Menu
“Patch Tuesday” is an unofficial term used to refer to the second Tuesday of each month, when Microsoft, Adobe, Oracle, Google and other vendors regularly release software patches for their software products. Critical security updates are occasionally released outside of the normal Patch Tuesday cycle, but these are known as “Out-of-band” releases.
You can access the Microsoft list of Security Updates for July 2024 directly at msrc.microsoft.com/update-guide/releaseNote/2024-Aug
There is a lot to cover this month, and a somewhat brutal month for critical and actively exploited vulnerabilities – it is highly unusual to see so many bugs listed as public or under active attack in a single release – the uptick can somewhat be explained by the multiple vulnerabilities that have recently been presented at the ‘Black Hat’ and ‘DEFCON’ security conferences. In total, this month sees Microsoft releasing details of 6 “known actively exploited” vulnerabilities (a.k.a. ‘KEV’s), as well as 7 ‘critical’ vulnerabilities (CVSS greater than 9.0) and a further 11 vulnerabilities considered to be ‘highly exploitable’ even if no active exploitations in the wild have yet been reported to the vendor.
The list of “Known Exploited” vulnerabilities below have been reported by the CISA, America’s Cyber Defense Agency, to be known to be currently being exploited in the wild and at scale. These represent the absolute highest priority for patching for many organisations. Microsoft classifies a zero-day or highly exploitable flaw as ones that have been either publicly disclosed or actively exploited before an official fix was made available.
The AppCheck Scanner is able to detect these known exploited vulnerabilities – please click each CVE below to visit our entry on our public-facing detections database for more details. Amongst exploited vulnerabilities, the highest CVSS (CVSS 8.8) is related to the Microsoft Project Remote Code Execution Vulnerability (CVE-2024-38189).
This readily exploitable bug is being exploited in the wild for privilege escalation to SYSTEM privileges.
A second privilege escalation vulnerability that also leads to SYSTEM privileges and is being exploited in the wild. This second vulnerability resides in the Power Dependency Coordinator (PDC), a component of Modern Standby designed to allow devices to wake from sleep under power management.
This vulnerability allows single-click remote code execution and would be even more critical if it wasn’t mitigated by the fact that it requires the target to be using Edge in legacy Internet Explorer mode. This would be a rare configuration except that it ships as default on Copilot+ devices.
A vulnerability in how MS Office and Project handle VBA macros can lead to arbitrary code execution (RCE).
You might not have heard of the ‘Ancillary Function Driver for Winsock’ before today, but it is a core networking stack component that allows privileged access. More details are available in the Detections service.
The ‘Mark of the Web’ protection mechanism is designed to prevent drive-by malware attacks, but this isn’t the first time that a vulnerability has been reported that allows it to be bypassed completely – previous vulnerabilities were also found (and exploited widely) in both 2024 and 2023. It is likely to be a popular target by threat actors.
The list of “Critical” vulnerabilities below are all those with a “CVSS” score of 9.0 or greater. This generally reflects a vulnerability that is a critical risk, being both trivial to exploit, likely to be exploited, and which could cause great harm and damage if exploited. These can often include impacts such as the execution of arbitrary malicious code, a.k.a. ‘RCE’.
The Critical vulnerabilities this month contain a mixture of elevation of privileges, remote code execution (RCE), and information disclosure vulnerabilities. Amongst critical vulnerabilities, one of the two 9.8 CVSS this month is associated to the Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability (CVE-2024-38140) which targets services listening on a Pragmatic General Multicast (PGM) port. The second CVSS 9.8 is associated with the Windows TCP/IP Remote Code Execution Vulnerability (CVE-2024-38063) which allows an unauthenticated attacker could repeatedly send IPv6 packets to a Windows machine and which could enable remote code execution.
The list of “Highly Exploitable” vulnerabilities below are all those which Microsoft has determined are relatively trivial to exploit.
CVE-2024-38063 is of special note, having a near-maximal CVSS score of 9.8, and affecting virtually all Windows devices that have IPv6 enabled. With a network attack vector and low complexity this one in particular requires rapid remediation. It would allow a remote, unauthenticated attacker to get elevated code execution just by sending specially crafted IPv6 packets to an affected target.
| Product | CVE | CVSS Score |
|---|---|---|
| Windows TCP/IP | CVE-2024-38063 | 9.8 |
| Microsoft Streaming Service | CVE-2024-38125 | 7.8 |
| Windows Kernel | CVE-2024-38133 | 7.8 |
| Windows Ancillary Function Driver for WinSock | CVE-2024-38141 | 7.8 |
| Microsoft Streaming Service | CVE-2024-38144 | 8.8 |
| Windows DWM Core Library | CVE-2024-38147 | 7.8 |
| Windows Transport Security Layer (TLS) | CVE-2024-38148 | 7.5 |
| Windows DWM Core Library | CVE-2024-38150 | 7.8 |
| Windows Update Stack | CVE-2024-38163 | 7.8 |
| Windows Common Log File System Driver | CVE-2024-38196 | 7.8 |
| Windows Print Spooler Components | CVE-2024-38198 | 7.5 |
In addition to the above, Microsoft released 92 important security patches in total.
Products affected by this Patch Tuesday’s updates include:
You can see the full list on Microsoft’s Security Update Guide page (https://msrc.microsoft.com/update-guide/en-us), along with the associated KB articles and security vulnerability details.
Total Microsoft CVEs: 92
Currently exploited: 6
Highly Exploitable: 11
Critical Severity: 7
As with every month, if you don’t want to wait for your system to download Microsoft critical updates on pre-determined schedule, you can download them immediately from the Windows Update Catalog website at https://www.catalog.update.microsoft.com/Home.aspx and searching by Microsoft KB ID.
We also recommend scanning your entire estate using the AppCheck vulnerability scanner regularly – including end-user machines running desktop operating systems. Contact your account manager now if you are not already licensed for internal scan hubs to cover your whole estate.
The next Patch Tuesday will be on 10th September 2024 – add it to your calendar now!
AppCheck is a software security vendor based in the UK, offering a leading security scanning platform that automates the discovery of security flaws within organisations websites, applications, network, and cloud infrastructure. AppCheck are authorized by the Common Vulnerabilities and Exposures (CVE) Program as a CVE Numbering Authority (CNA).
No software to download or install.
Contact us or call us 0113 887 8380
AppCheck is a software security vendor based in the UK, offering a leading security scanning platform that automates the discovery of security flaws within organisations websites, applications, network and cloud infrastructure. AppCheck are authorized by te Common Vulnerabilities and Exposures (CVE) Program aas a CVE Numbering Authority (CNA)
