Microsoft Releases August 2024 Security Updates

Aug 16, 2024 GMT+08:00

I. Overview

Microsoft has released its August 2024 Security Updates. A total of 82 security vulnerabilities have been disclosed, among which 5 are marked as important vulnerabilities. Attackers can exploit these vulnerabilities to implement remote code execution, privilege escalation, and security feature bypass. Affected applications include Microsoft Windows, Microsoft Office, Microsoft Dynamics, and Azure.

For details, visit the Microsoft official website:

https://msrc.microsoft.com/update-guide/releaseNote/2024-Aug

The following vulnerabilities require close scrutiny as their details have been disclosed or they have already been exploited by attackers:

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability (CVE-2024-38193): 0-day vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. This vulnerability has been exploited in the wild, and the risk is high.

Windows Power Dependency Coordinator Elevation of Privilege Vulnerability (CVE-2024-38107): 0-day vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. This vulnerability has been exploited in the wild, and the risk is high.

Windows Kernel Elevation of Privilege Vulnerability (CVE-2024-38106): 0-day vulnerability. Attackers who win a race condition can exploit this vulnerability to gain SYSTEM privileges. This vulnerability has been exploited in the wild, and the risk is high.

Windows Mark of the Web Security Feature Bypass Vulnerability (CVE-2024-38213): An attacker could induce a target user to open a specially crafted malicious file to trigger the vulnerability. An attacker who successfully exploited this vulnerability could bypass the Windows Mark of the Web security feature. This vulnerability has been exploited in the wild, and the risk is high.

Microsoft Project Remote Code Execution Vulnerability (CVE-2024-38189): An attacker could induce a victim to open a malicious Microsoft Office Project file on the target system to trigger the vulnerability. Successful exploitation of this vulnerability can cause remote code execution on the target system. This vulnerability has been exploited in the wild, and the risk is high.

Scripting Engine Memory Corruption Vulnerability (CVE-2024-38178): An unauthenticated attacker could induce a target user to click a specially crafted URL to trigger the vulnerability. Successful exploitation of the vulnerability can cause remote code execution on the target system. This vulnerability has been exploited in the wild, and the risk is high.

Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability (CVE-2024-38199): An unauthenticated attacker could send a specially crafted print task to a shared vulnerable Windows Line Printer Daemon (LPD) service across a network. Successful exploitation could result in remote code execution on the server. The vulnerability has been disclosed, and the risk is high.

11 vulnerabilities (such as CVE-2024-38063, CVE-2024-38144, and CVE-2024-38150) are marked as Exploitation More Likely. For details, see the official announcement. Please perform security self-check and security hardening in a timely manner to reduce attack risks.

II. Severity

Severity: important

(Severity: low, moderate, important, and critical)

III. Affected Products

Products such as Microsoft Windows, Microsoft Office, Microsoft Dynamics and Azure.

IV. Vulnerability Details

(Note: Vulnerabilities listed above are important ones. For more information, refer to the official website of Microsoft.)

V. Security Recommendations

1. Use Windows Update or download patches from the following address to fix the vulnerabilities:

https://msrc.microsoft.com/update-guide

2. Back up data remotely to protect your data.

Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.