Patch Tuesday: August 2024

Hi everyone!

Liz from the RoboShadow team here to give you a breakdown of the vulnerabilities that have been released in August's Patch Tuesday release on Tuesday 13th August.

Microsoft brings us 90 new CVEs, 6 of which have already being exploited! 

What is Patch Tuesday?

Every second Tuesday of the month, Microsoft releases a batch of critical security updates known as Patch Tuesday. These updates are essential for maintaining the security and stability of your systems. The August 2024 Patch Tuesday, released on August 13, 2024, addresses several high-severity vulnerabilities across various Microsoft products. This blog post will guide you through the key updates, the affected products, and what actions you need to take to ensure your systems remain secure.

Key Updates in August 2024

• 90 new CVEs
• 9 zero-days: 6 exploited and 1 unfixed
  
• 8 critical vulnerabilities

Zero Day Vulnerabilities

Below are the 6 bugs currently under active exploitation:

CVE-2024-38189: Microsoft Project Remote Code Execution Vulnerability

• CVSS Rating: 8.8 (High)
• Description: This vulnerability in Microsoft Project allows an attacker to execute arbitrary code remotely, potentially leading to a full compromise of the affected system. Exploitation of this vulnerability could allow the attacker to take control of the affected application and execute commands with the same privileges as the user. Given the nature of this vulnerability, it poses a significant threat, especially in environments where Microsoft Project is widely used for managing projects and resources.
• Impact: Remote Code Execution
• Exploitation: This vulnerability is currently being actively exploited, making it critical for users to apply the available security patches immediately.

CVE-2024-38178: Scripting Engine Memory Corruption Vulnerability

• CVSS Rating: 7.5 (High)
• Description: This vulnerability arises from memory corruption in the scripting engine, which could be exploited by an attacker to execute arbitrary code. Typically, this kind of vulnerability is exploited through malicious web pages or documents that a user might inadvertently open, leading to a remote code execution. The scripting engine is often a core component in many applications, making this vulnerability particularly dangerous.
• Impact: Remote Code Execution
• Exploitation: Active exploitation of this vulnerability indicates a pressing need for patches, especially for users who might be exposed through internet-facing applications or documents.

CVE-2024-38193: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

• CVSS Rating: 7.8 (High)
• Description: This vulnerability affects the Windows Ancillary Function Driver for WinSock, which is a component that handles network communication. An attacker who successfully exploits this vulnerability could elevate their privileges, allowing them to execute code with higher permissions than initially available. This could lead to unauthorized actions or system compromise.
• Impact: Elevation of Privilege
• Exploitation: Given that this vulnerability is being actively exploited, it poses a serious risk, particularly in systems where network communication is integral to operations.

CVE-2024-38106: Windows Kernel Elevation of Privilege Vulnerability

• CVSS Rating: 7.0 (High)
• Description: This vulnerability exists in the Windows Kernel, the core component of the operating system that manages system resources and hardware communication. Exploiting this vulnerability allows an attacker to elevate their privileges on the affected system, potentially giving them full control over the device. This type of vulnerability is particularly concerning because it can be used as a stepping stone for more extensive attacks.
• Impact: Elevation of Privilege
• Exploitation: Active exploitation of this vulnerability emphasizes the importance of applying the necessary updates to protect against unauthorized system access.

 CVE-2024-38107: Windows Power Dependency Coordinator Elevation of Privilege Vulnerability

• CVSS Rating: 7.8 (High)
• Description: The Windows Power Dependency Coordinator is responsible for managing power dependencies across various system components. This vulnerability allows an attacker to escalate their privileges, enabling them to perform actions that would typically require higher-level access. Exploiting this vulnerability could lead to system instability or further exploitation.
• Impact: Elevation of Privilege
• Exploitation: With active exploitation reported, this vulnerability is a high priority for remediation to prevent potential system compromises.
  
  

CVE-2024-38213: Windows Mark of the Web Security Feature Bypass Vulnerability

• CVSS Rating: 6.5 (Medium)
• Description: The Mark of the Web (MOTW) is a security feature in Windows that flags files downloaded from the internet as potentially unsafe. This vulnerability allows an attacker to bypass this security feature, effectively removing the protections that MOTW provides. By exploiting this vulnerability, malicious files could execute without the usual warnings or restrictions, increasing the risk of a successful attack.
• Impact: Security Feature Bypass
• Exploitation: The active exploitation of this vulnerability highlights its risk, particularly in environments where files are frequently downloaded from untrusted sources.

Critical Vulnerability Summary

Azure Health Bot - Elevation of Privilege Vulnerability (CVE-2024-38109)

• Impact: This vulnerability could allow an attacker to gain elevated privileges on affected systems, potentially leading to unauthorized actions. As Azure Health Bot is widely used in healthcare applications, addressing this vulnerability is critical to maintaining the confidentiality and integrity of sensitive data.
  
  

Microsoft Copilot Studio - Information Disclosure Vulnerability (CVE-2024-38206)

• Impact: A critical flaw in Microsoft Copilot Studio could lead to information disclosure, exposing sensitive data to unauthorized parties. This vulnerability is particularly concerning given the role of Copilot Studio in automating tasks across various enterprise applications.
  
  

Microsoft Dynamics 365 - Cross-site Scripting Vulnerability (CVE-2024-38166)

• Impact: This vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users. The exploitation of this vulnerability could result in data theft, session hijacking, and other malicious activities within Dynamics 365 environments.
  
  

Reliable Multicast Transport Driver (RMCAST) - Remote Code Execution Vulnerability (CVE-2024-38140)

• Impact: A critical remote code execution vulnerability in the Reliable Multicast Transport Driver could enable attackers to execute arbitrary code on vulnerable systems, potentially compromising network operations and data integrity.
  
  

Windows Network Virtualization - Remote Code Execution Vulnerabilities (CVE-2024-38159 & CVE-2024-38160)

• Impact: These vulnerabilities in Windows Network Virtualization could allow remote attackers to execute code on affected systems. The critical nature of these vulnerabilities underscores the importance of patching to protect virtualized environments from potential exploitation.
  
  

Windows Secure Boot - Multiple Vulnerabilities (CVE-2022-3775 & CVE-2023-40547)

• Impact: Critical vulnerabilities in Windows Secure Boot could allow attackers to bypass secure boot protections, potentially leading to the execution of malicious code during system startup. Given the fundamental role of Secure Boot in maintaining system integrity, these patches are of the highest priority.
  
  

Windows TCP/IP - Remote Code Execution Vulnerability (CVE-2024-38063)

• Impact: A serious flaw in the Windows TCP/IP stack could enable attackers to remotely execute code, compromising system security without user interaction. This vulnerability poses a significant risk to networked systems and should be addressed immediately.

Actions to Take:

• KB5041578 for Windows Server 2019
• KB5041592 for Windows 11 version 21H2
• KB5041573 for Windows Server 2022, 23H2 Edition

Check for Impact on Dual-Boot Systems: If you run a dual-boot system with both Windows and Linux, be aware that this update may affect older Linux distributions. Microsoft has implemented a Secure Boot Advanced Targeting (SBAT) update that blocks vulnerable Linux bootloaders. Work with your Linux vendor to ensure compatibility after the update. 

Stay Informed: Subscribe to Microsoft’s security update notifications or regularly check the MSRC. for the latest patches.