Microsoft Patch Tuesday – August 13th 2024

“Patch Tuesday” is an unofficial term used to refer to the second Tuesday of each month, when Microsoft, Adobe, Oracle, Google and other vendors regularly release software patches for their software products. Critical security updates are occasionally released outside of the normal Patch Tuesday cycle, but these are known as “Out-of-band” releases. Security updates for August 13th 2024 include 6 known to be exploited flaws and 7 critical patches among a total of 92 vulnerabilities this month.

A Densely Packed Patch Tuesday: 92 Vulnerabilities in Microsoft Products Including Windows and MS Office

 

“Patch Tuesday” is an unofficial term used to refer to the second Tuesday of each month, when Microsoft, Adobe, Oracle, Google and other vendors regularly release software patches for their software products. Critical security updates are occasionally released outside of the normal Patch Tuesday cycle, but these are known as “Out-of-band” releases.

You can access the Microsoft list of Security Updates for July 2024 directly at msrc.microsoft.com/update-guide/releaseNote/2024-Aug

There is a lot to cover this month, and a somewhat brutal month for critical and actively exploited vulnerabilities – it is highly unusual to see so many bugs listed as public or under active attack in a single release – the uptick can somewhat be explained by the multiple vulnerabilities that have recently been presented at the ‘Black Hat’ and ‘DEFCON’ security conferences. In total, this month sees Microsoft releasing details of 6 “known actively exploited” vulnerabilities (a.k.a. ‘KEV’s), as well as 7 ‘critical’ vulnerabilities (CVSS greater than 9.0) and a further 11 vulnerabilities considered to be ‘highly exploitable’ even if no active exploitations in the wild have yet been reported to the vendor.

 

Known Exploited (a.k.a 0-Day) Vulnerabilities

The list of “Known Exploited” vulnerabilities below have been reported by the CISA, America’s Cyber Defense Agency, to be known to be currently being exploited in the wild and at scale. These represent the absolute highest priority for patching for many organisations. Microsoft classifies a zero-day or highly exploitable flaw as ones that have been either publicly disclosed or actively exploited before an official fix was made available.

The AppCheck Scanner is able to detect these known exploited vulnerabilities – please click each CVE below to visit our entry on our public-facing detections database for more details. Amongst exploited vulnerabilities, the highest CVSS (CVSS 8.8) is related to the Microsoft Project Remote Code Execution Vulnerability (CVE-2024-38189).

 

CVE-2024-38106 – Windows Kernel Elevation of Privilege Vulnerability

This readily exploitable bug is being exploited in the wild for privilege escalation to SYSTEM privileges.

 

CVE-2024-38107 – Windows Power Dependency Coordinator Elevation of Privilege Vulnerability

A second privilege escalation vulnerability that also leads to SYSTEM privileges and is being exploited in the wild. This second vulnerability resides in the Power Dependency Coordinator (PDC), a component of Modern Standby designed to allow devices to wake from sleep under power management.

 

CVE-2024-38178 – Scripting Engine Memory Corruption Vulnerability

This vulnerability allows single-click remote code execution and would be even more critical if it wasn’t mitigated by the fact that it requires the target to be using Edge in legacy Internet Explorer mode. This would be a rare configuration except that it ships as default on Copilot+ devices.

 

CVE-2024-38189 – Microsoft Project Remote Code Execution Vulnerability

A vulnerability in how MS Office and Project handle VBA macros can lead to arbitrary code execution (RCE).

 

CVE-2024-38193 – Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

You might not have heard of the ‘Ancillary Function Driver for Winsock’ before today, but it is a core networking stack component that allows privileged access. More details are available in the Detections service.

 

CVE-2024-38213 – Windows Mark of the Web Security Feature Bypass Vulnerability

The ‘Mark of the Web’ protection mechanism is designed to prevent drive-by malware attacks, but this isn’t the first time that a vulnerability has been reported that allows it to be bypassed completely – previous vulnerabilities were also found (and exploited widely) in both 2024 and 2023. It is likely to be a popular target by threat actors.

 

Critical (CVSS 9+) Patches to Prioritise

The list of “Critical” vulnerabilities below are all those with a “CVSS” score of 9.0 or greater. This generally reflects a vulnerability that is a critical risk, being both trivial to exploit, likely to be exploited, and which could cause great harm and damage if exploited. These can often include impacts such as the execution of arbitrary malicious code, a.k.a. ‘RCE’.

