Security and Compliance
Patch Tuesday August 2024: Critical Vulnerability Roundup
Topics: Security and Compliance
Welcome to Recast Software’s August 2024 Patch Tuesday blog post.
This month, Microsoft addressed 90 vulnerabilities across its ecosystem, including several critical and zero-day vulnerabilities. Staying on top of these updates is essential for maintaining the security and stability of your IT environment.
Critical Vulnerability Patched: Windows TCP/IP (CVE-2024-38063)
This month’s update addresses a critical issue within the Windows TCP/IP stack. Rated with a CVSS score of 9.8, this vulnerability is classified as remote code execution (RCE) and has been flagged as “Exploitation More Likely.” Attackers can potentially exploit this flaw by sending maliciously crafted IPv6 packets to a vulnerable system. For those unable to apply the patch immediately, Microsoft suggests disabling IPv6 as a temporary safeguard.
Impact: If successfully exploited, this vulnerability could enable attackers to run arbitrary code, giving them complete control over the compromised system. This could result in significant data breaches, unauthorized access, and further attacks within the network.
Zero-Day Vulnerabilities
Several zero-day vulnerabilities were addressed in this update, with exploitation detected in the wild, highlighting the urgency of applying these patches:
- Windows Kernel (CVE-2024-38106): This elevation of privilege (EoP) vulnerability with a CVSS score of 7.0 has been exploited in the wild, making it a priority for patching.
- Windows Power Dependency Coordinator (CVE-2024-38107): Another EoP vulnerability with a CVSS score of 7.8, this has also been detected in the wild.
- Windows Scripting (CVE-2024-38178): This memory corruption vulnerability in the Windows Scripting engine, with a CVSS score of 7.5, has seen exploitation. It requires an authenticated victim using Edge in Internet Explorer Mode to be exploited, making it a critical update for environments where IE Mode is enabled.
Significant Vulnerabilities in Microsoft Office and Azure
This month’s update also includes patches for several critical vulnerabilities across Microsoft Office and Azure services:
- Microsoft Office Project (CVE-2024-38189): A RCE vulnerability in Microsoft Project with a CVSS score of 8.8. Exploitation requires user interaction, such as opening a crafted document, and can lead to arbitrary code execution. The vulnerability has been exploited in the wild, making it crucial to apply this patch.
- Azure Health Bot (CVE-2024-38109): An EoP vulnerability in Azure Health Bot with a CVSS score of 9.1. This critical vulnerability stems from a server-side request forgery (SSRF) that could be abused to escalate privileges.
Other Noteworthy Updates
- Windows Line Printer Daemon (LPD) Service (CVE-2024-38199): A critical RCE vulnerability with a CVSS score of 9.8, affecting the LPD Service. Although rated as “Exploitation Less Likely,” this vulnerability could allow remote attackers to execute code on the server.
- Windows Mark of the Web (MOTW) (CVE-2024-38213): A security feature bypass vulnerability with a CVSS score of 6.5, exploited in the wild. It allows attackers to bypass Windows SmartScreen by convincing users to open a specially crafted file.
Stay Updated and Secure
With vulnerabilities affecting core components like Windows Kernel, TCP/IP, and Azure services, it is crucial to prioritize these updates. Neglecting to patch these vulnerabilities can expose your organization to significant risks, including data breaches and malware attacks. By staying up to date with the latest patches, you not only protect your network but also ensure the stability and security of your IT environment.
To further streamline and secure your patch management process, learn about Application Manager here.
For a comprehensive overview of August’s Patch Tuesday updates, visit Microsoft’s release notes here.
Stay vigilant and keep your systems protected.