August 2024 Patch Tuesday: Critical Security Updates for Windows 10 and 11

Overview

On August 13, 2024, Microsoft released its monthly Patch Tuesday updates, addressing a total of 89 vulnerabilities across various products. Notably, this update includes fixes for six actively exploited zero-day vulnerabilities, underscoring the critical importance of timely patch application.

Breakdown of Vulnerabilities

The August 2024 updates encompass:

• 36 Elevation of Privilege Vulnerabilities
• 28 Remote Code Execution Vulnerabilities
• 8 Information Disclosure Vulnerabilities
• 6 Denial of Service Vulnerabilities
• 7 Spoofing Vulnerabilities

Among these, eight are classified as critical, involving elevation of privileges, remote code execution, and information disclosure.

Actively Exploited Zero-Day Vulnerabilities

Six zero-day vulnerabilities have been identified as actively exploited:

1. CVE-2024-38178: Scripting Engine Memory Corruption Vulnerability – Requires an authenticated client to click a link in Microsoft Edge's Internet Explorer mode, leading to remote code execution.
2. CVE-2024-38193: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability – Allows attackers to gain SYSTEM privileges on Windows systems.
3. CVE-2024-38213: Windows Mark of the Web Security Feature Bypass Vulnerability – Enables attackers to create files that bypass Windows security alerts.
4. CVE-2024-38106: Windows Kernel Elevation of Privilege Vulnerability – Exploits a race condition to gain SYSTEM privileges.
5. CVE-2024-38107: Windows Power Dependency Coordinator Elevation of Privilege Vulnerability – Similar to CVE-2024-38106, allowing elevated privileges.
6. CVE-2024-38189: Microsoft Project Remote Code Execution Vulnerability – Permits remote code execution within Microsoft Project.

Critical Vulnerabilities Addressed

In addition to the zero-days, Microsoft addressed several critical vulnerabilities:

• CVE-2024-38063: Windows TCP/IP Remote Code Execution Vulnerability – Exploitable via specially crafted IPv6 packets, potentially allowing remote code execution.
• CVE-2024-38140: Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability – Exploitable by sending crafted packets to a PGM open socket.
• CVE-2024-38109: Azure Health Bot Elevation of Privilege Vulnerability – Allows elevation of privileges within Azure Health Bot.

Specific Updates for Windows 10 and 11

Windows 11

• KB5041585: Addresses security issues and includes fixes such as:
  • Enhanced Protected Process Light (PPL) protections.
  • Expanded Windows Kernel Vulnerable Driver Blocklist to mitigate BYOVD attacks.
  • Resolution of BitLocker recovery screen issue post-July 9, 2024 update.
  • Removal of the "Use my Windows user account" checkbox on the lock screen for Wi-Fi connections (CVE-2024-38143).
  • Removal of the INLINECODE0 registry key.
  • Application of Secure Boot Advanced Targeting (SBAT) to prevent execution of vulnerable Linux EFI bootloaders.

Windows 10

• KB5041580: Mirrors the updates provided for Windows 11, ensuring consistent security measures across both operating systems.

Implications and Recommendations

The presence of actively exploited zero-day vulnerabilities highlights the necessity for immediate patch application. Organizations and individual users are strongly advised to:

1. Apply Updates Promptly: Ensure all systems are updated with the latest patches to mitigate potential exploits.
2. Review Security Configurations: Assess and adjust security settings, especially concerning features like BitLocker and Secure Boot, to align with the latest recommendations.
3. Monitor for Anomalies: Stay vigilant for unusual system behavior that may indicate exploitation attempts.

Conclusion

Microsoft's August 2024 Patch Tuesday underscores the evolving nature of cybersecurity threats and the importance of proactive defense measures. By promptly applying these updates and adhering to best security practices, users can significantly reduce their risk exposure.