Summary
Microsoft has released monthly security updates that address a total of 85 new vulnerabilities, including 10 zero-day vulnerabilities.
Note: The vendor states that CVE-2024-38178, CVE-2024-38193, CVE-2024-38213, CVE-2024-38106, CVE-2024-38107 and CVE-2024-38189 are actively being exploited online.
Note: The vendor states that exploits for CVE-2024-38199, CVE-2024-21302, CVE-2024-38200 and CVE-2024-38202 are available online.
Note (updated 09/17/2024): Proofs of Concept (PoC) for exploiting the vulnerabilities CVE-2024-38063 and CVE-2024-38189 are available online.
Note (updated 12/09/2024): A Proof of Concept (PoC) for exploiting the vulnerability CVE-2024-38193 is available online.
Risk
Vulnerability impact estimate on the target community: SEVERE/RED (79.23/100)1.
Type
- Tampering
- Information Disclosure
- Remote Code Execution
- Elevation of Privilege
- Security Feature Bypass
- Denial of Service
- Spoofing
Description and potential impacts
In detail, the vulnerabilities actively exploited and/or for some of which a “proof of concept” is also available online, concern:
- Scripting Engine: identified through CVE-2024-38178, of the “Remote Code Execution” type and with a CVSS v3 score of 7.5. This vulnerability could be exploited through the distribution of appropriately crafted links.
- Windows Ancillary Function Driver for WinSock: identified through CVE-2024-38193, of the “Elevation of Privilege” type and with a CVSS v3 score of 7.8. This vulnerability, if exploited, could allow the obtaining of SYSTEM privileges.
- Windows Line Printer Daemon (LPD) Service: identified by CVE-2024-38199, of the “Remote Code Execution” type and with a CVSS v3 score of 9.8. This vulnerability could be exploited by sending specially crafted print tasks to a shared Windows Line Printed (LPD) service.
- Windows SmartScreen: identified by CVE-2024-38213, of the “Security Feature Bypass” type and with a CVSS v3 score of 6.5. This vulnerability could bypass the SmartScreen security features by distributing specially crafted files.
- Windows Secure Kernel Mode: identified by CVE-2024-21302, of the “Elevation of Privilege” type and with a CVSS v3 score of 6.7. This vulnerability could allow an attacker with administrator privileges to restore obsolete system files, in order to reintroduce resolved vulnerabilities. While waiting for a security patch, it is recommended to implement the mitigation actions suggested by Microsoft.
- Windows Kernel: identified by CVE-2024-38106, of the “Elevation of Privilege” type and with a CVSS v3 score of 7. This vulnerability could be exploited through race conditions.
- Windows Power Dependency Coordinator: identified by CVE-2024-38107, of the “Elevation of Privilege” type and with a CVSS v3 score of 7.8. This vulnerability, if exploited, could allow the obtaining of SYSTEM privileges.
- Microsoft Project: identified by CVE-2024-38189, of the “Remote Code Execution” type and with a CVSS v3 score of 8.8. This vulnerability could be exploited by distributing specially crafted Microsoft Office Project files.
- Windows Mark of the Web: identified by CVE-2024-38217, of the “Security Feature Bypass” type and with a CVSS v3 score of 5.4. This vulnerability could be exploited to bypass Mark of the Web (MOTW) mechanisms through specially crafted files.
- Microsoft Office: identified by CVE-2024-38200, of the “Spoofing” type and with a CVSS v3 score of 7.5. This vulnerability could allow a malicious user to generate specially crafted messages and/or documents apparently coming from a legitimate source (Spoofing).
- Windows Update Stack: identified by CVE-2024-38202, of the “Elevation of Privilege” type and with a CVSS v3 score of 7.3. This vulnerability, related to Windows Backup, could allow a user with sufficient privileges to reintroduce critical issues that have already been resolved. While waiting for a security patch, it is recommended to implement the mitigation actions suggested by Microsoft.
Affected products and versions
- .NET and Visual Studio
- Azure Connected Machine Agent
- Azure CycleCloud
- Azure Health Bot
- Azure IoT SDK
- Azure Stack
- Line Printer Daemon Service (LPD)
- Microsoft Bluetooth Driver
- Microsoft Copilot Studio
- Microsoft Dynamics
- Microsoft Edge (Chromium-based)
- Microsoft Local Security Authority Server (lsasrv)
- Microsoft Office
- Microsoft Office Excel
- Microsoft Office Outlook
- Microsoft Office PowerPoint
- Microsoft Office Project
- Microsoft Office Visio
- Microsoft Streaming Service
- Microsoft Teams
- Microsoft WDAC OLE DB provider for SQL
- Microsoft Windows DNS
- Reliable Multicast Transport Driver (RMCAST)
- Windows Ancillary Function Driver for WinSock
- Windows App Installer
- Windows Clipboard Virtual Channel Extension
- Windows Cloud Files Mini Filter Driver
- Windows Common Log File System Driver
- Windows Compressed Folder
- Windows Deployment Services
- Windows DWM Core Library
- Windows Initial Machine Configuration
- Windows IP Routing Management Snapin
- Windows Kerberos
- Windows Kernel
- Windows Kernel-Mode Drivers
- Windows Layer-2 Bridge Network Driver
- Windows Mark of the Web (MOTW)
- Windows Mobile Broadband
- Windows Network Address Translation (NAT)
- Windows Network Virtualization
- Windows NT OS Kernel
- Windows NTFS
- Windows Power Dependency Coordinator
- Windows Print Spooler Components
- Windows Resource Manager
- Windows Routing and Remote Access Service (RRAS)
- Windows Scripting
- Windows Secure Kernel Mode
- Windows Security Center
- Windows SmartScreen
- Windows TCP/IP
- Windows Transport Security Layer (TLS)
- Windows Update Stack
- Windows WLAN Auto Config Service
Mitigation Actions
In line with vendor statements, it is recommended to update impacted products through the appropriate Windows Update function.
Unique Vulnerability Identifiers
References
https://msrc.microsoft.com/update-guide/releaseNote/2024-Aug
https://msrc.microsoft.com/update-guide (NB: filtro: patch tuesday – August 2024)
1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.
