Microsoft on Tuesday released August 2024 Patch Tuesday, which included security updates for 90 flaws across Windows and OS components, including six actively exploited and four publicly disclosed zero-day vulnerabilities.
“While this isn’t the biggest release, it is unusual to see so many bugs listed as public or under active attack in a single release,” Trend Micro’s Zero Day Initiative (ZDI) program researchers wrote in an analysis.
Given below are the details on the six actively exploited zero-day vulnerabilities that were patched in August 2024 in Patch Tuesday:
CVE-2024-38178: Scripting Engine Memory Corruption Vulnerability (CVSS 7.5/10)
This zero-day, reported by Ahn Lab and South Korea’s National Cyber Security Center (NCSC), is a memory corruption vulnerability in the Windows Scripting Engine that can result in remote code execution (RCE). The attack requires an authenticated client to be tricked into clicking a link for an unauthenticated attacker to initiate remote code execution.
According to Microsoft, this vulnerability can only be successfully exploited if the target uses Edge in Internet Explorer (IE) Mode. The attacker would then have to compromise the user by clicking on a specially crafted URL.
CVE-2024-38189 — Microsoft Project Remote Code Execution Vulnerability (CVSS 8.8/10)
This vulnerability is a remote code execution flaw in Microsoft Project, which is being exploited in the wild through maliciously crafted files.
“Exploitation requires the victim to open a malicious Microsoft Office Project file on a system where the Block macros from running in Office files from the Internet policy is disabled and VBA Macro Notification Settings are not enabled allowing the attacker to perform remote code execution,” explains the advisory.
Microsoft did not reveal who discovered the above vulnerability or how it was exploited in the wild.
CVE-2024-38107 — Windows Power Dependency Coordinator Elevation of Privilege Vulnerability (CVSS 7.8/10)
This is a privilege escalation flaw in the Windows Power Dependency Coordinator. If an attacker successfully exploits this vulnerability, they could gain SYSTEM-level privileges on a target machine. Microsoft has not provided details on who disclosed the flaw.
CVE-2024-38106 – Windows Kernel Elevation of Privilege Vulnerability (CVSS 7.0/10)
This zero-day, which existed in the Windows Kernel, was reported anonymously to Microsoft.
“Successful exploitation of this vulnerability requires an attacker to win a race condition,” explains Microsoft’s advisory. “An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.”
CVE-2024-38213 — Windows Mark of the Web Security Feature Bypass Vulnerability (CVSS 6.5/10)
This flaw allows attackers to bypass the Windows Mark of the Web (MoTW) security feature. To successfully exploit this vulnerability, an attacker must send the user a malicious file and convince them to open it so that they can bypass the SmartScreen user experience.
CVE-2024-38193 – Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability (CVSS: 7.8/10)
This vulnerability, which was discovered by Luigino Camastra and Milánek with Gen Digital, allows attackers to gain SYSTEM privileges on Windows systems.
For detailed information about the four publicly disclosed zero-day vulnerabilities, you can click here.
Microsoft has recommended Windows users and system administrators prioritize updating their systems, which makes them vulnerable to remote code execution, privilege escalation, and security feature bypass attacks.
