Microsoft Patches Six Windows Zero-Day Actively Exploited Flaws

Microsoft on Tuesday released August 2024 Patch Tuesday, which included security updates for 90 flaws across Windows and OS components, including six actively exploited and four publicly disclosed zero-day vulnerabilities.

โ€œWhile this isnโ€™t the biggest release, it is unusual to see so many bugs listed as public or under active attack in a single release,โ€ Trend Microโ€™s Zero Day Initiative (ZDI) program researchers wrote inย an analysis.

Given below are the details on the sixย actively exploited zero-day vulnerabilities that were patched in August 2024 in Patch Tuesday:

CVE-2024-38178: Scripting Engine Memory Corruption Vulnerability (CVSS 7.5/10)ย 

This zero-day, reported by Ahn Lab and South Koreaโ€™s National Cyber Security Center (NCSC), is a memory corruption vulnerability in the Windows Scripting Engine that can result in remote code execution (RCE). The attack requires an authenticated client to be tricked into clicking a link for an unauthenticated attacker to initiate remote code execution.

According to Microsoft, this vulnerability can only be successfully exploited if the target uses Edge in Internet Explorer (IE) Mode. The attacker would then have to compromise the user by clicking on a specially crafted URL.

CVE-2024-38189ย โ€” Microsoft Project Remote Code Execution Vulnerability (CVSS 8.8/10)

This vulnerability is a remote code execution flaw in Microsoft Project, which is being exploited in the wild through maliciously crafted files.

“Exploitation requires the victim to open a malicious Microsoft Office Project file on a system where theย Block macros from running in Office files from the Internetย policy is disabled andย VBA Macro Notification Settingsย are not enabled allowing the attacker to perform remote code execution,” explains the advisory.

Microsoft did not reveal who discovered the above vulnerability or how it was exploited in the wild.

CVE-2024-38107ย โ€” Windows Power Dependency Coordinator Elevation of Privilege Vulnerability (CVSS 7.8/10)

This is a privilege escalation flaw in the Windows Power Dependency Coordinator. If an attacker successfully exploits this vulnerability, they could gain SYSTEM-level privileges on a target machine. Microsoft has not provided details on who disclosed the flaw.

CVE-2024-38106ย โ€“ Windows Kernel Elevation of Privilege Vulnerability (CVSS 7.0/10)

This zero-day, which existed in the Windows Kernel, was reported anonymously to Microsoft.

“Successful exploitation of this vulnerability requires an attacker to win a race condition,” explains Microsoft’s advisory. “An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.โ€

CVE-2024-38213ย โ€” Windows Mark of the Web Security Feature Bypass Vulnerability (CVSS 6.5/10)

This flaw allows attackers to bypass the Windows Mark of the Web (MoTW) security feature. To successfully exploit this vulnerability, an attacker must send the user a malicious file and convince them to open it so that they can bypass the SmartScreen user experience.

CVE-2024-38193ย โ€“ย Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability (CVSS: 7.8/10)

This vulnerability, which was discovered byย Luigino Camastra and Milรกnek with Gen Digital, allows attackers to gain SYSTEM privileges on Windows systems.

For detailed information about the four publicly disclosed zero-day vulnerabilities, you can click here.

Microsoft has recommended Windows users and system administrators prioritize updating their systems, which makes them vulnerable to remote code execution, privilege escalation, and security feature bypass attacks.

Kavita Iyer
Kavita Iyerhttps://www.techworm.net
An individual, optimist, homemaker, foodie, a die hard cricket fan and most importantly one who believes in Being Human!!!
spot_img

Read More

Suggested Post