talk at Black Hat 2024.
The Windows Downdate attack unpatches fully updated Windows 10, Windows 11, and Windows Server systems to reintroduce old vulnerabilities using specially crafted updates.
This flaw allowed the attackers to gain elevated privileges to install the malicious updates.
CVE-2024-38200 - Microsoft Office Spoofing Vulnerability
Microsoft fixed a Microsoft Office vulnerability that exposes NTLM hashes as disclosed in the "NTLM - The last ride" Defcon talk.
Attackers could exploit the flaw by tricking someone into opening a malicious file, which would then force Office to make an outbound connect to a remote share where attackers could steal sent NTLM hashes.
The flaw was discovered by Jim Rush with PrivSec and was already fixed via Microsoft Office Feature Flighting on 7/30/2024.
CVE-2024-38202 - Windows Update Stack Elevation of Privilege Vulnerability
This flaw was also part of the Windows Downdate downgrade attack talk at Black Hat 2024.
Microsoft is developing a security update to mitigate this threat, but it is not yet available.
Recent updates from other companies
Other vendors who released updates or advisories in August 2024 include:
- 0.0.0.0 Day flaw allows malicious websites to bypass browser security features and access services on a local network.
- Android August security updates fixes actively exploited RCE.
- CISA warned of Cisco Smart Install (SMI) feature being abused in attacks.
- Cisco warns of critical RCE flaws in end-of-life Small Business SPA 300 and SPA 500 series IP phones.
- New GhostWrite vulnerability lets unprivileged attackers read and write to the computer’s memory on T-Head XuanTie C910 and C920 RISC-V CPUs and control peripheral devices.
- Ivanti releases security updates for critical vTM auth bypass with public exploit.
- Microsoft warned about a new Office flaw tracked as CVE-2024-38200 that leaks NTLM hashes.
- New SinkClose flaw lets attackers gain Ring -2 privileges on AMD CPUs.
- New Linux SLUBStick flaw converts a limited heap vulnerability into an arbitrary memory read-and-write capability.
- New Windows DownDate flaw lets attackers downgrade the operating system to reintroduce vulnerabilities.
The August 2024 Patch Tuesday Security Updates
Below is the complete list of resolved vulnerabilities in the August 2024 Patch Tuesday updates.
To access the full description of each vulnerability and the systems it affects, you can view the full report here.
Tag | CVE ID | CVE Title | Severity |
---|---|---|---|
.NET and Visual Studio | CVE-2024-38168 | .NET and Visual Studio Denial of Service Vulnerability | Important |
.NET and Visual Studio | CVE-2024-38167 | .NET and Visual Studio Information Disclosure Vulnerability | Important |
Azure Connected Machine Agent | CVE-2024-38162 | Azure Connected Machine Agent Elevation of Privilege Vulnerability | Important |
Azure Connected Machine Agent | CVE-2024-38098 | Azure Connected Machine Agent Elevation of Privilege Vulnerability | Important |
Azure CycleCloud | CVE-2024-38195 | Azure CycleCloud Remote Code Execution Vulnerability | Important |
Azure Health Bot | CVE-2024-38109 | Azure Health Bot Elevation of Privilege Vulnerability | Critical |
Azure IoT SDK | CVE-2024-38158 | Azure IoT SDK Remote Code Execution Vulnerability | Important |
Azure IoT SDK | CVE-2024-38157 | Azure IoT SDK Remote Code Execution Vulnerability | Important |
Azure Stack | CVE-2024-38108 | Azure Stack Hub Spoofing Vulnerability | Important |
Azure Stack | CVE-2024-38201 | Azure Stack Hub Elevation of Privilege Vulnerability | Important |
Line Printer Daemon Service (LPD) | CVE-2024-38199 | Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability | Important |
Microsoft Bluetooth Driver | CVE-2024-38123 | Windows Bluetooth Driver Information Disclosure Vulnerability | Important |
Microsoft Copilot Studio | CVE-2024-38206 | Microsoft Copilot Studio Information Disclosure Vulnerability | Critical |
Microsoft Dynamics | CVE-2024-38166 | Microsoft Dynamics 365 Cross-site Scripting Vulnerability | Critical |
Microsoft Dynamics | CVE-2024-38211 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important |
Microsoft Edge (Chromium-based) | CVE-2024-7256 | Chromium: CVE-2024-7256 Insufficient data validation in Dawn | Unknown |
