Overview

On August 13, 2024, Microsoft released its monthly Patch Tuesday updates, addressing a total of 89 security vulnerabilities across various products, including Windows 10 and Windows 11. This release is particularly significant due to the inclusion of ten zero-day vulnerabilities, six of which have been actively exploited in the wild.

Breakdown of Vulnerabilities

The August 2024 updates encompass a wide range of security issues:

  • 36 Elevation of Privilege Vulnerabilities
  • 28 Remote Code Execution Vulnerabilities
  • 8 Information Disclosure Vulnerabilities
  • 7 Spoofing Vulnerabilities
  • 6 Denial of Service Vulnerabilities
  • 4 Security Feature Bypass Vulnerabilities

Notably, eight of these vulnerabilities are classified as critical, involving elevation of privileges, remote code execution, and information disclosure.

Zero-Day Vulnerabilities

Among the ten zero-day vulnerabilities addressed, six have been actively exploited:

  1. CVE-2024-38178 – Scripting Engine Memory Corruption Vulnerability: Requires an authenticated client to click a link in Microsoft Edge's Internet Explorer mode, leading to potential remote code execution. This flaw has been exploited in attacks disclosed by the South Korean National Cyber Security Center and AhnLab.
  2. CVE-2024-38193 – Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability: Allows attackers to gain SYSTEM privileges on Windows systems. Discovered by Luigino Camastra and Milánek with Gen Digital.
  3. CVE-2024-38213 – Windows Mark of the Web Security Feature Bypass Vulnerability: Enables attackers to create files that bypass Windows Mark of the Web security alerts, a feature designed to protect users from untrusted files.
  4. CVE-2024-38106 – Windows Kernel Elevation of Privilege Vulnerability: Involves a race condition within the Windows kernel, potentially allowing attackers to gain SYSTEM privileges.
  5. CVE-2024-38107 – Windows Power Dependency Coordinator Elevation of Privilege Vulnerability: Similar to CVE-2024-38106, this vulnerability could allow for elevated privileges, increasing the potential impact of any attack.
  6. CVE-2024-38189 – Microsoft Project Remote Code Execution Vulnerability: Exploiting this flaw could enable an attacker to execute remote code in the context of the application, posing significant risks to organizations using Microsoft Project.

Additionally, four other zero-day vulnerabilities were publicly disclosed but not yet actively exploited:

  • CVE-2024-38199 – Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability
  • CVE-2024-21302 – Windows Secure Kernel Mode Elevation of Privilege Vulnerability
  • CVE-2024-38200 – Microsoft Office Spoofing Vulnerability
  • CVE-2024-38202 – Windows Update Stack Elevation of Privilege Vulnerability

Implications and Impact

The active exploitation of these zero-day vulnerabilities underscores the critical importance of timely patching. Organizations and individual users are urged to apply these updates promptly to mitigate potential security risks. The vulnerabilities span various components of the Windows operating system and associated applications, highlighting the need for comprehensive security measures.

Technical Details

For a detailed list of all vulnerabilities addressed in this update, including their classifications and affected components, refer to Microsoft's official release notes.

Conclusion

Microsoft's August 2024 Patch Tuesday release is a pivotal update addressing numerous critical vulnerabilities, including actively exploited zero-days. Prompt application of these patches is essential to maintain system security and integrity.