Microsoft has released its August 2024 Patch Tuesday update, addressing multiple vulnerabilities across its software ecosystem. This month’s update features fixes for a total of 90 vulnerabilities, including nine classified as zero-day exploits. Notably, six of these zero-day vulnerabilities are actively exploited, while three have been publicly disclosed.
Compared to the previous month’s release, which tackled 142 vulnerabilities, this update is notably smaller. The vulnerabilities addressed this month are primarily categorized as follows: 41% are related to elevation of privilege (EoP) issues, while 33% involve remote code execution (RCE).
Key Highlights of Microsoft August 2024 Patch Tuesday Update
Among the nine zero-day vulnerabilities addressed this month, six are actively exploited. Notable vulnerabilities include CVE-2024-38202, an elevation of privilege (EoP) issue in the Windows Update Stack; CVE-2024-21302, an EoP flaw affecting the Windows Secure Kernel; CVE-2024-38200, a spoofing vulnerability in Microsoft Office; CVE-2024-38109, an EoP vulnerability in Azure Health Bot; and CVE-2024-38206, an information disclosure flaw in Microsoft Copilot Studio.
Scott Caveza, Staff Research Engineer at Tenable, highlights the urgency of addressing these vulnerabilities. He points out that CVE-2024-38202 and CVE-2024-21302, if exploited together, could allow attackers to reverse software updates and undo previous fixes, thus broadening the attack surface. Additionally, CVE-2024-38200 could expose NTLM hashes to remote attackers, potentially facilitating further attacks like NTLM relay or pass-the-hash, which have been previously used by threat actors such as APT28.
Caveza emphasizes the importance of addressing EoP vulnerabilities, which attackers commonly exploit to escalate privileges within a network. “With numerous zero-days in this Patch Tuesday release, prioritizing remediation of these vulnerabilities is crucial,” he adds.
Caveza also highlights two critical vulnerabilities uncovered by Tenable Research. CVE-2024-38206, discovered by Tenable researcher Evan Grant, impacts Microsoft Copilot Studio and allows authenticated attackers to bypass server-side request forgery (SSRF) protections, potentially leaking sensitive information; Microsoft has patched this issue.
Additionally, CVE-2024-38109 is a critical elevation of privilege (EoP) vulnerability in Azure Health Bot with a CVSSv3 score of 9.1. This flaw could be exploited to escalate privileges, but users of Azure Health Bot need not take further action as the issue has been resolved in the update.
Breakdown of Vulnerabilities in August 2024 Patch Tuesday
The August 2024 Patch Tuesday update addresses a range of vulnerabilities categorized as follows: 36 are related to elevation of privileges, 28 involve remote code execution, 8 pertain to information disclosure, 7 are related to spoofing, 6 involve denial of service, 4 are security feature bypasses, and 1 is a tampering issue. This update includes several critical vulnerabilities affecting various Windows services and Microsoft applications.
Notable among these are CVE-2024-38109, which allows attackers with valid authentication to escalate privileges in Azure Health Bot; CVE-2024-38206, which enables authenticated attackers to bypass SSRF protections in Microsoft Copilot Studio; CVE-2024-38166, a cross-site scripting vulnerability in Microsoft Dynamics; CVE-2024-38140, which permits unauthenticated attackers to execute remote code via specially crafted packets in the Reliable Multicast Transport Driver (RMCAST); CVE-2024-38159 and CVE-2024-38160, which could lead to critical guest-to-host escapes through remote code execution in Windows Network Virtualization; CVE-2022-3775 and CVE-2023-40547, affecting secure boot features due to vulnerabilities in the Linux Shim bootloader; and CVE-2024-38063, which allows remote code execution through specially crafted IPv6 packets in Windows TCP/IP.
Moreover, in this month’s Patch Tuesday update, several vulnerabilities have been publicly disclosed, including CVE-2024-21302, which is an elevation of privilege (EoP) flaw allowing attackers to replace Windows files with outdated versions. Another critical issue is CVE-2024-38199, affecting the deprecated Windows Line Printer Daemon (LPD) service; while its exploitation is considered unlikely due to LPD’s obsolescence, it remains notable. Additionally, CVE-2024-38200 is a medium-severity spoofing vulnerability in Microsoft Office that impacts NTLM authentication.