Microsoft Edge (Chromium-based) | CVE-2024-7536 | Chromium: CVE-2024-7550 Type Confusion in V8 | Unknown |
Microsoft Edge (Chromium-based) | CVE-2024-6990 | Chromium: CVE-2024-6990 Uninitialized Use in Dawn | Unknown |
Microsoft Edge (Chromium-based) | CVE-2024-7255 | Chromium: CVE-2024-7255 Out of bounds read in WebTransport | Unknown |
Microsoft Edge (Chromium-based) | CVE-2024-7534 | Chromium: CVE-2024-7535 Inappropriate implementation in V8 | Unknown |
Microsoft Edge (Chromium-based) | CVE-2024-7532 | Chromium: CVE-2024-7533 Use after free in Sharing | Unknown |
Microsoft Edge (Chromium-based) | CVE-2024-7550 | Chromium: CVE-2024-7532 Out of bounds memory access in ANGLE | Unknown |
Microsoft Edge (Chromium-based) | CVE-2024-7535 | Chromium: CVE-2024-7536 Use after free in WebAudio | Unknown |
Microsoft Edge (Chromium-based) | CVE-2024-7533 | Chromium: CVE-2024-7534 Heap buffer overflow in Layout | Unknown |
Microsoft Edge (Chromium-based) | CVE-2024-38218 | Microsoft Edge (HTML-based) Memory Corruption Vulnerability | Important |
Microsoft Edge (Chromium-based) | CVE-2024-38219 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | Moderate |
Microsoft Edge (Chromium-based) | CVE-2024-38222 | Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | Unknown |
Microsoft Local Security Authority Server (lsasrv) | CVE-2024-38118 | Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability | Important |
Microsoft Local Security Authority Server (lsasrv) | CVE-2024-38122 | Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability | Important |
Microsoft Office | CVE-2024-38200 | Microsoft Office Spoofing Vulnerability | Important |
Microsoft Office | CVE-2024-38084 | Microsoft OfficePlus Elevation of Privilege Vulnerability | Important |
Microsoft Office Excel | CVE-2024-38172 | Microsoft Excel Remote Code Execution Vulnerability | Important |
Microsoft Office Excel | CVE-2024-38170 | Microsoft Excel Remote Code Execution Vulnerability | Important |
Microsoft Office Outlook | CVE-2024-38173 | Microsoft Outlook Remote Code Execution Vulnerability | Important |
Microsoft Office PowerPoint | CVE-2024-38171 | Microsoft PowerPoint Remote Code Execution Vulnerability | Important |
Microsoft Office Project | CVE-2024-38189 | Microsoft Project Remote Code Execution Vulnerability | Important |
Microsoft Office Visio | CVE-2024-38169 | Microsoft Office Visio Remote Code Execution Vulnerability | Important |
Microsoft Streaming Service | CVE-2024-38134 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | Important |
Microsoft Streaming Service | CVE-2024-38144 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | Important |
Microsoft Streaming Service | CVE-2024-38125 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | Important |
Microsoft Teams | CVE-2024-38197 | Microsoft Teams for iOS Spoofing Vulnerability | Important |
Microsoft WDAC OLE DB provider for SQL | CVE-2024-38152 | Windows OLE Remote Code Execution Vulnerability | Important |
Microsoft Windows DNS | CVE-2024-37968 | Windows DNS Spoofing Vulnerability | Important |
Reliable Multicast Transport Driver (RMCAST) | CVE-2024-38140 | Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability | Critical |
Windows Ancillary Function Driver for WinSock | CVE-2024-38141 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important |
Windows Ancillary Function Driver for WinSock | CVE-2024-38193 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important |
Windows App Installer | CVE-2024-38177 | Windows App Installer Spoofing Vulnerability | Important |
Windows Clipboard Virtual Channel Extension | CVE-2024-38131 | Clipboard Virtual Channel Extension Remote Code Execution Vulnerability | Important |
Windows Cloud Files Mini Filter Driver | CVE-2024-38215 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | Important |
Windows Common Log File System Driver | CVE-2024-38196 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important |
Windows Compressed Folder | CVE-2024-38165 | Windows Compressed Folder Tampering Vulnerability | Important |
Windows Deployment Services | CVE-2024-38138 | Windows Deployment Services Remote Code Execution Vulnerability | Important |
