Third Party Patching
August 2024 Third-Party Patches
Topics: Third Party Patching
In August 2024, Application Workspace (formerly Liquit) Setup Store addressed 124 vulnerabilities through released updates, enhancing security across 65 different applications. This number includes multiple major versions for certain applications. For example, there were 6 updated versions for Microsoft Visual Studio, both Enterprise and Pro versions, for 2017, 2019, and 2022. There were 90 total updates and new version numbers for the applications, which means that multiple applications were updated more than once during the last month.
Notable Vulnerabilities in August 2024 Third-Party Patches
One vulnerability rose above others last month. CVE-2024-7971 is a type of confusion vulnerability in the V8 JavaScript and WebAssembly engine, impacting versions of Chromium prior to 128.0.6613.84. Exploiting this vulnerability could allow threat actors to gain remote code execution (RCE) in the sandboxed Chromium renderer process. Virtually all Chromium-based browsers are affected by this zero-day vulnerability. More information about this vulnerability can be found in Microsoft Threat Intelligence.
CVE-2024-7965 zero-day vulnerability is due to an inappropriate implementation in V8, the JavaScript engine used in Google Chrome and other Chromium based browsers. A remote attacker could potentially exploit heap corruption by tricking a user into visiting a malicious website. If successfully exploited, this vulnerability could allow an attacker to bypass security restrictions and potentially execute arbitrary code on the victim’s system. More information can be found in the National Vulnerability Database.
CVE-2024-38189 is a zero-day vulnerability for Microsoft Office Project. Exploitation requires the victim to open a malicious Microsoft Office Project file on a system where the Block macros from running in Office files from the Internet policy is disabled and VBA Macro Notification Settings are not enabled allowing an attacker to perform remote code execution. More information can be found in MSRC.
Detailed Analysis of Critical Vulnerabilities
Update 7.55.03 for Datadog Agent fixes a critical vulnerability CVE-2024-41110. A security vulnerability was detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base likelihood of this being exploited is low. More information can be found in NVD. This vulnerability was also introduced in last month’s blog post.
Another critical vulnerability CVE-2024-37051 affects multiple products by JetBrains. The vulnerability is now patched in the following products:
- CLion
- DataSpell
- GoLand 2024.2
- IntelliJ IDEA Community
- IntelliJ IDEA Ultimate
- PhpStorm
- PyCharm Community
- PyCharm Professional
- RubyMine 2024
- TeamCity
More detailed information can be found in the security advisory by JetBrains.
Browser Security Updates in August 2024
August 2024 was no different when it comes to browser vulnerabilities. Microsoft Edge was updated five times patching 55 vulnerabilities in total. Brave Browser received updates four times, and these updates patched 41 vulnerabilities. Google Chrome released three versions patching 30 vulnerabilities. Vivaldi was updated twice and patched two vulnerabilities. Both Firefox and Firefox ESR were only updated once fixing 13 and 9 vulnerabilities. Opera One released only one update patching two vulnerabilities.
Here is a brief comparison of how quickly the two zero-day vulnerabilities were patched in the browsers. CVE-2024-7971 and CVE-2024-7965 were published in 2024-08-21. Google Chrome was the only browser that was patched that very same day when the vulnerability was made public. Most browsers received the remediating update within 3 days of the disclosure. The only exception was Opera One which was patched for CVE-2024-7965 12 days after the disclosure.
| Browser | Version | Release Date | Vulnerabilities |
| Brave Browser | 1.69.153 | 2024-08-22 | CVE-2024-7971 & CVE-2024-7965 |
| Chrome for Business | 128.0.6613.85 | 2024-08-21 | CVE-2024-7971 & CVE-2024-7965 |
| Microsoft Edge Beta (x64) | 128.0.2739.42 | 2024-08-22 | CVE-2024-7971 & CVE-2024-7965 |
| Opera One | 113.0.5230.32 | 2024-08-23 | CVE-2024-7971 |
| Opera One | 113.0.5230.55 | 2024-09-02 | CVE-2024-7965 |
| Vivaldi | 6.8.3381.55 | 2024-08-21 | CVE-2024-7971 |
| Vivaldi | 6.8.3381.57 | 2024-08-24 | CVE-2024-7965 |
Microsoft Product Updates Included in August 2024 Third-Party Patches
In addition to Edge, Microsoft released updates for the following product families.