The Critical vulnerabilities this month contain a mixture of elevation of privileges, remote code execution (RCE), and information disclosure vulnerabilities. Amongst critical vulnerabilities, one of the two 9.8 CVSS this month is associated to the Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability (CVE-2024-38140) which targets services listening on a Pragmatic General Multicast (PGM) port. The second CVSS 9.8 is associated with the Windows TCP/IP Remote Code Execution Vulnerability (CVE-2024-38063) which allows an unauthenticated attacker could repeatedly send IPv6 packets to a Windows machine and which could enable remote code execution.

  • CVE-2024-38063 – Windows TCP/IP Remote Code Execution Vulnerability
  • CVE-2024-38108 – Azure Stack Hub Spoofing Vulnerability
  • CVE-2024-38109 – Azure Health Bot Elevation of Privilege Vulnerability
  • CVE-2024-38140 – Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability
  • CVE-2024-38159 – Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability
  • CVE-2024-38160 – Windows Network Virtualization Remote Code Execution Vulnerability
  • CVE-2024-38199 – Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability

 

 

‘Highly Exploitable’ Vulnerabilities

The list of “Highly Exploitable” vulnerabilities below are all those which Microsoft has determined are relatively trivial to exploit.

CVE-2024-38063 is of special note, having a near-maximal CVSS score of 9.8, and affecting virtually all Windows devices that have IPv6 enabled. With a network attack vector and low complexity this one in particular requires rapid remediation. It would allow a remote, unauthenticated attacker to get elevated code execution just by sending specially crafted IPv6 packets to an affected target.

Product CVE CVSS Score
Windows TCP/IP CVE-2024-38063 9.8
Microsoft Streaming Service CVE-2024-38125 7.8
Windows Kernel CVE-2024-38133 7.8
Windows Ancillary Function Driver for WinSock CVE-2024-38141 7.8
Microsoft Streaming Service CVE-2024-38144 8.8
Windows DWM Core Library CVE-2024-38147 7.8
Windows Transport Security Layer (TLS) CVE-2024-38148 7.5
Windows DWM Core Library CVE-2024-38150 7.8
Windows Update Stack CVE-2024-38163 7.8
Windows Common Log File System Driver CVE-2024-38196 7.8
Windows Print Spooler Components CVE-2024-38198 7.5

Other Critical Patches

In addition to the above, Microsoft released 92 important security patches in total.

Products affected by this Patch Tuesday’s updates include:

  • Windows Routing and Remote Access Service (RRAS)
  • Windows Kernel
  • Windows Kernel-Mode Drivers
  • Windows IP Routing Management Snapin
  • Microsoft Streaming Service
  • Microsoft Edge (Chromium-based)
  • Windows Secure Kernel Mode
  • Microsoft Office
  • Azure Connected Machine Agent
  • Azure Stack

 

You can see the full list on Microsoft’s Security Update Guide page (https://msrc.microsoft.com/update-guide/en-us), along with the associated KB articles and security vulnerability details.

 

Statistics

Total Microsoft CVEs: 92

Currently exploited: 6

Highly Exploitable: 11

Critical Severity: 7

 

How to Protect Your Organisation with AppCheck

As with every month, if you don’t want to wait for your system to download Microsoft critical updates on pre-determined schedule, you can download them immediately from the Windows Update Catalog website at https://www.catalog.update.microsoft.com/Home.aspx and searching by Microsoft KB ID.

We also recommend scanning your entire estate using the AppCheck vulnerability scanner regularly – including end-user machines running desktop operating systems. Contact your account manager now if you are not already licensed for internal scan hubs to cover your whole estate.

 

Next Patch Tuesday

The next Patch Tuesday will be on 10th September 2024 – add it to your calendar now!

 

About AppCheck

AppCheck is a software security vendor based in the UK, offering a leading security scanning platform that automates the discovery of security flaws within organisations websites, applications, network, and cloud infrastructure. AppCheck are authorized by the Common Vulnerabilities and Exposures (CVE) Program as a CVE Numbering Authority (CNA).

Get started with Appcheck

No software to download or install.

Contact us or call us 0113 887 8380

About Appcheck

AppCheck is a software security vendor based in the UK, offering a leading security scanning platform that automates the discovery of security flaws within organisations websites, applications, network and cloud infrastructure. AppCheck are authorized by te Common Vulnerabilities and Exposures (CVE) Program aas a CVE Numbering Authority (CNA)

No software to download or install.
Contact us or call us 0113 887 8380

Start your free trial

Your details
IP Addresses
URLs

Get in touch