Windows DWM Core Library | CVE-2024-38150 | Windows DWM Core Library Elevation of Privilege Vulnerability | Important |
Windows DWM Core Library | CVE-2024-38147 | Microsoft DWM Core Library Elevation of Privilege Vulnerability | Important |
Windows Initial Machine Configuration | CVE-2024-38223 | Windows Initial Machine Configuration Elevation of Privilege Vulnerability | Important |
Windows IP Routing Management Snapin | CVE-2024-38114 | Windows IP Routing Management Snapin Remote Code Execution Vulnerability | Important |
Windows IP Routing Management Snapin | CVE-2024-38116 | Windows IP Routing Management Snapin Remote Code Execution Vulnerability | Important |
Windows IP Routing Management Snapin | CVE-2024-38115 | Windows IP Routing Management Snapin Remote Code Execution Vulnerability | Important |
Windows Kerberos | CVE-2024-29995 | Windows Kerberos Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2024-38151 | Windows Kernel Information Disclosure Vulnerability | Important |
Windows Kernel | CVE-2024-38133 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2024-38127 | Windows Hyper-V Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2024-38153 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2024-38106 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Windows Kernel-Mode Drivers | CVE-2024-38187 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | Important |
Windows Kernel-Mode Drivers | CVE-2024-38191 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability | Important |
Windows Kernel-Mode Drivers | CVE-2024-38184 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | Important |
Windows Kernel-Mode Drivers | CVE-2024-38186 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | Important |
Windows Kernel-Mode Drivers | CVE-2024-38185 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | Important |
Windows Layer-2 Bridge Network Driver | CVE-2024-38146 | Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability | Important |
Windows Layer-2 Bridge Network Driver | CVE-2024-38145 | Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability | Important |
Windows Mark of the Web (MOTW) | CVE-2024-38213 | Windows Mark of the Web Security Feature Bypass Vulnerability | Moderate |
Windows Mobile Broadband | CVE-2024-38161 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important |
Windows Network Address Translation (NAT) | CVE-2024-38132 | Windows Network Address Translation (NAT) Denial of Service Vulnerability | Important |
Windows Network Address Translation (NAT) | CVE-2024-38126 | Windows Network Address Translation (NAT) Denial of Service Vulnerability | Important |
Windows Network Virtualization | CVE-2024-38160 | Windows Network Virtualization Remote Code Execution Vulnerability | Critical |
Windows Network Virtualization | CVE-2024-38159 | Windows Network Virtualization Remote Code Execution Vulnerability | Critical |
Windows NT OS Kernel | CVE-2024-38135 | Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability | Important |
Windows NTFS | CVE-2024-38117 | NTFS Elevation of Privilege Vulnerability | Important |
Windows Power Dependency Coordinator | CVE-2024-38107 | Windows Power Dependency Coordinator Elevation of Privilege Vulnerability | Important |
Windows Print Spooler Components | CVE-2024-38198 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
Windows Resource Manager | CVE-2024-38137 | Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability | Important |
Windows Resource Manager | CVE-2024-38136 | Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability | Important |
Windows Routing and Remote Access Service (RRAS) | CVE-2024-38130 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
Windows Routing and Remote Access Service (RRAS) | CVE-2024-38128 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
Windows Routing and Remote Access Service (RRAS) | CVE-2024-38154 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
Windows Routing and Remote Access Service (RRAS) | CVE-2024-38121 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
Windows Routing and Remote Access Service (RRAS) | CVE-2024-38214 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | Important |
