Pierluigi Paganini
August 14, 2024
Patch Tuesday security updates for August 2024 addressed 90 vulnerabilities in Microsoft products including Windows and Windows Components; Office and Office Components; .NET and Visual Studio; Azure; Co-Pilot; Microsoft Dynamics; Teams; and Secure Boot and others, bringing the total to 102 when including third-party bugs. Seven vulnerabilities are rated Critical, 79 Important, and one Moderate. Four of these flaws are publicly known, and six are under active attack. The company confirmed that several vulnerabilities are currently being exploited in the wild.
Below are the actively exploited flaws addressed by Patch Tuesday security updates for August 2024:
| CVE | Title | Severity | CVSS | Public | Exploited | Type |
| CVE-2024-38189 | Microsoft Project Remote Code Execution Vulnerability | Important | 8.8 | No | Yes | RCE |
| CVE-2024-38178 | Scripting Engine Memory Corruption Vulnerability | Important | 7.5 | No | Yes | RCE |
| CVE-2024-38193 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important | 7.8 | No | Yes | EoP |
| CVE-2024-38106 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7 | No | Yes | EoP |
| CVE-2024-38107 | Windows Power Dependency Coordinator Elevation of Privilege Vulnerability | Important | 7.8 | No | Yes | EoP |
| CVE-2024-38213 | Windows Mark of the Web Security Feature Bypass Vulnerability | Moderate | 6.5 | No | Yes | SFB |
Below is the list of critical flaws addressed by the IT giant:
| CVE | Title | Severity | CVSS | Public | Exploited | type |
| CVE-2024-38109 | Azure Health Bot Elevation of Privilege Vulnerability | Critical | 9.1 | No | No | EoP |
| CVE-2024-38206 | Microsoft Copilot Studio Information Disclosure Vulnerability | Critical | 8.5 | No | No | Info |
| CVE-2024-38166 | Microsoft Dynamics 365 Cross-site Scripting Vulnerability | Critical | 8.2 | No | No | XSS |
| CVE-2022-3775 * | Redhat: CVE-2022-3775 grub2 – Heap based out-of-bounds write when rendering certain Unicode sequences | Critical | 7.1 | No | No | RCE |
| CVE-2023-40547 * | Redhat: CVE-2023-40547 Shim – RCE in HTTP boot support may lead to secure boot bypass | Critical | 8.3 | No | No | SFB |
| CVE-2024-38159 | Windows Network Virtualization Remote Code Execution Vulnerability | Critical | 9.1 | No | No | RCE |
| CVE-2024-38160 | Windows Network Virtualization Remote Code Execution Vulnerability | Critical | 9.1 | No | No | RCE |
| CVE-2024-38140 | Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability | Critical | 9.8 | No | No | RCE |
| CVE-2024-38063 | Windows TCP/IP Remote Code Execution Vulnerability | Critical | 9.8 | No | No | RCE |
The most severe flaws are:
CVE-2024-38140 is Remote Code Execution Vulnerability in Windows Reliable Multicast Transport Driver (RMCAST). An unauthenticated attacker could exploit the flaw by sending specially crafted packets to a Windows Pragmatic General Multicast (PGM) open socket on the server, without any interaction from the user. However, this vulnerability is only exploitable if there is a program listening on a Pragmatic General Multicast (PGM) port. Microsoft states that if PGM is installed or enabled but no programs are actively listening as a receiver, then this vulnerability is not exploitable.
CVE-2024-38063 is a Remote Code Execution vulnerability in Windows TCP/IP. An unauthenticated attacker could exploit this flaw by sending specially crafted IPv6 packets to a Windows machine, potentially enabling remote code execution.
“Moving on to the other code execution bugs, we’re greeted with three different CVSS 9.8 bugs right off the top. The worst is likely the bug in TCP/IP that would allow a remote, unauthenticated attacker to get elevated code execution just by sending specially crafted IPv6 packets to an affected target. That means it’s wormable.” reported ZDI. “You can disable IPv6 to prevent this exploit, but IPv6 is enabled by default on just about everything. It’s a similar attack scenario for the Reliable Multicast Transport Driver (RMCAST), but in this case, you need a service listening as a receiver on PGM to be vulnerable”
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Microsoft Patch Tuesday)
