Microsoft Patch Tuesday security updates for August 2024 addressed six actively exploited bugs

Pierluigi Paganini August 14, 2024

Microsoft’s August 2024 Patch Tuesday addressed 90 vulnerabilities, including six that are actively exploited.

Patch Tuesday security updates for August 2024 addressed 90 vulnerabilities in Microsoft products including Windows and Windows Components; Office and Office Components; .NET and Visual Studio; Azure; Co-Pilot; Microsoft Dynamics; Teams; and Secure Boot and others, bringing the total to 102 when including third-party bugs. Seven vulnerabilities are rated Critical, 79 Important, and one Moderate. Four of these flaws are publicly known, and six are under active attack. The company confirmed that several vulnerabilities are currently being exploited in the wild.

Below are the actively exploited flaws addressed by Patch Tuesday security updates for August 2024:

CVETitleSeverityCVSSPublicExploitedType
Microsoft Project Remote Code Execution VulnerabilityImportant8.8NoYesRCE
Scripting Engine Memory Corruption VulnerabilityImportant7.5NoYesRCE
Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityImportant7.8NoYesEoP
Windows Kernel Elevation of Privilege VulnerabilityImportant7NoYesEoP
Windows Power Dependency Coordinator Elevation of Privilege VulnerabilityImportant7.8NoYesEoP
Windows Mark of the Web Security Feature Bypass VulnerabilityModerate6.5NoYesSFB

Below is the list of critical flaws addressed by the IT giant:

CVETitleSeverityCVSSPublic Exploitedtype
Azure Health Bot Elevation of Privilege VulnerabilityCritical9.1NoNoEoP
Microsoft Copilot Studio Information Disclosure VulnerabilityCritical8.5NoNoInfo
Microsoft Dynamics 365 Cross-site Scripting VulnerabilityCritical8.2NoNoXSS
Redhat: CVE-2022-3775 grub2 – Heap based out-of-bounds write when rendering certain Unicode sequencesCritical7.1NoNoRCE
Redhat: CVE-2023-40547 Shim – RCE in HTTP boot support may lead to secure boot bypassCritical8.3NoNoSFB
Windows Network Virtualization Remote Code Execution VulnerabilityCritical9.1NoNoRCE
Windows Network Virtualization Remote Code Execution VulnerabilityCritical9.1NoNoRCE
Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution VulnerabilityCritical9.8NoNoRCE
Windows TCP/IP Remote Code Execution VulnerabilityCritical9.8NoNoRCE

The most severe flaws are:

is Remote Code Execution Vulnerability in Windows Reliable Multicast Transport Driver (RMCAST). An unauthenticated attacker could exploit the flaw by sending specially crafted packets to a Windows Pragmatic General Multicast (PGM) open socket on the server, without any interaction from the user. However, this vulnerability is only exploitable if there is a program listening on a Pragmatic General Multicast (PGM) port. Microsoft states that if PGM is installed or enabled but no programs are actively listening as a receiver, then this vulnerability is not exploitable.

is a Remote Code Execution vulnerability in Windows TCP/IP. An unauthenticated attacker could exploit this flaw by sending specially crafted IPv6 packets to a Windows machine, potentially enabling remote code execution.

“Moving on to the other code execution bugs, we’re greeted with three different CVSS 9.8 bugs right off the top. The worst is likely the bug in TCP/IP that would allow a remote, unauthenticated attacker to get elevated code execution just by sending specially crafted IPv6 packets to an affected target. That means it’s wormable.” . “You can disable IPv6 to prevent this exploit, but IPv6 is enabled by default on just about everything. It’s a similar attack scenario for the Reliable Multicast Transport Driver (RMCAST), but in this case, you need a service listening as a receiver on PGM to be vulnerable”

Follow me on Twitter:  and  and Mastodon

(SecurityAffairs – hacking, Microsoft Patch Tuesday)



you might also like

leave a comment