Windows Routing and Remote Access Service (RRAS) | CVE-2024-38120 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
Windows Scripting | CVE-2024-38178 | Scripting Engine Memory Corruption Vulnerability | Important |
Windows Secure Boot | CVE-2022-3775 | Redhat: CVE-2022-3775 grub2 - Heap based out-of-bounds write when rendering certain Unicode sequences | Critical |
Windows Secure Boot | CVE-2023-40547 | Redhat: CVE-2023-40547 Shim - RCE in HTTP boot support may lead to secure boot bypass | Critical |
Windows Secure Boot | CVE-2022-2601 | Redhat: CVE-2022-2601 grub2 - Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass | Important |
Windows Secure Kernel Mode | CVE-2024-21302 | Windows Secure Kernel Mode Elevation of Privilege Vulnerability | Important |
Windows Secure Kernel Mode | CVE-2024-38142 | Windows Secure Kernel Mode Elevation of Privilege Vulnerability | Important |
Windows Security Center | CVE-2024-38155 | Security Center Broker Information Disclosure Vulnerability | Important |
Windows SmartScreen | CVE-2024-38180 | Windows SmartScreen Security Feature Bypass Vulnerability | Important |
Windows TCP/IP | CVE-2024-38063 | Windows TCP/IP Remote Code Execution Vulnerability | Critical |
Windows Transport Security Layer (TLS) | CVE-2024-38148 | Windows Secure Channel Denial of Service Vulnerability | Important |
Windows Update Stack | CVE-2024-38202 | Windows Update Stack Elevation of Privilege Vulnerability | Important |
Windows Update Stack | CVE-2024-38163 | Windows Update Stack Elevation of Privilege Vulnerability | Important |
Windows WLAN Auto Config Service | CVE-2024-38143 | Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability | Important |
Comments
Hmm888 - 3 months ago
No thank you. These updates are pushing home PC users towards Apple. It's like opening a Pandora's box—resolving one issue often leads to several new problems.
Only corporations and government are effectively jailed to Windows.
MisterVVV - 3 months ago
Hmm888, What is your solution to cover all this Vulnerabilities?
best regards,
gorblimey - 3 months ago
Please forgive my ignorance. CVE-2024-38063. Microsoft says that ALL OSs are vulnerable, and I do believe them. However. I'm running Windows 7 SP1 x64 (I know, I know, I just like it 'cos it simply just works) through a nice ASUS AC1900. I have never actually entered anything into W7 for internet navigation, it all goes through the router.
SO the big question is, "Is my box at risk, or would the router shield it?"
Gisabun - 2 months ago
Well, considering you have no anti-virus [as none support Windows 7] or any other type of security software [Windows 7 not supported], you are effectively relying on whatever router you have. And if your router isn't recent enough, it also be insecure. Router manufacturers tend to support routers for a very short time. My ASUS router is still getting updates after close to 3 years but my previous TP-Link barely went over a year before support died and it was a recent edition when released.
gorblimey - 2 months ago
Thank you for your kind words. Asus is still giving me upgrades (which reminds me...), and it is a NAT router and allows MAC filtering on the WiFi so there's at least something there. Windows Firewall is set to Outbound Default Deny and Inbound Default Allow with WFC, so most phishing or hijacking cannot phone home for the payload. My email client -- I use Gammadyne Clyton -- automatically strips a very long list of unwanted attachments, and has a profound dislike of spam.
I used to have Voodooshield/Cyberlock, but that became just a long chore of sorting problems, probably because it needed a current version of Windows. The original was brilliant in it's simplicity, but, well, developers...
Upshot? I'll not worry too much. I was thinking of disabling IPv6, but the firewall has a tonne of IPv6 entries which I'd rather not touch, although I could simply disable those without erasing them.
noelprg4 - 3 months ago
recently from Neowin - Microsoft kills unfixable KB5034440/KB5034441 updates, replaces with KB5042321/KB5042320:
https://www.neowin.net/news/microsoft-kills-unfixable-kb5034440kb5034441-updates-replaces-with-kb5042321kb5042320/
noughts-ones - 2 months ago
Thanks for the 'HEADS-UP' !
mlinverary - 2 months ago
Thanks for this