Microsoft Patch Tuesday security updates for August 2024 addressed six actively exploited bugs

Microsoft’s August 2024 Patch Tuesday addressed 90 vulnerabilities, including six that are actively exploited.

Patch Tuesday security updates for August 2024 addressed 90 vulnerabilities in Microsoft products including Windows and Windows Components; Office and Office Components; .NET and Visual Studio; Azure; Co-Pilot; Microsoft Dynamics; Teams; and Secure Boot and others, bringing the total to 102 when including third-party bugs. Seven vulnerabilities are rated Critical, 79 Important, and one Moderate. Four of these flaws are publicly known, and six are under active attack. The company confirmed that several vulnerabilities are currently being exploited in the wild.

Below are the actively exploited flaws addressed by Patch Tuesday security updates for August 2024:

CVE Title Severity CVSS Public Exploited Type
CVE-2024-38189 Microsoft Project Remote Code Execution Vulnerability Important 8.8 No Yes RCE
CVE-2024-38178 Scripting Engine Memory Corruption Vulnerability Important 7.5 No Yes RCE
CVE-2024-38193 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important 7.8 No Yes EoP
CVE-2024-38106 Windows Kernel Elevation of Privilege Vulnerability Important 7 No Yes EoP
CVE-2024-38107 Windows Power Dependency Coordinator Elevation of Privilege Vulnerability Important 7.8 No Yes EoP
CVE-2024-38213 Windows Mark of the Web Security Feature Bypass Vulnerability Moderate 6.5 No Yes SFB

Below is the list of critical flaws addressed by the IT giant:

CVE Title Severity CVSS Public Exploited type
CVE-2024-38109 Azure Health Bot Elevation of Privilege Vulnerability Critical 9.1 No No EoP
CVE-2024-38206 Microsoft Copilot Studio Information Disclosure Vulnerability Critical 8.5 No No Info
CVE-2024-38166 Microsoft Dynamics 365 Cross-site Scripting Vulnerability Critical 8.2 No No XSS
CVE-2022-3775 * Redhat: CVE-2022-3775 grub2 – Heap based out-of-bounds write when rendering certain Unicode sequences Critical 7.1 No No RCE
CVE-2023-40547 * Redhat: CVE-2023-40547 Shim – RCE in HTTP boot support may lead to secure boot bypass Critical 8.3 No No SFB
CVE-2024-38159 Windows Network Virtualization Remote Code Execution Vulnerability Critical 9.1 No No RCE
CVE-2024-38160 Windows Network Virtualization Remote Code Execution Vulnerability Critical 9.1 No No RCE
CVE-2024-38140 Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability Critical 9.8 No No RCE
CVE-2024-38063 Windows TCP/IP Remote Code Execution Vulnerability Critical 9.8 No No RCE

The most severe flaws are:

CVE-2024-38140 is Remote Code Execution Vulnerability in Windows Reliable Multicast Transport Driver (RMCAST). An unauthenticated attacker could exploit the flaw by sending specially crafted packets to a Windows Pragmatic General Multicast (PGM) open socket on the server, without any interaction from the user. However, this vulnerability is only exploitable if there is a program listening on a Pragmatic General Multicast (PGM) port. Microsoft states that if PGM is installed or enabled but no programs are actively listening as a receiver, then this vulnerability is not exploitable.

CVE-2024-38063 is a Remote Code Execution vulnerability in Windows TCP/IP. An unauthenticated attacker could exploit this flaw by sending specially crafted IPv6 packets to a Windows machine, potentially enabling remote code execution.

“Moving on to the other code execution bugs, we’re greeted with three different CVSS 9.8 bugs right off the top. The worst is likely the bug in TCP/IP that would allow a remote, unauthenticated attacker to get elevated code execution just by sending specially crafted IPv6 packets to an affected target. That means it’s wormable.” reported ZDI. “You can disable IPv6 to prevent this exploit, but IPv6 is enabled by default on just about everything. It’s a similar attack scenario for the Reliable Multicast Transport Driver (RMCAST), but in this case, you need a service listening as a receiver on PGM to be vulnerable”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Microsoft Patch Tuesday)