National Cyber Warfare Foundation (NCWF) Forums


Microsoft Patch Tuesday security updates for August 2024 addressed six actively exploited bugs


0 user ratings
2024-08-14 08:03:20
milo
Blue Team (CND)

 - archive -- 
Microsoft’s August 2024 Patch Tuesday addressed 90 vulnerabilities, including six that are actively exploited. Patch Tuesday security updates for August 2024 addressed 90 vulnerabilities in Microsoft products including Windows and Windows Components; Office and Office Components; .NET and Visual Studio; Azure; Co-Pilot; Microsoft Dynamics; Teams; and Secure Boot and others, bringing the total to 102 […


Microsoft’s August 2024 Patch Tuesday addressed 90 vulnerabilities, including six that are actively exploited.





Patch Tuesday security updates for August 2024 addressed 90 vulnerabilities in Microsoft products including Windows and Windows Components; Office and Office Components; .NET and Visual Studio; Azure; Co-Pilot; Microsoft Dynamics; Teams; and Secure Boot and others, bringing the total to 102 when including third-party bugs. Seven vulnerabilities are rated Critical, 79 Important, and one Moderate. Four of these flaws are publicly known, and six are under active attack. The company confirmed that several vulnerabilities are currently being exploited in the wild.





Below are the actively exploited flaws addressed by Patch Tuesday security updates for August 2024:





CVETitleSeverityCVSSPublicExploitedType
CVE-2024-38189Microsoft Project Remote Code Execution VulnerabilityImportant8.8NoYesRCE
CVE-2024-38178Scripting Engine Memory Corruption VulnerabilityImportant7.5NoYesRCE
CVE-2024-38193Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityImportant7.8NoYesEoP
CVE-2024-38106Windows Kernel Elevation of Privilege VulnerabilityImportant7NoYesEoP
CVE-2024-38107Windows Power Dependency Coordinator Elevation of Privilege VulnerabilityImportant7.8NoYesEoP
CVE-2024-38213Windows Mark of the Web Security Feature Bypass VulnerabilityModerate6.5NoYesSFB




Below is the list of critical flaws addressed by the IT giant:





CVETitleSeverityCVSSPublic Exploitedtype
CVE-2024-38109Azure Health Bot Elevation of Privilege VulnerabilityCritical9.1NoNoEoP
CVE-2024-38206Microsoft Copilot Studio Information Disclosure VulnerabilityCritical8.5NoNoInfo
CVE-2024-38166Microsoft Dynamics 365 Cross-site Scripting VulnerabilityCritical8.2NoNoXSS
CVE-2022-3775 *Redhat: CVE-2022-3775 grub2 – Heap based out-of-bounds write when rendering certain Unicode sequencesCritical7.1NoNoRCE
CVE-2023-40547 *Redhat: CVE-2023-40547 Shim – RCE in HTTP boot support may lead to secure boot bypassCritical8.3NoNoSFB
CVE-2024-38159Windows Network Virtualization Remote Code Execution VulnerabilityCritical9.1NoNoRCE
CVE-2024-38160Windows Network Virtualization Remote Code Execution VulnerabilityCritical9.1NoNoRCE
CVE-2024-38140Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution VulnerabilityCritical9.8NoNoRCE
CVE-2024-38063Windows TCP/IP Remote Code Execution VulnerabilityCritical9.8NoNoRCE




The most severe flaws are:





CVE-2024-38140 is Remote Code Execution Vulnerability in Windows Reliable Multicast Transport Driver (RMCAST). An unauthenticated attacker could exploit the flaw by sending specially crafted packets to a Windows Pragmatic General Multicast (PGM) open socket on the server, without any interaction from the user. However, this vulnerability is only exploitable if there is a program listening on a Pragmatic General Multicast (PGM) port. Microsoft states that if PGM is installed or enabled but no programs are actively listening as a receiver, then this vulnerability is not exploitable.





CVE-2024-38063 is a Remote Code Execution vulnerability in Windows TCP/IP. An unauthenticated attacker could exploit this flaw by sending specially crafted IPv6 packets to a Windows machine, potentially enabling remote code execution.





“Moving on to the other code execution bugs, we’re greeted with three different CVSS 9.8 bugs right off the top. The worst is likely the bug in TCP/IP that would allow a remote, unauthenticated attacker to get elevated code execution just by sending specially crafted IPv6 packets to an affected target. That means it’s wormable.” reported ZDI. “You can disable IPv6 to prevent this exploit, but IPv6 is enabled by default on just about everything. It’s a similar attack scenario for the Reliable Multicast Transport Driver (RMCAST), but in this case, you need a service listening as a receiver on PGM to be vulnerable”





Follow me on Twitter: @securityaffairs and Facebook and Mastodon





Pierluigi Paganini





(SecurityAffairs – hacking, Microsoft Patch Tuesday)







Source: SecurityAffairs
Source Link: https://securityaffairs.com/167000/security/microsoft-patch-tuesday-august-2024.html


Comments
new comment
Nobody has commented yet. Will you be the first?
 
Forum
Blue Team (CND)



Copyright 2012 through 2024 - National Cyber Warfare Foundation - All rights reserved worldwide.