Microsoft August Patch Tuesday Fixed 10 Zero-Day Vulnerabilities

210

The latest Patch Tuesday Update from Microsoft in August 2024 brings a significant bundle of fixes, including 10 zero-day patches. This month’s security update addresses a total of 94 bugs, with 9 critical-severity vulnerabilities being patched. It is crucial for all Microsoft users to promptly apply these updates to secure their systems.

Microsoft Addresses 10 Zero-Day Vulnerabilities

The highlight of the August Patch Tuesday is the resolution of 10 zero-day vulnerabilities by Microsoft. Six of these vulnerabilities were actively exploited before public disclosure and patching.

Zero-Days Exploited in the Wild

  • CVE-2024-38189 (CVSS 8.8; important): A remote code execution flaw in Microsoft Project that could be triggered by opening a malicious Office Project file.
  • CVE-2024-38178 (CVSS 7.5; important): A memory corruption vulnerability in the Scripting Engine exploitable via a crafted URL.
  • CVE-2024-38193 (CVSS 7.8; important): A privilege escalation flaw in Windows Ancillary Function Driver for WinSock.
  • CVE-2024-38106 (CVSS 7.0; important): A privilege escalation vulnerability in Windows Kernel.
  • CVE-2024-38107 (CVSS 7.8; important): A privilege escalation issue in Windows Power Dependency Coordinator.
  • CVE-2024-38213 (CVSS 6.5; moderate): A security bypass in Windows Mark of the Web feature.

Publicly Disclosed Zero-Day Vulnerabilities

Four vulnerabilities were publicly disclosed prior to patching by Microsoft, though not actively exploited.

  • CVE-2024-38200 (CVSS 6.5; important): A spoofing vulnerability in Microsoft Office.
  • CVE-2024-38199 (CVSS 9.8; important): Remote code execution flaw in the Windows Line Printer Daemon Service.
  • CVE-2024-21302 (CVSS 6.7; important): A privilege escalation vulnerability in Windows Secure Kernel Mode.
  • CVE-2024-38202 (CVSS; important): A privilege escalation flaw in Windows Update Stack.

Other Important Updates in August 2024 Patch Tuesday

In addition to the zero-day fixes, Microsoft addressed 9 critical vulnerabilities and 74 important issues this month. These include various types of vulnerabilities such as denial of service, privilege escalation, information disclosure, remote code execution, security bypass, spoofing, tampering, and cross-site scripting.

While this month’s update may seem modest compared to previous releases, the high number of zero-day and critical vulnerabilities make it essential for users to update their systems promptly. Manual checks for updates are recommended to ensure all security patches are applied without delay.

Share your thoughts in the comments below.