- Microsoft .NET Runtime 8.0
- Microsoft .NET SDK 8.0
- Microsoft 365 Apps
- Microsoft ASP.NET Core Runtime 8.0
- Microsoft ASP.NET Core Runtime Hosting Bundle 8.0
- Microsoft Azure CLI
- Microsoft Remote Desktop
- Microsoft Visual Studio 2017 Enterprise
- Microsoft Visual Studio 2017 Professional
- Microsoft Visual Studio 2019 Enterprise
- Microsoft Visual Studio 2019 Professional
- Microsoft Visual Studio 2022 Enterprise
- Microsoft Visual Studio 2022 Professional
- Microsoft Visual Studio Feedback Client 2017
- Microsoft Visual Studio Team Explorer 2017
- Microsoft Windows Desktop Runtime 8.0
Detailed List of August 2024 Third-Party Patches
For complete list of applications, versions, and remediated vulnerabilities see the following list generated by using Setup Store data.
| Product | Version | Vulnerabilities |
| Adobe Acrobat DC | 24.002.21005 | 12 |
| Adobe Acrobat DC Pro and Standard 2020 Classic Track | 20.005.30655 | 12 |
| Adobe Acrobat Reader 2020 MUI – Classic Track | 20.005.30655 | 12 |
| Adobe Acrobat Reader DC | 24.002.21005 | 12 |
| Brave Browser | 1.68.134 | 3 |
| Brave Browser | 1.68.137 | 6 |
| Brave Browser | 1.69.153 | 20 |
| Brave Browser | 1.69.160 | 4 |
| Chef Workstation for Windows | 24.8.1068 | 3 |
| Datadog Agent | 7.55.03 | 1 |
| Datadog Agent | 7.56.00 | 1 |
| Dell Power Manager Service | 3.16.00 | 1 |
| EnterpriseDB Corporation PostgreSQL 12 | 12.20.01 | 1 |
| EnterpriseDB Corporation PostgreSQL 13 | 13.16.01 | 1 |
| EnterpriseDB Corporation PostgreSQL 14 | 14.13.01 | 1 |
| EnterpriseDB Corporation PostgreSQL 15 | 15.08.01 | 1 |
| EnterpriseDB Corporation PostgreSQL 16 | 16.04.01 | 1 |
| Foxit PDF Editor 13 | 13.1.3.22478 | 4 |
| Foxit PDF Editor 2024 | 2024.2.3.25184 | 4 |
| Foxit PDF Editor Pro 13 | 13.1.3.22478 | 4 |
| Foxit PDF Reader | 2024.2.3.25184 | 4 |
| Google Chrome for Business | 127.0.6533.100 | 6 |
| Google Chrome for Business | 128.0.6613.114 | 4 |
| Google Chrome for Business | 128.0.6613.85 | 20 |
| CLion | 2024.02.00 | 1 |
| DataSpell | 2024.02.00 | 1 |
| GoLand 2024.2 | 2024.02.00 | 1 |
| IntelliJ IDEA Community | 2024.02.00 | 1 |
| IntelliJ IDEA Ultimate | 2024.02.00 | 1 |
| PhpStorm | 2024.02.00 | 1 |
| PyCharm Community | 2024.02.00 | 1 |
| PyCharm Professional | 2024.02.00 | 1 |
| RubyMine 2024 | 2024.02.00 | 1 |
| TeamCity | 2024.07.01 | 5 |
| MariaDB Server 10.11 | 10.11.09 | 5 |
| Microsoft .NET Runtime 8.0 | 8.0.8.33916 | 2 |
| Microsoft .NET Runtime 8.0 | 8.00.08 | 2 |
| Microsoft .NET SDK 8.0 | 8.4.124.41202 | 2 |
| Microsoft .NET SDK 8.0 | 8.4.24.37502 | 2 |
| Microsoft 365 Apps | 16.88.24081116 | 3 |
| Microsoft 365 Apps | 2407 (Build 16.0.17830.20166) | 7 |
