Today marks Microsoft’s August 2024 Patch Tuesday, addressing a total of 89 security flaws, including six actively exploited zero-day vulnerabilities and three publicly disclosed zero-days. Among these, one critical zero-day vulnerability remains unfixed, though Microsoft is actively working on a resolution.
Summary of Critical Updates
This Patch Tuesday resolves eight critical vulnerabilities across various categories, such as elevation of privileges, remote code execution, and information disclosure. Below is the distribution of the vulnerabilities by category:
- 36 Elevation of Privilege Vulnerabilities
- 4 Security Feature Bypass Vulnerabilities
- 28 Remote Code Execution Vulnerabilities
- 8 Information Disclosure Vulnerabilities
- 6 Denial of Service Vulnerabilities
- 7 Spoofing Vulnerabilities
It is important to note that these counts do not include vulnerabilities in Microsoft Edge that were disclosed earlier this month.
Zero-Day Vulnerabilities: An Overview
Among the vulnerabilities patched today, six are classified as zero-day flaws, meaning they were exploited in the wild before a fix was available. Notably, half of these zero-days pertain to local privilege escalation, which allows attackers to gain higher-level privileges on a compromised system.
- CVE-2024-38106, CVE-2024-38107, and CVE-2024-38193 are three such local privilege escalation vulnerabilities. They enable attackers to achieve SYSTEM-level privileges on vulnerable machines, though they affect different components of the Windows operating system. The details provided by Microsoft are sparse, particularly for the last two flaws, but they are recognized as being exploited actively.
- CVE-2024-38106 resides in the Windows Kernel and is currently being exploited, with Microsoft noting its high attack complexity. This complexity stems from the need for attackers to navigate a race condition, a situation that can vary in difficulty. Trend Micro’s ZeroDay Initiative (ZDI) emphasizes that despite the high complexity rating, the presence of real-world exploitation suggests that the vulnerability is readily actionable by attackers.
- CVE-2024-38178 is a remote code execution vulnerability found in the Internet Explorer Mode of the Windows Edge browser. This mode, while not enabled by default, is used for legacy websites and applications. The active exploitation of this flaw indicates that attackers are targeting environments where this mode is in use.
- CVE-2024-38213 allows malware to bypass the “Mark of the Web” security feature, which is responsible for alerting users about files downloaded from the internet. Although this vulnerability is not directly exploitable on its own, it is often part of a larger exploit chain. It may be used to alter malicious documents or executable files to evade detection before distribution.
- CVE-2024-38189 is a remote code execution flaw affecting Microsoft Project. This vulnerability is only exploitable in environments where notifications about the risks of running VBA Macros are disabled. Given the history of malware hiding within Office Macros, this flaw poses a significant risk to affected users.
Adobe’s Security Updates
In addition to Microsoft’s updates, Adobe has released 11 security bulletins addressing at least 71 vulnerabilities across its products, including Illustrator, Photoshop, InDesign, and Acrobat. Adobe has indicated that there is no current evidence of active exploitation of these vulnerabilities.
Best Practices for Users
Given the critical nature of these updates, it is crucial for users to stay up-to-date with the latest security patches from Microsoft and Adobe. While it’s recommended to install these updates promptly, waiting a day or two can be prudent. This approach allows time for any immediate issues with the updates to be addressed. Furthermore, backing up data or imaging the Windows drive before applying new updates can prevent data loss in case of problems during the update process.
For a detailed breakdown of the vulnerabilities addressed, refer to the SANS Internet Storm Center’s list. Administrators managing large Windows environments should also keep an eye on Askwoody.com for insights into any issues specific updates may cause.
How Can Netizen Help?
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.
Questions or concerns? Feel free to reach out to us any time –
https://www.netizen.net/contact