| Microsoft 365 Apps | 2406 (Build 16.0.17726.20206) | 7 |
| Microsoft 365 Apps | 2402 (Build 16.0.17328.20550) | 7 |
| Microsoft ASP.NET Core Runtime 8.0 | 8.0.8.24369 | 2 |
| Microsoft ASP.NET Core Runtime Hosting Bundle 8.0 | 8.0.8.24369 | 2 |
| Microsoft Azure CLI | 0,127083333 | 2 |
| Microsoft Edge for Business | 127.0.2651.105 | 1 |
| Microsoft Edge for Business | 127.0.2651.86 | 3 |
| Microsoft Edge for Business | 127.0.2651.98 | 8 |
| Microsoft Edge for Business | 128.0.2739.42 | 42 |
| Microsoft Edge for Business | 128.0.2739.54 | 1 |
| Microsoft Edge Webview2 Runtime | 127.0.2651.86 | 3 |
| Microsoft Remote Desktop | 1.2.5620.0 | 1 |
| Microsoft Visual Studio 2017 Enterprise | 15.9.35201.75 | 1 |
| Microsoft Visual Studio 2017 Professional | 15.9.35201.75 | 1 |
| Microsoft Visual Studio 2019 Enterprise | 16.11.35130.168 | 1 |
| Microsoft Visual Studio 2019 Professional | 16.11.35130.168 | 1 |
| Microsoft Visual Studio 2022 Enterprise | 17.10.35201.131 | 2 |
| Microsoft Visual Studio 2022 Enterprise | 17.6.35201.154 | 3 |
| Microsoft Visual Studio 2022 Enterprise | 17.8.35201.163 | 2 |
| Microsoft Visual Studio 2022 Professional | 17.10.35201.131 | 2 |
| Microsoft Visual Studio 2022 Professional | 17.6.35201.154 | 3 |
| Microsoft Visual Studio 2022 Professional | 17.8.35201.163 | 2 |
| Microsoft Visual Studio Feedback Client 2017 | 15.9.35201.75 | 1 |
| Microsoft Visual Studio Team Explorer 2017 | 15.9.35201.75 | 1 |
| Microsoft Windows Desktop Runtime 8.0 | 8.0.8.33916 | 2 |
| Pale Moon | 33.03.00 | 1 |
| Mozilla Firefox | 129.00.00 | 13 |
| Mozilla Firefox ESR 128 | 128.01.00 | 9 |
| Mozilla Thunderbird | 115.14.00 | 7 |
| Mozilla Thunderbird ESR 128 | 128.01.00 | 10 |
| Electron | 29.04.06 | 10 |
| Electron | 30.04.00 | 10 |
| Electron | 31.04.00 | 2 |
| Opera One | 113.0.5230.32 | 1 |
| Vivaldi | 6.8.3381.55 | 1 |
| Vivaldi | 6.8.3381.57 | 1 |
| Waterfox | G6.0.18 | 9 |
| Wireshark 4.0 | 4.00.17 | 1 |
| Zoom Rooms | 6.01.05 | 1 |
Conclusion: August 2024 Third-Party Patches
Maintaining the security and performance of your IT environment hinges on timely third-party patching. The August 2024 updates addressed significant vulnerabilities across various applications, underscoring the importance of staying vigilant. By prioritizing these patches, you help safeguard your systems against potential exploits and ensure continued operational stability.
To deepen your understanding of third-party patching and its impact on your security posture, explore our eBook Reduce Your Attack Footprint. Additionally, don’t miss our analysis of the September 2024 Microsoft Patch Tuesday here.
